Closed Bug 85504 Opened 24 years ago Closed 24 years ago

M091 Editor crash [@ nsEditorShell::GetSelectedElement]

Categories

(Core :: DOM: Editor, defect, P2)

Product:
Core
Component:
DOM: Editor
Platform:
x86
Windows 98
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.3

People

(Reporter: greer, Assigned: sfraser_bugs)

References

(
URL
)

Details

(Keywords: crash, topcrash, Whiteboard: [crash][code] fix, review, approved, [nsBranch+,PDT+])

Crash Data

Attachments

(1 file)

nsEditorShell.cp fix
5.60 KB, patch
Details | Diff | Splinter Review
M091 talkback user reports point to a bug in the composer crashing at nsEditorShell::GetSelectedElement. Here are some user comments and the stack: (31593679) Comments: (see previous Talkback submittals) - in fact the main body of the file (rather than just the banner (31593513) Comments: (see previous Talkback submittals) - clicking on the topmost banner of \%windir%\readme.htm with either left or right mouse button causes the crash (31593463) Comments: (see previous Talkback submittal) just the one Moz window open this time (31593404) Comments: had a couple of Moz navigator windows open (31545053) Comments: editing local page (31531837) Comments: I had a webpage open in composer and attempted to toggle between the different views. (31528143) Comments: I was using composer.I loaded a webpage saved from http://www.e-zim.com/ but nothing appeared in the composer window. I selected a table element and tried to see if I could put a table into the apparently blank document at which point it crashed. (31507922) URL: www.city.academic.gr (31507922) Comments: Just poking around... (31473971) Comments: Opening a saved HTML file (saved by IE5) on Composer. Stack Trace: nsEditorShell::GetSelectedElement [d:\builds\seamonkey\mozilla\editor\base\nsEditorShell.cpp line 3471] XPTC_InvokeByIndex [d:\builds\seamonkey\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp line 139] XPCWrappedNative::CallMethod [d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednative.cpp line 1837] XPC_WN_CallMethod [d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp line 1242] js_Invoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c line 809] js_Interpret [d:\builds\seamonkey\mozilla\js\src\jsinterp.c line 2703] js_Invoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c line 825] js_InternalInvoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c line 897] JS_CallFunctionValue [d:\builds\seamonkey\mozilla\js\src\jsapi.c line 3322] nsJSContext::CallEventHandler [d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp line 937] nsJSEventListener::HandleEvent [d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp line 140] nsEventListenerManager::HandleEventSubType [d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp line 1120] nsEventListenerManager::HandleEvent [d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp line 2090] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp line 3631] PresShell::HandleDOMEventWithTarget [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 5562] nsPopupSetFrame::OnCreate [d:\builds\seamonkey\mozilla\layout\xul\base\src\nsPopupSetFrame.cpp line 653] nsPopupSetFrame::CreatePopup [d:\builds\seamonkey\mozilla\layout\xul\base\src\nsPopupSetFrame.cpp line 460] nsPopupSetBoxObject::CreatePopup [d:\builds\seamonkey\mozilla\layout\xul\base\src\nsPopupSetBoxObject.cpp line 140] XULPopupListenerImpl::LaunchPopup [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULPopupListener.cpp line 841] XULPopupListenerImpl::LaunchPopup [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULPopupListener.cpp line 689] XULPopupListenerImpl::PreLaunchPopup [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULPopupListener.cpp line 352] XULPopupListenerImpl::ContextMenu [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULPopupListener.cpp line 291] nsEventListenerManager::HandleEvent [d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp line 1403] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp line 3631] nsXULElement::HandleChromeEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp line 4595] GlobalWindowImpl::HandleDOMEvent [d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp line 619] nsDocument::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsDocument.cpp line 2882] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp line 1696] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp line 1696] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp line 1696] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp line 1696] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp line 1696] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp line 1696] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp line 1696] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp line 1696] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp line 1696] nsGenericHTMLElement::HandleDOMEventForAnchors [d:\builds\seamonkey\mozilla\content\html\content\src\nsGenericHTMLElement.cpp line 1148] nsHTMLAnchorElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLAnchorElement.cpp line 377] nsGenericDOMDataNode::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericDOMDataNode.cpp line 678] nsDOMDocumentType::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsDOMDocumentType.cpp line 234] PresShell::HandleEventInternal [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 5519] PresShell::HandleEvent [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 5441] nsView::HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp line 377] nsView::HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp line 350] nsView::HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp line 350] nsViewManager::DispatchEvent [d:\builds\seamonkey\mozilla\view\src\nsViewManager.cpp line 2051] HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp line 68] nsWindow::DispatchEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp line 716] nsWindow::DispatchWindowEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp line 733] nsWindow::DispatchMouseEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp line 4197] ChildWindow::DispatchMouseEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp line 4442] nsWindow::ProcessMessage [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp line 3176] nsWindow::WindowProc [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp line 980] KERNEL32.DLL + 0x363b (0xbff7363b) KERNEL32.DLL + 0x24407 (0xbff94407)
Adding crash, topcrash keywords for tracking. Also qawanted.
Keywords: crash, qawanted, topcrash
reporter: please include steps on how to reproduce this
Assignee: beppe → sfraser
Priority: -- → P2
Whiteboard: [crash][code]
Target Milestone: --- → mozilla0.9.3
I don't have a Win98 machine to repro this one, the user comments would be the best place to start: (31528143) Comments: I was using composer.I loaded a webpage saved from http://www.e-zim.com/ but nothing appeared in the composer window. I selected a table element and tried to see if I could put a table into the apparently blank document at which point it crashed. The QA contact may be able to help.
Severity: normal → critical
I can reproduce this on 2001060703/WinMe by following those steps: saving http://www.e-zom.com/ to the desktop, then reopining it with composer (page was blank), and crashing it with the table tool.
Keywords: nsenterprise
reviewed and approved
Keywords: nsBranch
to clarify my last entry: manager reviewed the need for the fix and agrees, approval for checkin to the trunk and branch after fix has received an r= and sr=, adding nsBranch keyword
I think what's happening here is that the page fails to load, because the www.e-zim.com is a frameset site, where the frames are referenced using relative URLs. So the subframes fail to load, and this somehow bypasses the code that editor has for frameset detection. We actually never make an editor on this page, so all the commands should remain disabled, but somehow the user succeeds in calling nsEditorShell::GetSelectedElement, which dereferences a null mEditor, and thus crashes. So there are at least two bugs here: 1. We fail to put up the 'frameset' warning when loading subframes fails. 2. On Win 98, you can execute commands that should be disabled.3. Some nsEditorShell API calls don't checke for a null editor.
Status: NEW → ASSIGNED
I just noticed that the original testcase is a non-frameset page (http:// www.city.academic.gr), tho that page does have a plugin. But I can't repro the crash on that page. This patch fixes the missing subframes problem, and does two things: 1. Bullet-proofs every API method that calls methods on mEditor will a NULL check. GetSelectedElement happened to be the one that we crashed in because it's called from command updating code (e.g. when you click on the menu bar). 2. The testcase was unusual in that, because both subframes fail to load, we got no OnProgress notifications before the page end notifcation, so we failed to check for frameset tags. I added a call to the parser observer to check for bad tags that will always get hit now. So, with this patch, composer refuses the edit the page because it contains a frameset. Akkana, can you r=? Blake, sr?
The changes look fine. (Do you want to reformat that clause at the end now that it has one fewer level of braces? Or is that just not showing up in the patch?) r=akkana
waterson, sr please?
Worth asserting when mEditor == 0? (Your comments on 2001-07-02 17:42 make me feel like this may be covering up another problem...) sr=waterson, either way.
Whiteboard: [crash][code] → [crash][code] fix, review, approved
nsBranch+
Whiteboard: [crash][code] fix, review, approved → [crash][code] fix, review, approved, nsBranch+
Random keyword shit.
Keywords: vtrunk
mark PDT+ to check into the branch. If possible, pls get this in for Friday am builds.
Whiteboard: [crash][code] fix, review, approved, nsBranch+ → [crash][code] fix, review, approved, [nsBranch+,PDT+]
Now fixed on trunk too!
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Editor no longer crashes when editing http://www.e-zim.com and we display the appropriate frame alert panel when doing File | Edit Page on a frame doc and also Opening the file from within composer. verified on 7/10 trunk build. removing vtrunk keyword. verified on 7/10 branch, marking VERIFIED-FIXED. Opened a new bug because when you browse a page with frames(http://www.e-zim.com and then do Save As from context menu, we should throw a frame alert panel. Instead we save it out as a blank NOFRAME page) Filed bug 90204 for this behavior.
Status: RESOLVED → VERIFIED
Keywords: vtrunk
Crash Signature: [@ nsEditorShell::GetSelectedElement]
Keywords: qawanted
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: