Closed Bug 199489 Opened 23 years ago Closed 23 years ago

Crash when changing an iframe's visibility from within that iframe (javascript:parent.document.getElementById('theiframe').style.display='none [@ nsDocShell::ScrollIfAnchor ]')

Categories

(Core :: DOM: CSS Object Model, defect, P2)

Product:
Core
Component:
DOM: CSS Object Model
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.4beta

People

(Reporter: s.a.moeller, Assigned: jst)

Details

(Keywords: crash, Whiteboard: [HAVE FIX])

Crash Data

Attachments

(3 files, 1 obsolete file)

Testcase
906 bytes, application/x-zip-compressed
Details
diff -w
3.50 KB, patch
adamlock
: review+
hjtoi-bugzilla
: superreview+
Details | Diff | Splinter Review
Same as above, but compiles :-)
7.34 KB, patch
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312 Mozilla crashes when you change the style.display attribute of an iframe within that iframe itself. Like this: parent.document.getElementById('theiframe').style.display='none' Reproducible: Always Steps to Reproduce: See testcase.
Attached file Testcase
(Zip file containing 2 HTML files)
Talkback ID: TB18526298X
Windows Version (Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312) crashes, too. But Mozilla 1.0.2 does not crash.
OS: Linux → All
stack from Linux CVS 20030324 (trunk) ###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().: 'mRawPtr != 0', file ../../dist/include/xpcom/nsCOMPtr.h, line 691 Break: at file ../../dist/include/xpcom/nsCOMPtr.h, line 691 Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1024 (LWP 2335)] 0x4176fa94 in nsDocShell::ScrollIfAnchor (this=0x8aa24d8, aURI=0x8adeab0, aWasAnchor=0xbfffec6c, aLoadType=2097153, cx=0xbfffec70, cy=0xbfffec74) at nsDocShell.cpp:5795 5795 shell->GoToAnchor(NS_LITERAL_STRING(""), PR_FALSE); (gdb) bt #0 0x4176fa94 in nsDocShell::ScrollIfAnchor (this=0x8aa24d8, aURI=0x8adeab0, aWasAnchor=0xbfffec6c, aLoadType=2097153, cx=0xbfffec70, cy=0xbfffec74) at nsDocShell.cpp:5795 #1 0x4176d5b3 in nsDocShell::InternalLoad (this=0x8aa24d8, aURI=0x8adeab0, aReferrer=0x8a76088, aOwner=0x0, aInheritOwner=1, aWindowTarget=0xbfffee60, aPostData=0x0, aHeadersData=0x0, aLoadType=2097153, aSHEntry=0x0, firstParty=1, aDocShell=0x0, aRequest=0x0) at nsDocShell.cpp:5092 #2 0x41776086 in nsWebShell::OnLinkClickSync (this=0x8aa24d8, aContent=0x8abec50, aVerb=eLinkVerb_Replace, aURI=0x8adeab0, aTargetSpec=0x80840ae, aPostDataStream=0x0, aHeadersDataStream=0x0, aDocShell=0x0, aRequest=0x0) at nsWebShell.cpp:602 #3 0x417b1573 in OnLinkClickEvent::HandleEvent (this=0x89d6568) at nsWebShell.cpp:474 #4 0x41775bde in HandlePLEvent (aEvent=0x89d6568) at nsWebShell.cpp:488 #5 0x406c6af5 in PL_HandleEvent (self=0x89d6568) at plevent.c:663 #6 0x406c694d in PL_ProcessPendingEvents (self=0x810c1c0) at plevent.c:593 #7 0x406c8716 in nsEventQueueImpl::ProcessPendingEvents (this=0x810bbe0) at nsEventQueue.cpp:387 #8 0x414ab876 in event_processor_callback (data=0x810bbe0, source=6, condition=GDK_INPUT_READ) at nsAppShell.cpp:194 #9 0x414ab3e1 in our_gdk_io_invoke (source=0x83488e0, condition=G_IO_IN, data=0x83488d0) at nsAppShell.cpp:73 Didn't find dupes, marking NEW.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
Hardware: PC → All
Summary: Crash when changing an iframe's visibility from within that iframe (javascript:parent.document.getElementById('theiframe').style.display='none') → Crash when changing an iframe's visibility from within that iframe (javascript:parent.document.getElementById('theiframe').style.display='none [@ nsDocShell::ScrollIfAnchor ]')
Attached patch Proposed fix (obsolete) — Splinter Review
Don't try to scroll if there's no presshell.
Attached patch diff -wSplinter Review
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [HAVE FIX]
Target Milestone: --- → mozilla1.4beta
Attachment #118676 - Flags: superreview?(heikki)
Attachment #118676 - Flags: review?(adamlock)
Attachment #118676 - Flags: superreview?(heikki) → superreview+
Comment on attachment 118676 [details] [diff] [review] diff -w r=adamlock
Attachment #118676 - Flags: review?(adamlock) → review+
Duh, I generated those patches before I had checked that this even compiled, and it didn't, and then I forgot to regenerate the diffs after testing :-). This is the same thing, only it moves the declaration of |rv| to make the compiler happy.
Attachment #118674 - Attachment is obsolete: true
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Crash Signature: [@ nsDocShell::ScrollIfAnchor ]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: