Closed
Bug 193847
Opened 23 years ago
Closed 23 years ago
crash with "pure virtual method called" on Javascript DOM modification
Categories
(Core :: DOM: Core & HTML, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla1.3final
People
(Reporter: robinson, Assigned: dbaron)
References
()
Details
(Keywords: crash, regression, Whiteboard: [patch] fixed1.3)
Attachments
(2 files, 1 obsolete file)
|
33.91 KB,
text/plain
|
Details | |
|
10.72 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
brendan
:
approval1.3+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3b) Gecko/20030210
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3b) Gecko/20030210
On the page <http://research.salutia.com/tiki/tiki-view_faq.php?faqId=1>,
clicking the "show comments" link at the bottom immediately crashes the browser
with "pure virtual method called", and no talkback window.
Reproducible: Always
Steps to Reproduce:
See details.
Actual Results:
Immediate crash with "pure virtual method called".
Expected Results:
Show comments.
|
||
Comment 1•23 years ago
|
||
|
|
||
Comment 2•23 years ago
|
||
==> DOM0 (?)
marking NEW
Assignee: asa → jst
Status: UNCONFIRMED → NEW
Component: Browser-General → DOM Level 0
Ever confirmed: true
Keywords: crash
QA Contact: asa → ashishbhatt
|
||
Comment 4•23 years ago
|
||
Actaully, it regressed between 2003010821 and 2003010905
In that range, there's bryner's checkin to deCOMify stylecontext. The code
that's most likely dying in nsElementSH::PostCreate is:
4575 const nsStyleDisplay* display;
4576 pctx->ResolveStyleContextAndGetStyleData(content, eStyleStruct_Display,
4577 (const nsStyleStruct*&) display);
4578 NS_ENSURE_TRUE(display, NS_ERROR_UNEXPECTED);
4579
4580 if (display->mBinding.IsEmpty()) {
Maybe we're getting garbage out for "display"?
|
Assignee | |
Comment 5•23 years ago
|
||
ResolveStyleContextAndGetStyleData is broken. One needs to hold on to the style
context while using the data. We should probably just remove the method.
|
|
||
Comment 6•23 years ago
|
||
Well, then we have a few options:
1) link all this code in with layout so it can use nsIStyleContext
2) Go back to using computed style (with the resulting perf hit)
3) Make the method clearly XBL-specific since this is the only user. eg, on
nsIPresContext:
NS_IMETHOD HasXBLBinding(nsIContent* aContent, PRBool* aHasBinding);
I like #3 myself, as a short-term measure....
Confirmed with build 2003021008 under Windows XP SP1.
Talkback ID: TB17296928Z
|
|
||
Comment 8•23 years ago
|
||
*** Bug 194181 has been marked as a duplicate of this bug. ***
|
|
||
Updated•23 years ago
|
OS: Linux → All
|
||
Comment 9•23 years ago
|
||
Is this something we're likely to run into a lot in the real world? Should this
block 1.3?
|
|
||
Comment 10•23 years ago
|
||
I'm surprised it's not come up more than it has -- we're basically reading
potentially garbage memory on some-to-all element creations.
If bryner has absolutely no time for this, I can try to whip up a patch... (but
I'm really swamped with trying to not fail a class or two right now, so I really
mean _absolutely_ no time).
Flags: blocking1.3?
|
|
Assignee | |
Comment 11•23 years ago
|
||
I can take it.
Priority: -- → P1
Whiteboard: [patch]
Target Milestone: --- → mozilla1.3final
|
|
Assignee | |
Comment 13•23 years ago
|
||
(I haven't tested this yet, since it's still recompiling.)
|
|
Assignee | |
Comment 14•23 years ago
|
||
Correct comment; remove extra whitespace.
Attachment #115278 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•23 years ago
|
Attachment #115280 -
Flags: superreview?(bzbarsky)
Attachment #115280 -
Flags: review?(bzbarsky)
|
|
||
Comment 15•23 years ago
|
||
Comment on attachment 115280 [details] [diff] [review]
patch
>+ nsCOMPtr<nsIStyleContext> sc;
>+ nsresult rv = ResolveStyleContextFor(aContent, nsnull, getter_AddRefs(sc));
>+ NS_ENSURE_SUCCESS(rv, rv);
That should be (as of bryner's landing today):
nsRefPtr<nsStyleContext> sc = ResolveStyleContextFor(aContent, nsnull);
NS_ENSURE_SUCCESS(sc, NS_ERROR_FAILURE);
r+sr=bzbarsky with that change.
Attachment #115280 -
Flags: superreview?(bzbarsky)
Attachment #115280 -
Flags: superreview+
Attachment #115280 -
Flags: review?(bzbarsky)
Attachment #115280 -
Flags: review+
|
||
Comment 16•23 years ago
|
||
shouldn't that be NS_ENSURE_TRUE rather than _FAILURE? |sc| is a pointer, not a
nsresult...
|
|
Assignee | |
Comment 17•23 years ago
|
||
I wrote this patch in a 1.3-branch tree, but when I move it to the trunk I'll do
that.
|
|
||
Comment 18•23 years ago
|
||
er, yes. I was thinking NS_ENSURE_TRUE and writing NS_ENSURE_SUCCESS... ;)
|
|
Assignee | |
Updated•23 years ago
|
Attachment #115280 -
Flags: approval1.3?
|
|
||
Updated•23 years ago
|
Attachment #115280 -
Flags: approval1.3? → approval1.3+
|
|
Assignee | |
Comment 19•23 years ago
|
||
Fix checked in to trunk, 2003-02-23 09:20 PST. Fix checked in to
MOZILLA_1_3_BRANCH, 2003-02-24 13:16 PST.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
|
|
||
Updated•23 years ago
|
Flags: blocking1.3?
|
|
||
Comment 20•23 years ago
|
||
*** Bug 195763 has been marked as a duplicate of this bug. ***
|
|
||
Updated•22 years ago
|
Whiteboard: [patch] → [patch] fixed1.3
You need to log in
before you can comment on or make changes to this bug.
Description
•