Closed
Bug 102022
Opened 23 years ago
Closed 23 years ago
Mozilla crashes at above site
Categories
(Core :: DOM: Events, defect)
Tracking
()
People
(Reporter: radha, Assigned: joki)
References
()
Details
(Keywords: crash)
Attachments
(1 file)
279 bytes,
text/html
|
Details |
Steps to reproduce: ------------------- 1) Goto www.csuhayward.edu 2) Click on Campus directory in the left frame at the bottom. 3) Mozilla crashes immediately. The problem seems to be an infinite loop caused probably by bad javascript. Nav 4.x renders the page just fine. nsXULElement::QueryInterface(nsXULElement * const 0x03800510, const nsID & {...}, void * * 0x00033038) line 728 nsQueryInterface::operator()(const nsID & {...}, void * * 0x00033038) line 32 + 25 bytes nsCOMPtr<nsIContent>::assign_from_helper(const nsCOMPtr_helper & {...}, const nsID & {...}) line 971 + 18 bytes nsCOMPtr<nsIContent>::nsCOMPtr<nsIContent>(const nsQueryInterface & {...}) line 565 nsCOMPtr<nsIContent>::Assert_NoQueryNeeded() line 500 nsGetterAddRefs<nsIContent>::~nsGetterAddRefs<nsIContent>() line 1055 nsXULElement::HandleDOMEvent(nsXULElement * const 0x03dc53a0, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 3629 nsXULElement::HandleDOMEvent(nsXULElement * const 0x03dc5110, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 3699 nsXULElement::HandleChromeEvent(nsXULElement * const 0x03dc5120, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 5100 + 39 bytes GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x03efe4c0, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 616 nsDocument::HandleDOMEvent(nsDocument * const 0x04409490, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 3022 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04418860, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 1808 + 39 bytes nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x047ae720, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 1806 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04af9930, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 1806 nsHTMLFormElement::HandleDOMEvent(nsHTMLFormElement * const 0x04af9930, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 463 + 29 bytes nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04afeec0, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 1806 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04afa920, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 1806 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04afb270, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 1806 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04af8380, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 1806 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04af8320, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 4, nsEventStatus * 0x00034c20) line 1806 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04af8980, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00034914, unsigned int 1, nsEventStatus * 0x00034c20) line 1806 nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x04af8980, nsIPresContext * 0x0479b550, nsEvent * 0x00034bf8, nsIDOMEvent * * 0x00000000, unsigned int 1, nsEventStatus * 0x00034c20) line 1111 + 29 bytes nsHTMLInputElement::Select(nsHTMLInputElement * const 0x04af89ac) line 813 + 49 bytes XPTC_InvokeByIndex(nsISupports * 0x04af89ac, unsigned int 91, unsigned int 0, nsXPTCVariant * 0x00034e58) line 139 XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode CALL_METHOD) line 1952 + 42 bytes XPC_WN_CallMethod(JSContext * 0x03efe260, JSObject * 0x02a95ea0, unsigned int 0, long * 0x02b355dc, long * 0x00035090) line 1254 + 14 bytes js_Invoke(JSContext * 0x03efe260, unsigned int 0, unsigned int 0) line 807 + 23 bytes js_Interpret(JSContext * 0x03efe260, long * 0x00035e34) line 2719 + 15 bytes js_Invoke(JSContext * 0x03efe260, unsigned int 1, unsigned int 2) line 824 + 13 bytes js_InternalInvoke(JSContext * 0x03efe260, JSObject * 0x02a95ea0, long 44654464, unsigned int 0, unsigned int 1, long * 0x00036014, long * 0x00035f5c) line 899 + 20 bytes JS_CallFunctionValue(JSContext * 0x03efe260, JSObject * 0x02a95ea0, long 44654464, unsigned int 1, long * 0x00036014, long * 0x00035f5c) line 3380 + 31 bytes nsJSContext::CallEventHandler(nsJSContext * const 0x03efe450, void * 0x02a95ea0, void * 0x02a95f80, unsigned int 1, void * 0x00036014, int * 0x00036010, int 0) line 976 + 33 bytes nsJSEventListener::HandleEvent(nsJSEventListener * const 0x04afc510, nsIDOMEvent * 0x04261c34) line 155 + 74 bytes nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x04afc470, nsIDOMEvent * 0x04261c34, nsIDOMEventTarget * 0x04261bf0, unsigned int 8, unsigned int 7) line 1213 + 20 bytes nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x04afb9b0, nsIPresContext * 0x0479b550, nsEvent * 0x00036b00, nsIDOMEvent * * 0x0003681c, nsIDOMEventTarget * 0x04261bf0, unsigned int 7, nsEventStatus * 0x00036b28) line 1814 + 36 bytes nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04af8980, nsIPresContext * 0x0479b550, nsEvent * 0x00036b00, nsIDOMEvent * * 0x0003681c, unsigned int 1, nsEventStatus * 0x00036b28) line 1826 nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x04af8980, nsIPresContext * 0x0479b550, nsEvent * 0x00036b00, nsIDOMEvent * * 0x00000000, unsigned int 1, nsEventStatus * 0x00036b28) line 1111 + 29 bytes nsHTMLInputElement::Select(nsHTMLInputElement * const 0x04af89ac) line 813 + 49 bytes XPTC_InvokeByIndex(nsISupports * 0x04af89ac, unsigned int 91, unsigned int 0, nsXPTCVariant * 0x00036d60) line 139 XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode CALL_METHOD) line 1952 + 42 bytes XPC_WN_CallMethod(JSContext * 0x03efe260, JSObject * 0x02a95ea0, unsigned int 0, long * 0x02b355b8, long * 0x00036f98) line 1254 + 14 bytes js_Invoke(JSContext * 0x03efe260, unsigned int 0, unsigned int 0) line 807 + 23 bytes js_Interpret(JSContext * 0x03efe260, long * 0x00037d3c) line 2719 + 15 bytes js_Invoke(JSContext * 0x03efe260, unsigned int 1, unsigned int 2) line 824 + 13 bytes js_InternalInvoke(JSContext * 0x03efe260, JSObject * 0x02a95ea0, long 44654464, unsigned int 0, unsigned int 1, long * 0x00037f1c, long * 0x00037e64) line 899 + 20 bytes JS_CallFunctionValue(JSContext * 0x03efe260, JSObject * 0x02a95ea0, long 44654464, unsigned int 1, long * 0x00037f1c, long * 0x00037e64) line 3380 + 31 bytes
Comment 1•23 years ago
|
||
Confirming crash on Linux 2001092306; OS : Win --> All. The "Campus Directory" link is this URL, which provokes an immediate crash on load: http://imctwo.csuhayward.edu/public/staffdir/index.cfm?FuseAction=Advanced
OS: Windows 2000 → All
Comment 2•23 years ago
|
||
Comment 3•23 years ago
|
||
The reduced testcase loads in NN4.7, but crashes in Mozilla 20010923xx. Like the original site, it causes stack overflow with this HTML: <BODY onload=document.input.name.focus()> <P><B> DID THIS PAGE LOAD? IF SO, THE BUG HAS GONE AWAY - USED TO CRASH ON LOAD </B> <form name="input"> <INPUT TYPE="text" NAME="name" onClick="this.focus()" onFocus="this.select()" onSelect="this.select()"> </FORM> </BODY>
Comment 4•23 years ago
|
||
Not sure who is supposed to police this kind of recursive HTML, but it's not JS Engine. Reassigning to DOM Events for further triage -
Assignee: rogerl → joki
Component: Javascript Engine → DOM Events
QA Contact: pschwartau → vladimire
Comment 5•23 years ago
|
||
This is a duplicate of 77271 Need to filter recursive events to prevent crashes *** This bug has been marked as a duplicate of 77271 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•