Closed Bug 115632 Opened 23 years ago Closed 23 years ago

crash addreffing (nsIWidget *) 0xdbdbdbdb when mEvent->eventStructType == NS_EVENT [@nsDOMEvent::GetClientX]

Categories

(Core :: DOM: Events, defect)

Product:
Core
Component:
DOM: Events
Platform:
x86
FreeBSD
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.8

People

(Reporter: timeless, Assigned: hewitt)

References

(
URL
)

Details

Attachments

(1 file, 1 obsolete file)

this should work
954 bytes, patch
timeless
: review+
alecf
: superreview+
Details | Diff | Splinter Review 
#0  0x29119ca1 in nsDOMEvent::GetClientX (this=0x295db800, aClientX=0xbfbf7ce0) at /home/timeless/mozilla/content/events/src/nsDOMEvent.cpp:679
679       NS_ADDREF(parent);
(gdb) where
#0  0x29119ca1 in nsDOMEvent::GetClientX (this=0x295db800, aClientX=0xbfbf7ce0) at /home/timeless/mozilla/content/events/src/nsDOMEvent.cpp:679
#1  0x2828b590 in XPTC_InvokeByIndex (that=0x295db808, methodIndex=18, paramCount=1, params=0xbfbf7ce0)
    at /home/timeless/mozilla/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_unixish_x86.cpp:153

(gdb) p parent
$1 = (nsIWidget *) 0xdbdbdbdb
(gdb) p mEvent->eventStructType
$6 = 1 '\001'

Full stack trace available. This was triggered with a custom dom event.

I have a simple fix. remove the highlighted line.
w/ the obvious change, we die at the next logical point:
#0  0x2911a13d in nsDOMEvent::GetClientY (this=0x295db800, aClientY=0xbfbf7c64) at /home/timeless/mozilla/content/events/src/nsDOMEvent.cpp:732
732       NS_ADDREF(parent);
(gdb) p parent
$1 = (nsIWidget *) 0x8d
(gdb)  p mEvent->eventStructType
$2 = 1 '\001'

    
    

    
  
You can't remove those lines, I added them in a few weeks ago so that custom dom
events, specifically the popup events, can have mouse coordinates.

    
  
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.8

    
    

    
  

      
      
      
      

        Attached patch
          
          
        this should workSplinter Review
      

    


  

        Attachment #61991 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 63872 [details] [diff] [review]
this should work

i don't understand it, but it works.

        Attachment #63872 -
        Flags: review+

    
    

    
  
alecf: would you sr=?
Keywords: mozilla0.9.8

    
    

    
  
Comment on attachment 63872 [details] [diff] [review]
this should work

sr=alecf

        Attachment #63872 -
        Flags: superreview+

    
    

    
  
fixed
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

    
    

    
  
Can one of the developer's please verify?

    
    

    
  
suuure, it's verified
Status: RESOLVED → VERIFIED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: