Closed Bug 173308 Opened 23 years ago Closed 22 years ago

Browser crashes when javascript closes a window [@ nsDocShell::InternalLoad]

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jesse.houwing, Assigned: adamlock)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

Attachments

(2 files)

Talkback report (zipped)
55.20 KB, application/octet-stream
Details
zack-weg's patch
765 bytes, patch
adamlock
: review+
alecf
: superreview+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b) Gecko/20020924 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b) Gecko/20020924 Open the above url. Next click the "CLICK HERE TO CLOSE THIS WINDOW and contact our claims department immediately" and see the browser crash. No talkback comes up. In other browsers ti asks if it can close the last window, and after that it opens a new window. This could be the problem, but I'm not using a debugbuild. Reproducible: Always Steps to Reproduce:
Status: UNCONFIRMED → NEW
Ever confirmed: true
WFM on BuildID 2002100711 on Win2KSP2. Doesn't crash for me, just closes the window with that page in. So if you have more than one window open mozilla stays open, if only have the one window open it closes mozilla. The relevant line of code is <a onClick="javascript:self.close();" target="_blank" href="adv617/adv.htm"> which other browsers might process in a different order.
I have tabs open, might this be the cause?
Ok, installed 2002100808 and tried again. It still crashes. and now Talkback does fire. I attached the report as a zipfile (was too large otherwise).
Jesse, If you look in the components dir under your Mozilla installation for the 0924 build I expect that you will not see talkback.exe. That is why Talkback didn't fire. Can you list the Talkback ID# for your most recent crash (10/08 build)?
Keywords: crash
Well it was there, and still didn't fire. even went back to the 20020924 build to test again, and talkback will not come up (it does come up with the newer build). Talkback id: TB12264495Y
Product ID MozillaTrunk Build ID 2002100808 Trigger Time 2002-10-08 12:07:51 Platform Win32 Operating System Windows NT 5.0 build 2195 Module docshell.dll URL visited User Comments Trigger Reason Access violation Source File Name c:/builds/seamonkey/mozilla/docshell/base/nsDocShell.cpp Trigger Line No. 4887 Stack Trace over to docshell. Incident #12264495 ------------------ nsDocShell::InternalLoad [c:/builds/seamonkey/mozilla/docshell/base/nsDocShell.cpp, line 4887] nsWebShell::OnLinkClickSync [c:/builds/seamonkey/mozilla/docshell/base/nsWebShell.cpp, line 659] OnLinkClickEvent::HandleEvent [c:/builds/seamonkey/mozilla/docshell/base/nsWebShell.cpp, line 477] PL_HandleEvent [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 645] PL_ProcessPendingEvents [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 578] nsEventQueueImpl::ProcessPendingEvents [c:/builds/seamonkey/mozilla/xpcom/threads/nsEventQueue.cpp, line 392]
Component: Browser-General → Embedding: Docshell
Summary: Browser crashes without talkback. → Browser crashes without talkback. [@ nsDocShell::InternalLoad]
*** Bug 178268 has been marked as a duplicate of this bug. ***
Keywords: nsbeta1
Summary: Browser crashes without talkback. [@ nsDocShell::InternalLoad] → Browser crashes with talkback. [@ nsDocShell::InternalLoad]
adt: nsbeta1-
Keywords: nsbeta1nsbeta1-
*** Bug 205506 has been marked as a duplicate of this bug. ***
reassign
Assignee: asa → adamlock
OS: Windows 2000 → All
QA Contact: asa → adamlock
Note the good testcase from bug 178268: http://www.flurdy.dsl.pipex.com/test.html Both dupes have better summaries than this bug. It's very hard to find with its current summary. Can anybody reproduce without user_pref("browser.block.target_new_window", true) ? I think you need it to reproduce. Proposed fix: Add null pointer check for |mCurrentURI| in nsDocShell.cpp, line 5012 ( http://lxr.mozilla.org/seamonkey/source/docshell/base/nsDocShell.cpp#5012 ). if (mDisallowPopupWindows) { PRBool bIsChromeOrResource = PR_FALSE; + if (mCurrentURI) + mCurrentURI->SchemeIs("chrome", &bIsChromeOrResource); - mCurrentURI->SchemeIs("chrome", &bIsChromeOrResource); if (!bIsChromeOrResource) { aURI->SchemeIs("chrome", &bIsChromeOrResource); I haven't tried this fix, but it seems to be obvious with Andrew's analysis in bug 205506. |aURI| is non-null in the testcase and has already a null pointer check in line 4919.
Analysis from bug 205506: stacktrace in attachment 123567 [details] (gdb) frame 6 5012 mCurrentURI->SchemeIs("chrome", &bIsChromeOrResource); (gdb) p mCurrentURI $1 = {mRawPtr = 0x0} zack-weg: your patch fixes the crash for me and seems reasonable. can you generate a cvs diff and attach it here as a patch?
Summary: Browser crashes with talkback. [@ nsDocShell::InternalLoad] → Browser crashes when javascript closes a window [@ nsDocShell::InternalLoad]
Attached patch zack-weg's patchSplinter Review
Attachment #125602 - Flags: review?(adamlock)
Comment on attachment 125602 [details] [diff] [review] zack-weg's patch r=adamlock
Attachment #125602 - Flags: review?(adamlock) → review+
Attachment #125602 - Flags: superreview?(alecf)
Comment on attachment 125602 [details] [diff] [review] zack-weg's patch sr=alecf
Attachment #125602 - Flags: superreview?(alecf) → superreview+
Adam: can you check this in?
I will as soon as the tree opens
Fix is checked in, many thanks for the patch.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Crash Signature: [@ nsDocShell::InternalLoad]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: