Bug 176201

Summary: Thunderbird Compose DeleteNode crash
Product: [Fedora] Fedora Reporter: Warren Togami <wtogami>
Component: thunderbirdAssignee: Christopher Aillon <caillon>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: pierre-bugzilla
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-01-12 20:56:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 150221    

Description Warren Togami 2005-12-20 04:55:00 UTC
This crash is pretty easy to reproduce in the thunderbird composer by doing a
procedure like this:
1) Compose
2) Paste a URL
3) Highlight select it
4) Hit ENTER a few times
Sometimes it doesn't work until the 3rd or 4th try, but it seems easy to
reproduce for me.

(gdb) bt
#0  0x01877cc4 in nsTextServicesDocument::DeleteNode (this=0xa5f1de8,
aChild=0xa8e3570) at nsTextServicesDocument.cpp:2532
#1  0x0187c765 in nsTSDNotifier::DidDeleteNode (this=0xa67b4a0,
aChild=0xa8e3570, aResult=0) at nsTSDNotifier.cpp:118
#2  0x018954d7 in nsEditor::DeleteNode (this=0xa56a680, aElement=0xa8e3570) at
#3  0x018275f1 in nsHTMLEditor::DeleteNode (this=0xa56a680, aNode=0xa8e3570) at
#4  0x0188567b in nsTextEditRules::DidDeleteSelection (this=0xa64b0e4,
aSelection=0xa63a448, aCollapsedAction=0, aResult=0)
    at nsTextEditRules.cpp:998
#5  0x01844296 in nsHTMLEditRules::DidDeleteSelection (this=0xa64b0e0,
aSelection=0xa63a448, aDir=0, aResult=0)
    at nsHTMLEditRules.cpp:2858
#6  0x0185a470 in nsHTMLEditRules::DidDoAction (this=0xa64b0e0,
aSelection=0xa63a448, aInfo=0xbfe20f30, aResult=0)
    at nsHTMLEditRules.cpp:641
#7  0x018830a6 in nsPlaintextEditor::DeleteSelection (this=0xa56a680, aAction=0)
at nsPlaintextEditor.cpp:754
#8  0x01857f1a in nsHTMLEditRules::WillInsertBreak (this=0xa64b0e0,
aSelection=0xa63a448, aCancel=0xbfe210f8,
    aHandled=0xbfe210f4) at nsHTMLEditRules.cpp:1522
#9  0x0185a329 in nsHTMLEditRules::WillDoAction (this=0xa64b0e0,
aSelection=0xa63a448, aInfo=0xbfe21090,
    aCancel=0xbfe210f8, aHandled=0xbfe210f4) at nsHTMLEditRules.cpp:599
#10 0x018818f9 in nsPlaintextEditor::InsertLineBreak (this=0xa56a680) at
#11 0x0187fcc0 in nsPlaintextEditor::TypedText (this=0xa56a680,
aString=@0xbfe21238, aAction=2) at nsPlaintextEditor.cpp:430
#12 0x01829e88 in nsHTMLEditor::TypedText (this=0xa56a680, aString=@0xbfe21238,
aAction=2) at nsHTMLEditor.cpp:1356
#13 0x01828b8c in nsHTMLEditor::HandleKeyPress (this=0xa56a680,
aKeyEvent=0xa8f2580) at nsHTMLEditor.cpp:1317
#14 0x0188987e in nsTextEditorKeyListener::KeyPress (this=0xa657cc0,
aKeyEvent=0xa8f2590) at nsEditorEventListeners.cpp:242
#15 0x0134c49a in nsEventListenerManager::HandleEvent (this=0xa639748,
aPresContext=0xa5e4898, aEvent=0xbfe21848,
    aDOMEvent=0xbfe214ac, aCurrentTarget=0xa635348, aFlags=514,
aEventStatus=0xbfe216b4) at nsEventListenerManager.cpp:141
#16 0x0130e3c2 in nsDocument::HandleDOMEvent (this=0xa635298,
aPresContext=0xa5e4898, aEvent=0xbfe21848,
    aDOMEvent=0xbfe214ac, aFlags=514, aEventStatus=0xbfe216b4) at
#17 0x01324a04 in nsGenericElement::HandleDOMEvent (this=0xa635798,
aPresContext=0xa5e4898, aEvent=0xbfe21848,
    aDOMEvent=0xbfe214ac, aFlags=519, aEventStatus=0xbfe216b4) at
#18 0x011bfb72 in PresShell::HandleEventInternal (this=0xa631a38,
aEvent=0xbfe21848, aView=0xa5e4db0, aFlags=513,
    aStatus=0xbfe216b4) at nsPresShell.cpp:6420
#19 0x011c5cd1 in PresShell::HandleEvent (this=0xa631a38, aView=0xa5e4db0,
aEvent=0xbfe21848, aEventStatus=0xbfe216b4,
    aForceHandle=1, aHandled=@0xbfe216b0) at nsPresShell.cpp:6203
#20 0x01415fc3 in nsViewManager::HandleEvent (this=0xa5e4d38, aView=0xa5e4db0,
aEvent=0xbfe21848, aCaptured=0)
    at nsViewManager.cpp:2512
#21 0x01418ec0 in nsViewManager::DispatchEvent (this=0xa5e4d38,
aEvent=0xbfe21848, aStatus=0xbfe217c8)
    at nsViewManager.cpp:2246
#22 0x0140f96e in HandleEvent (aEvent=0xbfe21848) at nsView.cpp:171
#23 0x076a4f20 in nsCommonWidget::DispatchEvent (this=0xa5e4e08,
aEvent=0xbfe21848, aStatus=@0xbfe218e0)
    at nsCommonWidget.cpp:219
#24 0x0769e10a in nsWindow::OnKeyPressEvent (this=0xa5e4e08, aWidget=0x92ed448,
aEvent=0x925f7f0) at nsWindow.cpp:1783
#25 0x0769e16b in key_press_event_cb (widget=0x92ed448, event=0x925f7f0) at
#26 0x03c3a2f3 in _gtk_marshal_BOOLEAN__BOXED (closure=0xa2fbce0,
return_value=0xbfe21a64, n_param_values=2,
    param_values=0xbfe21b70, invocation_hint=0xbfe21a50, marshal_data=0x769e11a)
at gtkmarshalers.c:83
#27 0x05ff2c9a in IA__g_closure_invoke (closure=0xa2fbce0,
return_value=0xbfe21a64, n_param_values=2,
    param_values=0xbfe21b70, invocation_hint=0xbfe21a50) at gclosure.c:490
#28 0x06003bb8 in signal_emit_unlocked_R (node=0x9323e48, detail=0,
instance=0x92ed448, emission_return=0xbfe21cf0,
    instance_and_params=0xbfe21b70) at gsignal.c:2449
#29 0x06004ee3 in IA__g_signal_emit_valist (instance=0x92ed448, signal_id=43,
at gsignal.c:2218
#30 0x060052d7 in IA__g_signal_emit (instance=0x92ed448, signal_id=43, detail=0)
at gsignal.c:2252
#31 0x03d17430 in gtk_widget_event_internal (widget=0x92ed448, event=0x925f7f0)
at gtkwidget.c:3735
#32 0x03d259a6 in IA__gtk_window_propagate_key_event (window=0x93480b0,
event=0x925f7f0) at gtkwindow.c:4517
#33 0x03d284f5 in gtk_window_key_press_event (widget=0x93480b0, event=0x925f7f0)
at gtkwindow.c:4547
#34 0x03c3a2f3 in _gtk_marshal_BOOLEAN__BOXED (closure=0x9323bd0,
return_value=0xbfe21f74, n_param_values=2,
    param_values=0xbfe22080, invocation_hint=0xbfe21f60, marshal_data=0x3d284b7)
at gtkmarshalers.c:83
#35 0x05ff1585 in g_type_class_meta_marshal (closure=0x9323bd0,
return_value=0xbfe21f74, n_param_values=2,
    param_values=0xbfe22080, invocation_hint=0xbfe21f60, marshal_data=0xcc) at
#36 0x05ff2c9a in IA__g_closure_invoke (closure=0x9323bd0,
return_value=0xbfe21f74, n_param_values=2,
    param_values=0xbfe22080, invocation_hint=0xbfe21f60) at gclosure.c:490
#37 0x060041f1 in signal_emit_unlocked_R (node=0x9323e48, detail=0,
instance=0x93480b0, emission_return=0xbfe22200,
    instance_and_params=0xbfe22080) at gsignal.c:2487
#38 0x06004ee3 in IA__g_signal_emit_valist (instance=0x93480b0, signal_id=43,
at gsignal.c:2218
#39 0x060052d7 in IA__g_signal_emit (instance=0x93480b0, signal_id=43, detail=0)
at gsignal.c:2252
#40 0x03d17430 in gtk_widget_event_internal (widget=0x93480b0, event=0x925f7f0)
at gtkwidget.c:3735
#41 0x03c348d4 in IA__gtk_propagate_event (widget=0x93480b0, event=0x925f7f0) at
#42 0x03c358e5 in IA__gtk_main_do_event (event=0x925f7f0) at gtkmain.c:1412
#43 0x03e5e203 in gdk_event_dispatch (source=0x9264dc0, callback=0,
user_data=0x0) at gdkevents-x11.c:2291
#44 0x0029c943 in IA__g_main_context_dispatch (context=0x9264e08) at gmain.c:1913
#45 0x0029f893 in g_main_context_iterate (context=0x9264e08, block=1,
dispatch=1, self=0x9304fd8) at gmain.c:2544
#46 0x0029fc3c in IA__g_main_loop_run (loop=0x952d070) at gmain.c:2748
#47 0x03c35d3c in IA__gtk_main () at gtkmain.c:991
#48 0x076a3ab6 in nsAppShell::Run (this=0x934e0a8) at nsAppShell.cpp:139
#49 0x0722cc86 in nsAppStartup::Run (this=0x934e068) at nsAppStartup.cpp:150
#50 0x0804fb71 in XRE_main (argc=1, argv=0xbfe228d4, aAppData=0x8067020) at
#51 0x0804b045 in main (argc=1, argv=0xbfe228d4) at nsMailApp.cpp:62
#52 0x0044562f in __libc_start_main () from /lib/libc.so.6
#53 0x0804afa1 in _start ()

Comment 1 Warren Togami 2006-01-06 02:49:43 UTC
I have reproduced this with both i386 and x86_64 thunderbird in rawhide.  Other
people in #fedora-devel have reported being able to reproduce it, while others
report they are unable to reproduce it.

Comment 2 Ray Strode [halfline] 2006-01-11 15:46:33 UTC
So, caillon and I played around with this a little bit today.  We got it to
crash once, but it's not really readily reproducable.  It took quite a bit of

Because it doesn't happen frequently, we're moving to Target.

Comment 3 Warren Togami 2006-01-11 16:54:13 UTC
It is very reproducible and it does happen frequently.

Comment 4 Warren Togami 2006-01-11 22:58:27 UTC
100% reproducible instructions:
1. Compose new
2. a
4. SHIFT+Up to highlight two lines

Cool!  caillon narrowed it down to the spell checker.  It wont crash if you
disable "Spell As You Type"

Comment 5 Christopher Aillon 2006-01-12 02:26:49 UTC
*** Bug 176227 has been marked as a duplicate of this bug. ***

Comment 6 Christopher Aillon 2006-01-12 20:56:48 UTC
Fixed in 1.5-0.5.6.rc1 and later (1.5-1 also has the fix)