Ubuntu
firefox package

MASTER: Firefox Crash [@nsFormFillController::OnTextEntered] [@nsAutoCompleteController::EnterMatch] ... [@nsAutoCompleteController::HandleTab at #7]

Bug #93517 reported by compucoder
12
Affects Status Importance Assigned to Milestone
Mozilla Firefox
Fix Released
Critical
firefox (Ubuntu)
Fix Released
High
Mozilla Bugs

Bug Description

Binary package hint: firefox

I was on my Outlook OWA 2003 webmail - typed in my username, then hit tab and then it froze and after about 15 seconds the browser closed by itself. The page runs under SSL and the product is Micrsofot Outlook Web Access 2003.

I am on Feisty with all updates current.

ProblemType: Crash
Architecture: i386
Date: Sun Mar 18 17:24:20 2007
DistroRelease: Ubuntu 7.04
ExecutablePath: /usr/lib/firefox/firefox-bin
Package: firefox 2.0.0.2+1-0ubuntu1
PackageArchitecture: i386
ProcCmdline: /usr/lib/firefox/firefox-bin
ProcCwd: /home/ron
ProcEnviron:
 SHELL=/bin/bash
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_CA.UTF-8
Signal: 11
SourcePackage: firefox
StacktraceTop:
 ?? () from /lib/ld-linux.so.2
 raise () from /lib/tls/i686/cmov/libpthread.so.0
 ?? ()
 ?? ()
 ?? ()
Uname: Linux ron-laptop 2.6.20-11-generic #2 SMP Thu Mar 15 08:03:07 UTC 2007 i686 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy lpadmin netdev plugdev powerdev scanner video

Extract from the retraced stacktrace:

...
#3 <signal handler called>
#4 nsFormFillController::OnTextEntered (this=0x8ccd840, _retval=0xbfcda55c) at nsFormFillController.cpp:480
#5 nsAutoCompleteController::EnterMatch (this=0x8ccd898) at nsAutoCompleteController.cpp:1117
#6 nsAutoCompleteController::HandleEnter (this=0x8ccd898, _retval=0xbfcda5c4)
#7 nsAutoCompleteController::HandleTab (this=0x8ccd898) at nsAutoCompleteController.cpp:375
#8 nsFormFillController::KeyPress (this=0x8ccd840, aEvent=0x980ad98) at nsFormFillController.cpp:700
#9 nsEventListenerManager::HandleEvent (this=0x8b0d1a8, aPresContext=0x9ab70f0, aEvent=0xbfcdc728,
#10 nsXULElement::HandleDOMEvent (this=0x8b0cda8, aPresContext=0x9ab70f0, aEvent=0xbfcdc728,
#11 nsXULElement::HandleChromeEvent (this=0x8b0cda8, aPresContext=0x9ab70f0, aEvent=0xbfcdc728,
...

See original description
Revision history for this message
In , Olli-pettay (olli-pettay) wrote :

Created attachment 241703
possible patch

Bryner, since ::OnTextEntered is mainly you code, could you review.
This should fix the possible crash when ownerDocument is null or when mFocusedInput is null (if that is possible).

Other change is to set the return value to something.
That is based on this comment:
http://lxr.mozilla.org/seamonkey/source/toolkit/components/autocomplete/public/nsIAutoCompleteInput.idl#149
but it shouldn't actually change the functionality because the return value isn't actually handled: http://lxr.mozilla.org/seamonkey/source/toolkit/components/autocomplete/src/nsAutoCompleteController.cpp#1123

Revision history for this message
In , Bryner (bryner) wrote :

Comment on attachment 241703
possible patch

Should not be possible for mFocusedInput to be null, but better not to crash. Similarly, I don't know how a text input could be without an ownerDocument, but bulletproofing is fine.

Revision history for this message
In , Olli-pettay (olli-pettay) wrote :

ownerDocument is *not* guaranteed to be non-null.
Basically if something keeps a reference to a node, but document is deleted, then ownerDocument is null.

Revision history for this message
In , Martijn-martijn (martijn-martijn) wrote :

Is this something worth of the branch?

Revision history for this message
In , Olli-pettay (olli-pettay) wrote :

Apparently yes. There are some crashes also on 1.8.

Revision history for this message
In , Martijn-martijn (martijn-martijn) wrote :

*** Bug 371910 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Adam Guthrie (ispiked) wrote :

*** Bug 372535 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Adam Guthrie (ispiked) wrote :

Smaug, is there a reason you requested approval for 1.8.1.4 and not 1.8.1.3?

Revision history for this message
In , Gavin Sharp (gavin-sharp) wrote :

(In reply to comment #8)
> Smaug, is there a reason you requested approval for 1.8.1.4 and not 1.8.1.3?

He did ask for approval1.8.1.3, see bug activity. The flag was renamed to approval1.8.1.4 in preparation for a quicker than usual 1.8.1.3 release.

Revision history for this message
In , Gavin Sharp (gavin-sharp) wrote :

*** Bug 373247 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Dveditz (dveditz) wrote :

This became the run-away top crash in FF2.0.0.2 (more crashes than old stand-by 0x00000000 even), and don't appear on the lists for prior versions (with admitedly small populations remaining on older versions). Was this crash tickled by the password manager changes? Seems unlikely, but I don't think 2.0.0.2 made any other form-related changes.

Revision history for this message
compucoder (roncr) wrote : [apport] firefox-bin crashed with SIGSEGV in raise()

Binary package hint: firefox

I was on my Outlook OWA 2003 webmail - typed in my username, then hit tab and then it froze and after about 15 seconds the browser closed by itself. The page runs under SSL and the product is Micrsofot Outlook Web Access 2003.

I am on Feisty with all updates current.

ProblemType: Crash
Architecture: i386
Date: Sun Mar 18 17:24:20 2007
DistroRelease: Ubuntu 7.04
ExecutablePath: /usr/lib/firefox/firefox-bin
Package: firefox 2.0.0.2+1-0ubuntu1
PackageArchitecture: i386
ProcCmdline: /usr/lib/firefox/firefox-bin
ProcCwd: /home/ron
ProcEnviron:
 SHELL=/bin/bash
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_CA.UTF-8
Signal: 11
SourcePackage: firefox
StacktraceTop:
 ?? () from /lib/ld-linux.so.2
 raise () from /lib/tls/i686/cmov/libpthread.so.0
 ?? ()
 ?? ()
 ?? ()
Uname: Linux ron-laptop 2.6.20-11-generic #2 SMP Thu Mar 15 08:03:07 UTC 2007 i686 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy lpadmin netdev plugdev powerdev scanner video

Revision history for this message
compucoder (roncr) wrote :
Freddy Martinez (freddymartinez9)
Changed in firefox:
assignee: nobody → mozilla-bugs
status: Unconfirmed → Needs Info
Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote :

Thank you for submitting this bug report.

I'm taking it for retrace

Changed in firefox:
assignee: mozilla-bugs → hmontoliu
Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote :

Retrace done.

...
#4 nsFormFillController::OnTextEntered (this=0x8ccd840, _retval=0xbfcda55c) at nsFormFillController.cpp:480
        domDoc = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
        doc = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
        event = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
        privateEvent = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
        targ = {<nsCOMPtr_base> = {mRawPtr = 0xbfcda468}, <No data fields>}
        defaultActionEnabled = 0
#5 0xb579d960 in nsAutoCompleteController::EnterMatch (this=0x8ccd898) at nsAutoCompleteController.cpp:1117
        popup = {<nsCOMPtr_base> = {mRawPtr = 0x925d0f0}, <No data fields>}
        forceComplete = 0
...

compucoder, does it crashes always on that site? I mean, it's reproducible?

Tagging report as mt-confirm for further analysis.

Changed in firefox:
assignee: hmontoliu → mozilla-bugs
Revision history for this message
compucoder (roncr) wrote : Re: [Bug 93517] Re: [apport] firefox-bin crashed with SIGSEGV in raise()

This has only ever happened once. The site usually works well. So, short answer is no...

----- Original Message ----
From: Hilario J. Montoliu (hjmf) <email address hidden>
To: <email address hidden>
Sent: Monday, March 19, 2007 12:28:37 PM
Subject: [Bug 93517] Re: [apport] firefox-bin crashed with SIGSEGV in raise()

Retrace done.

...
#4 nsFormFillController::OnTextEntered (this=0x8ccd840, _retval=0xbfcda55c) at nsFormFillController.cpp:480
        domDoc = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
        doc = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
        event = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
        privateEvent = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
        targ = {<nsCOMPtr_base> = {mRawPtr = 0xbfcda468}, <No data fields>}
        defaultActionEnabled = 0
#5 0xb579d960 in nsAutoCompleteController::EnterMatch (this=0x8ccd898) at nsAutoCompleteController.cpp:1117
        popup = {<nsCOMPtr_base> = {mRawPtr = 0x925d0f0}, <No data fields>}
        forceComplete = 0
...

compucoder, does it crashes always on that site? I mean, it's
reproducible?

Tagging report as mt-confirm for further analysis.

** Attachment added: "Retraced Stacktrace"
   http://librarian.launchpad.net/6858653/retraced_Stacktrace.txt

** Summary changed:

- [apport] firefox-bin crashed with SIGSEGV in raise()
+ [feisty] Firefox Crashed [@nsFormFillController::OnTextEntered]

** Tags added: mt-confirm

** Tags removed: mt-needretrace

** Changed in: firefox (Ubuntu)
     Assignee: Hilario J. Montoliu (hjmf) => Mozilla Bugs

--
[feisty] Firefox Crashed [@nsFormFillController::OnTextEntered]
https://launchpad.net/bugs/93517

Revision history for this message
In , Olli-pettay (olli-pettay) wrote :

*** Bug 374785 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Dveditz (dveditz) wrote :

Comment on attachment 241703
possible patch

approved for 1.8.1.4, a=dveditz for release-drivers

Revision history for this message
In , Dveditz (dveditz) wrote :

(In reply to comment #11)
> Was this crash tickled by the password manager changes? Seems unlikely,
> but I don't think 2.0.0.2 made any other form-related changes.

bug 286933 was fixed in 1.8.1.2 and seems more directly relevant

Hilario J. Montoliu (hjmf) (hmontoliu)
Changed in firefox:
status: Needs Info → Confirmed
Hilario J. Montoliu (hjmf) (hmontoliu)
Changed in firefox:
importance: Undecided → High
Hilario J. Montoliu (hjmf) (hmontoliu)
description: updated
Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote : Re: MASTER: Firefox Crash [@nsFormFillController::OnTextEntered]

Marked upstream https://bugzilla.mozilla.org/show_bug.cgi?id=356007 as this crash shows the same backtrace that the one in upstream https://bugzilla.mozilla.org/show_bug.cgi?id=374785 which is a dup of the former.

Bug Watch Updater (bug-watch-updater)
Changed in firefox:
status: Unknown → Fix Released
Revision history for this message
AFouse (firefoxbug) wrote :

A bug which I reported, #107128, was marked as a dup of this. I've managed to reproduce the crash. Please see the other bug thread for details.

Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote :

Thank you AFouse for the test case (from bug #107128) :

...
I've discovered a way to reproduce the crash. Here are the steps I take:

- login to forum
- enter a specific board
- open an existing thread, not the one at the top
- click on "previous" to see the previous thread
- click on "reply" to reply to thread
- hit the tab key

At this point, Firefox always crashes.
...

Please, AFouse can you provide a link to the forum where this crash always happens.

Thank you

Revision history for this message
AFouse (firefoxbug) wrote :

I can't provide a link to the forum I've been using since it's a closed forum, but I've replicated the problem in another Simple Machines forum. I also discovered, in trying to replicate the problem elsewhere, that there's another piece to the puzzle. In order for the crash to happen, you have to login and check the choice to keep you logged in always. After you do that, close Firefox and return to the forum page so that you've been automatically logged in. If you don't do this, the crash doesn't happen.

Go to http://www.simplemachines.org/community/index.php and create a login there. Just so all of the step-by-step is in one place:

- create a login and check "always" for how long to leave you logged in
- login, then close Firefox and start a new instance opening the forum once again so you've been automatically logged in
- Click on one of the areas available (it doesn't seem to matter which one)
- Click on a topic in that area
- Click on either "previous" or "next"
- Click on reply at the bottom of that thread
- hit "tab"

At this point, Firefox always crashes for me.

Hope that helps!

Revision history for this message
Alexander Sack (asac) wrote : Re: [Bug 93517] Re: MASTER: Firefox Crash [@nsFormFillController::OnTextEntered]

On Tue, Apr 24, 2007 at 05:35:28PM -0000, AFouse wrote:
>
> At this point, Firefox always crashes for me.
>

Can you please try if running in -safe-mode helps:

In terminal/console start firefox like:
 # firefox -safe-mode

 - Alexander

Hilario J. Montoliu (hjmf) (hmontoliu)
Changed in firefox:
status: Confirmed → In Progress
Revision history for this message
In , Mailbox-partysaarfari (mailbox-partysaarfari) wrote :

I have those annoying crashs almost every day in forums.... when will it be fixed in firefox2 ?

Revision history for this message
In , Martijn-martijn (martijn-martijn) wrote :

Andreas, in the next security update, you can test it yourself, see:
http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2.0.0.4-candidates/rc1/

Revision history for this message
In , Steve-england (steve-england) wrote :

*** Bug 380367 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Jay-mozilla (jay-mozilla) wrote :

v.fixed on 1.8 branch and Trunk based on the latest Talkback data. Let's keep a close eye on topcrash reports for 2.0.0.4 after the release to make sure this is gone with no regressions.

Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote :

Probably bugs #93517 and #94184 are the same.

93517 - MASTER: Firefox Crash [@nsFormFillController::OnTextEntered] [@nsAutoCompleteController::EnterMatch] ... [@nsAutoCompleteController::HandleTab at #7]
94184 - MASTER firefox crashed [@nsFormFillController::OnTextEntered] [@nsAutoCompleteController::EnterMatch] ... [@nsFormFillController::KeyPress at #7]

Revision history for this message
Sjaak Laan (sjaak-laan) wrote :

I have the same problem.
When I open Outlook Web Access
When I login (automatically), Firefox crashes.

When I run FF in safe mode, I get:

firefox -safe-mode

(gecko:8112): Pango-WARNING **: failed to create cairo scaled font, expect ugly output. the offending font is 'DejaVu Serif Bold Oblique 17'

(gecko:8112): Pango-WARNING **: failed to create cairo scaled font, expect ugly output. the offending font is 'DejaVu Serif Bold Oblique 11.048828125'
Segmentation fault (core dumped)

I run firefoc 2.0.0.6 in Ubuntu Gutsy, kernel :
Linux ubuntix 2.6.22-10-generic #1 SMP Wed Aug 22 08:11:52 GMT 2007 i686 GNU/Linux

Revision history for this message
Alexander Sack (asac) wrote :

fix upstream long time ago.

Changed in firefox:
status: In Progress → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in firefox:
importance: Unknown → Critical
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.