Closed Bug 85504 Opened 23 years ago Closed 23 years ago

M091 Editor crash [@ nsEditorShell::GetSelectedElement]

Categories

(Core :: DOM: Editor, defect, P2)

Product:
Core
Component:
DOM: Editor
Platform:
x86
Windows 98
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.3

People

(Reporter: greer, Assigned: sfraser_bugs)

References

(
URL
)

Details

(Keywords: crash, topcrash, Whiteboard: [crash][code] fix, review, approved, [nsBranch+,PDT+])

Crash Data

Attachments

(1 file)

nsEditorShell.cp fix
5.60 KB, patch
Details | Diff | Splinter Review 
M091 talkback user reports point to a bug in the composer crashing at 
nsEditorShell::GetSelectedElement.

Here are some user comments and the stack:

(31593679) Comments: (see previous Talkback submittals) - in fact the main
body of the file (rather than just the banner
     (31593513) Comments: (see previous Talkback submittals) - clicking on the
topmost banner of \%windir%\readme.htm with either left or right mouse button
causes the crash
     (31593463) Comments: (see previous Talkback submittal) just the one Moz
window open this time
     (31593404) Comments: had a couple of Moz navigator windows open
     (31545053) Comments: editing local page
     (31531837) Comments: I had a webpage open in composer and attempted to
toggle between the different views.
     (31528143) Comments: I was using composer.I loaded a webpage saved from
http://www.e-zim.com/ but nothing appeared in the composer window.  I selected a
table element and tried to see if I could put a table into the apparently blank
document at which point it crashed.
     (31507922) URL: www.city.academic.gr
     (31507922) Comments: Just poking around...
     (31473971) Comments: Opening a saved HTML file (saved by IE5) on Composer.


Stack Trace: 

         nsEditorShell::GetSelectedElement
[d:\builds\seamonkey\mozilla\editor\base\nsEditorShell.cpp  line 3471]
         XPTC_InvokeByIndex
[d:\builds\seamonkey\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp 
line 139]
         XPCWrappedNative::CallMethod
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednative.cpp  line
1837]
         XPC_WN_CallMethod
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp 
line 1242]
         js_Invoke      [d:\builds\seamonkey\mozilla\js\src\jsinterp.c  line 
809]
         js_Interpret   [d:\builds\seamonkey\mozilla\js\src\jsinterp.c  line 
2703]
         js_Invoke      [d:\builds\seamonkey\mozilla\js\src\jsinterp.c  line 
825]
         js_InternalInvoke      [d:\builds\seamonkey\mozilla\js\src\jsinterp.c  
line 897]
         JS_CallFunctionValue   [d:\builds\seamonkey\mozilla\js\src\jsapi.c  
line 3322]
         nsJSContext::CallEventHandler
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp  line 937]
         nsJSEventListener::HandleEvent
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp  line 140]
         nsEventListenerManager::HandleEventSubType
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp  line
1120]
         nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp  line
2090]
         nsXULElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp  line
3631]
         PresShell::HandleDOMEventWithTarget
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp  line 5562]
         nsPopupSetFrame::OnCreate
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsPopupSetFrame.cpp  line 653]
         nsPopupSetFrame::CreatePopup
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsPopupSetFrame.cpp  line 460]
         nsPopupSetBoxObject::CreatePopup
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsPopupSetBoxObject.cpp  line
140]
         XULPopupListenerImpl::LaunchPopup
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULPopupListener.cpp 
line 841]
         XULPopupListenerImpl::LaunchPopup
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULPopupListener.cpp 
line 689]
         XULPopupListenerImpl::PreLaunchPopup
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULPopupListener.cpp 
line 352]
         XULPopupListenerImpl::ContextMenu
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULPopupListener.cpp 
line 291]
         nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp  line
1403]
         nsXULElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp  line
3631]
         nsXULElement::HandleChromeEvent
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp  line
4595]
         GlobalWindowImpl::HandleDOMEvent
[d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp  line 619]
         nsDocument::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsDocument.cpp  line 2882]
         nsGenericElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp  line 1696]
         nsGenericElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp  line 1696]
         nsGenericElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp  line 1696]
         nsGenericElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp  line 1696]
         nsGenericElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp  line 1696]
         nsGenericElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp  line 1696]
         nsGenericElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp  line 1696]
         nsGenericElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp  line 1696]
         nsGenericElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp  line 1696]
         nsGenericHTMLElement::HandleDOMEventForAnchors
[d:\builds\seamonkey\mozilla\content\html\content\src\nsGenericHTMLElement.cpp 
line 1148]
         nsHTMLAnchorElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLAnchorElement.cpp 
line 377]
         nsGenericDOMDataNode::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericDOMDataNode.cpp  line
678]
         nsDOMDocumentType::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsDOMDocumentType.cpp  line 234]
         PresShell::HandleEventInternal
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp  line 5519]
         PresShell::HandleEvent
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp  line 5441]
         nsView::HandleEvent    
[d:\builds\seamonkey\mozilla\view\src\nsView.cpp  line
377]
         nsView::HandleEvent    
[d:\builds\seamonkey\mozilla\view\src\nsView.cpp  line
350]
         nsView::HandleEvent    
[d:\builds\seamonkey\mozilla\view\src\nsView.cpp  line
350]
         nsViewManager::DispatchEvent
[d:\builds\seamonkey\mozilla\view\src\nsViewManager.cpp  line 2051]
         HandleEvent    [d:\builds\seamonkey\mozilla\view\src\nsView.cpp  line 
68]
         nsWindow::DispatchEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp  line 716]
         nsWindow::DispatchWindowEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp  line 733]
         nsWindow::DispatchMouseEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp  line 4197]
         ChildWindow::DispatchMouseEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp  line 4442]
         nsWindow::ProcessMessage
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp  line 3176]
         nsWindow::WindowProc
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp  line 980]
         KERNEL32.DLL + 0x363b (0xbff7363b)
         KERNEL32.DLL + 0x24407 (0xbff94407)
Adding crash, topcrash keywords for tracking. Also qawanted.
Keywords: crash, qawanted, topcrash
reporter: please include steps on how to reproduce this
Assignee: beppe → sfraser
Priority: -- → P2
Whiteboard: [crash][code]
Target Milestone: --- → mozilla0.9.3
I don't have a Win98 machine to repro this one, the user comments would be the
best place to start: 

(31528143) Comments: I was using composer.I loaded a webpage saved from
http://www.e-zim.com/ but nothing appeared in the composer window.  I selected a
table element and tried to see if I could put a table into the apparently blank
document at which point it crashed.

The QA contact may be able to help.
Severity: normal → critical
I can reproduce this on 2001060703/WinMe by following those steps: saving
http://www.e-zom.com/ to the desktop, then reopining it with composer (page was
blank), and crashing it with the table tool.
Keywords: nsenterprise
reviewed and approved
Keywords: nsBranch
to clarify my last entry:

manager reviewed the need for the fix and agrees, approval for checkin to the
trunk and branch after fix has received an r= and sr=, adding nsBranch keyword
I think what's happening here is that the page fails to load, because the
www.e-zim.com is a frameset site, where the frames are referenced using relative
URLs. So the subframes fail to load, and this somehow bypasses the code that
editor has for frameset detection. We actually never make an editor on this
page, so all the commands should remain disabled, but somehow the user succeeds
in calling nsEditorShell::GetSelectedElement, which dereferences a null mEditor,
and thus crashes.

So there are at least two bugs here:
1. We fail to put up the 'frameset' warning when loading subframes fails.
2. On Win 98, you can execute commands that should be disabled.3. Some
nsEditorShell API calls don't checke for a null editor.
Status: NEW → ASSIGNED
I just noticed that the original testcase is a non-frameset page (http://
www.city.academic.gr), tho that page does have a plugin. But I can't repro the 
crash on that page.

This patch fixes the missing subframes problem, and does two things:

1. Bullet-proofs every API method that calls methods on mEditor will a NULL
   check. GetSelectedElement happened to be the one that we crashed in because
   it's called from command updating code (e.g. when you click on the menu bar).

2. The testcase was unusual in that, because both subframes fail to load, we
   got no OnProgress notifications before the page end notifcation, so we failed
   to check for frameset tags. I added a call to the parser observer to check
   for bad tags that will always get hit now. So, with this patch, composer
   refuses the edit the page because it contains a frameset.

Akkana, can you r=? Blake, sr?

The changes look fine.  (Do you want to reformat that clause at the end now that
it has one fewer level of braces?  Or is that just not showing up in the patch?)
r=akkana
waterson, sr please?

Worth asserting when mEditor == 0? (Your comments on 2001-07-02 17:42 make me 
feel like this may be covering up another problem...)

sr=waterson, either way.
Whiteboard: [crash][code] → [crash][code] fix, review, approved
nsBranch+
Whiteboard: [crash][code] fix, review, approved → [crash][code] fix, review, approved, nsBranch+
Random keyword shit.
Keywords: vtrunk
mark PDT+ to check into the branch. If possible, pls get this in for Friday am
builds.
Whiteboard: [crash][code] fix, review, approved, nsBranch+ → [crash][code] fix, review, approved, [nsBranch+,PDT+]
Now fixed on trunk too!
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Editor no longer crashes when editing http://www.e-zim.com and we display
the appropriate frame alert panel when doing File | Edit Page on a frame
doc and also Opening the file from within composer.

verified on 7/10 trunk build. removing vtrunk keyword.

verified on 7/10 branch, marking VERIFIED-FIXED.

Opened a new bug because when you browse a page with frames(http://www.e-zim.com
and then do Save As from context menu, we should throw a frame alert panel.
Instead we save it out as a blank NOFRAME page) Filed bug 90204 for this
behavior.
Status: RESOLVED → VERIFIED
Keywords: vtrunk
Crash Signature: [@ nsEditorShell::GetSelectedElement]
Keywords: qawanted
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: