Ubuntu
firefox-3.0 package

  1. Bug #212092
  2. Comment #9

Comment 9 for bug 212092

Revision history for this message
In , Stransky (stransky) wrote :

I can confirm the crash. Here is a backtrace from debug build:

#0 0x00002aaaac7a0a2e in ReleaseObjects (aElement=0x2aaabc143ce0) at nsCOMArray.cpp:151
#1 0x00002aaaac7a63cf in nsVoidArray::EnumerateForwards (this=0x2aaabc143e20, aFunc=0x2aaaac7a0a04 <ReleaseObjects>,
    aData=0x0) at nsVoidArray.cpp:678
#2 0x00002aaaac7a0a67 in nsCOMArray_base::Clear (this=0x2aaabc143e20) at nsCOMArray.cpp:158
#3 0x00002aaaac6f9347 in nsCOMArray<nsIAccessibleEvent>::Clear (this=0x2aaabc143e20)
    at ../../../dist/include/xpcom/nsCOMArray.h:217
#4 0x00002aaaac6f2ef0 in nsDocAccessible::FlushPendingEvents (this=0x2aaabc143cf0) at nsDocAccessible.cpp:1639
#5 0x00002aaaac6ef7df in nsDocAccessible::FlushEventsCallback (aTimer=0x2aaabc235190, aClosure=0x2aaabc143d98)
    at nsDocAccessible.cpp:1655
#6 0x00002aaaac811266 in nsTimerImpl::Fire (this=0x2aaabc235190) at nsTimerImpl.cpp:400
#7 0x00002aaaac81147a in nsTimerEvent::Run (this=0x2aaabc2c1b50) at nsTimerImpl.cpp:490
#8 0x00002aaaac80bd70 in nsThread::ProcessNextEvent (this=0x67d390, mayWait=1, result=0x7fffed5639bc) at nsThread.cpp:510
#9 0x00002aaaac7a998c in NS_ProcessNextEvent_P (thread=0x67d390, mayWait=1) at nsThreadUtils.cpp:227
#10 0x00002aaaac6aa9bc in nsBaseAppShell::Run (this=0x83ce90) at nsBaseAppShell.cpp:170
#11 0x00002aaaac46c0e6 in nsAppStartup::Run (this=0x94bdd0) at nsAppStartup.cpp:181
#12 0x00002aaaab8f91be in XRE_main (argc=1, argv=0x7fffed5675c8, aAppData=0x626e60) at nsAppRunner.cpp:3154
#13 0x0000000000401785 in main (argc=1, argv=0x7fffed5675c8) at nsXULStub.cpp:348
#14 0x00000038fc21e074 in __libc_start_main () from /lib64/libc.so.6
#15 0x0000000000400f39 in _start ()

aElement doesn't seem to be valid:

#0 0x00002aaaac7a0a2e in ReleaseObjects (aElement=0x2aaabc143ce0) at nsCOMArray.cpp:151
(gdb) p aElement
$5 = (void *) 0x2aaabc143ce0
(gdb) p* element
$6 = {_vptr.nsISupports = 0x5}

(gdb) up
#1 0x00002aaaac7a63cf in nsVoidArray::EnumerateForwards (this=0x2aaabc143e20, aFunc=0x2aaaac7a0a04 <ReleaseObjects>,
    aData=0x0) at nsVoidArray.cpp:678
(gdb) info locals
index = 0
running = 1
(gdb) p mImpl->mCount
$12 = 10922