Closed
Bug 246012
Opened 20 years ago
Closed 20 years ago
[FIXr]M17 Crash when pressing f6 on page with iframe and applied custom CSS style [@ nsEventStateManager::IsIFrameDoc ]
Categories
(Core :: DOM: UI Events & Focus Handling, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla1.8beta1
People
(Reporter: joost, Assigned: bzbarsky)
References
Details
(5 keywords)
Crash Data
Attachments
(5 files, 1 obsolete file)
508 bytes,
application/x-zip
|
Details | |
2.11 KB,
text/plain
|
Details | |
244 bytes,
text/html
|
Details | |
127 bytes,
text/html
|
Details | |
2.38 KB,
patch
|
jst
:
review+
jst
:
superreview+
mkaply
:
approval1.7.5+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608 Firefox/0.8.0+ Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608 Firefox/0.8.0+ When using *[src*="?ad"] { display: none !important } to hide ads in userContent.css firefox and mozilla suite ( FF 0.9rc and Mozilla Suite 1.7rc3) crash when an iframe is present containing : <iframe src="?ad=1"></iframe> Reproducible: Always Steps to Reproduce: 1. Add stylesheet rule to userContent.css 2. load page with iframe 3. press f6 Actual Results: The browser crashed. I've entered a report in the talkback agent (id TB81055W) and made a testcase. Both mozilla suite en firefox were tested with a clean profile.
Reporter | ||
Comment 1•20 years ago
|
||
Added testcase with userContent style rule, and html containing the iFrame
Comment 2•20 years ago
|
||
Updated•20 years ago
|
Keywords: crash
Summary: Crash when pressing f6 on page with iframe and applied custom CSS style → Crash when pressing f6 on page with iframe and applied custom CSS style [@ nsEventStateManager::IsIFrameDoc ]
Comment 3•20 years ago
|
||
Reporter | ||
Comment 4•20 years ago
|
||
In the firefox bug forum mw reduced the testcase even further. Only press F6 to crash the browser. Seems like the problem is display: none; in combination with a src="?a" it won't crash with only src="?" or only src="a", however it will crash when replacing the a with some more random characters.
Comment 5•20 years ago
|
||
also crashing on Linux using FF trunk 20040604: TB82028.
OS: Windows XP → All
Reporter | ||
Comment 6•20 years ago
|
||
(In reply to comment #4) > Created an attachment (id=150348) > online testcase 2 Hmm..this is weird. The local html file i used for this testcase crashes when pressing F6, but the version here on bugzilla won't crash. The code is exactly the same.
OS: All → Windows XP
Reporter | ||
Updated•20 years ago
|
OS: Windows XP → All
Comment 7•20 years ago
|
||
Sounds like a dupe of bug 146255 (same callstack) but that one is supposed to be fixed.
Comment 8•20 years ago
|
||
The online testcase 2 does not crash on me, using: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a2) Gecko/2004-06-01 Firefox/0.8.0+ But it does crash, using: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a2) Gecko/2004-06-02 Firefox/0.8.0+
Reporter | ||
Comment 9•20 years ago
|
||
online testcase 2 crashes here when i save it to a local file with firefox 0.9rc and mozilla suite 1.7rc3 (Without the css rule in userContent.css) It doesn't crash in both browser when i use the online testcase online here. However, when i add the css rule in userContent.css it crashes both browsers (online and local)
Assignee | ||
Comment 10•20 years ago
|
||
This is probably the same issue as bug 146255, just with a different docshell...
Assignee: general → events
Status: UNCONFIRMED → NEW
Component: Browser-General → Event Handling
Ever confirmed: true
QA Contact: general → ian
Assignee | ||
Comment 11•20 years ago
|
||
I can't actually reproduce this crash in my devel build; can someone seeing the crash test the patch?
Assignee | ||
Updated•20 years ago
|
Attachment #150365 -
Flags: superreview?(jst)
Attachment #150365 -
Flags: review?(jst)
Comment 12•20 years ago
|
||
Comment on attachment 150365 [details] [diff] [review] This should fix it PRBool nsEventStateManager::IsIFrameDoc(nsIDocShell* aDocShell) { + // XXXbz wouldn't it be better to use our window's owning content + // and not deal with all this mess? Um, yes, it would... + // The parent docshell may not have a presshell, so just get the + // document directly. + nsCOMPtr<nsIDocument> parentDoc = do_GetInterface(parentItem); + if (!parentDoc) { + NS_ERROR("We're a child of a docshell without a document?"); + return PR_FALSE; + } Unless I missed something, do_GetInterface() to an nsIDocument on a docshell will always return null. nsIDOMDocument would work, but not nsIDocument. r+sr=jst with the above fixed.
Attachment #150365 -
Flags: superreview?(jst)
Attachment #150365 -
Flags: superreview+
Attachment #150365 -
Flags: review?(jst)
Attachment #150365 -
Flags: review+
Assignee | ||
Comment 13•20 years ago
|
||
I'm not going to get a chance to really build-and-test this until July 11 at this point... if someone can start with the attached patch and adjust it per jst's review, that would be great.
Comment 14•20 years ago
|
||
(In reply to comment #11) > I can't actually reproduce this crash in my devel build; can someone seeing the > crash test the patch? I've applied the patch and rebuild my firefox build. It doesn't crash anymore with the patch applied. Instead, I get an ASSERTION: We're a child of a docshell without a document?: 'Error', file C:/mozilla/mozilla/content/events/src/nsEventStateManager.cpp, line 5204 F6 doesn't seem to select the url bar anymore with the patched build in this testcase. By the way, the testcase does seem to crash also the 1.7 branch. At least it crashes with me, using: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/2004-06-08 Firefox/0.8.0+
Comment 15•20 years ago
|
||
Adding topcrash keyword since I see a few of these crashes in early M17 Talkback data and it's easily reproducible.
Keywords: topcrash
Summary: Crash when pressing f6 on page with iframe and applied custom CSS style [@ nsEventStateManager::IsIFrameDoc ] → M17 Crash when pressing f6 on page with iframe and applied custom CSS style [@ nsEventStateManager::IsIFrameDoc ]
Updated•20 years ago
|
Flags: blocking1.8a2?
Updated•20 years ago
|
Attachment #150365 -
Flags: approval1.7.1?
Updated•20 years ago
|
Flags: blocking1.8a2?
Assignee | ||
Comment 16•20 years ago
|
||
Attachment #150365 -
Attachment is obsolete: true
Assignee | ||
Comment 17•20 years ago
|
||
Comment on attachment 153244 [details] [diff] [review] Patch updated to comments jst, how's this?
Attachment #153244 -
Flags: superreview?(jst)
Attachment #153244 -
Flags: review?(jst)
Comment 18•20 years ago
|
||
Comment on attachment 153244 [details] [diff] [review] Patch updated to comments r+sr=jst
Attachment #153244 -
Flags: superreview?(jst)
Attachment #153244 -
Flags: superreview+
Attachment #153244 -
Flags: review?(jst)
Attachment #153244 -
Flags: review+
Assignee | ||
Updated•20 years ago
|
Attachment #150365 -
Flags: approval1.7.2?
Assignee | ||
Comment 19•20 years ago
|
||
Taking.
Assignee: events → bzbarsky
Priority: -- → P1
Summary: M17 Crash when pressing f6 on page with iframe and applied custom CSS style [@ nsEventStateManager::IsIFrameDoc ] → [FIXr]M17 Crash when pressing f6 on page with iframe and applied custom CSS style [@ nsEventStateManager::IsIFrameDoc ]
Target Milestone: --- → mozilla1.8beta
Assignee | ||
Comment 20•20 years ago
|
||
Checked in for 1.8a3 or 1.8b or whatever this next milestone is.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 21•20 years ago
|
||
Comment on attachment 153244 [details] [diff] [review] Patch updated to comments I think this is worth taking on the 1.7 branch.
Attachment #153244 -
Flags: approval1.7.2?
Comment 22•20 years ago
|
||
Comment on attachment 153244 [details] [diff] [review] Patch updated to comments a=mkaply - what about aviary?
Attachment #153244 -
Flags: approval1.7.2? → approval1.7.2+
Comment 24•20 years ago
|
||
Anything with 1.7 branch approval has automatic approval for aviary, doesn't it? I guess someone will sync up aviary with the 1.7.2 changes at some point anyway...
Whiteboard: needed-aviary1.0
Comment 25•20 years ago
|
||
Given bug 254539 affecting Firefox and maybe dupe of this one, nominating for Aviary 1.0PR (in addition to the whiteboard, sorry if it's redundant) to make sure it's in the scope when quering all blocking-aviary bugs.
Flags: blocking-aviary1.0PR?
Comment 26•20 years ago
|
||
*** Bug 254539 has been marked as a duplicate of this bug. ***
Keywords: fixed-aviary1.0
Whiteboard: needed-aviary1.0
Updated•20 years ago
|
Flags: blocking-aviary1.0PR?
Comment 27•20 years ago
|
||
*** Bug 255254 has been marked as a duplicate of this bug. ***
Updated•13 years ago
|
Crash Signature: [@ nsEventStateManager::IsIFrameDoc ]
Updated•5 years ago
|
Component: Event Handling → User events and focus handling
You need to log in
before you can comment on or make changes to this bug.
Description
•