Closed
Bug 144610
Opened 22 years ago
Closed 20 years ago
composer crash selecting a <form> text area [@ ntdll.dll - nsFrame::GetFrameFromDirection ]
Categories
(Core :: DOM: Editor, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 256835
People
(Reporter: lods, Assigned: mozeditor)
Details
(Keywords: crash)
Crash Data
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0rc1) Gecko/20020417 BuildID: 2002041711 There ara some "problems" when editing forms in composer. If at the "html source" panel you add code in order to do a form, then when editing (and selecting text) in the normal panel it crash. Reproducible: Always Steps to Reproduce: 1-Open composer 2-In the tabbed panel "html source" insert a line like: "This will crash :-( <input type="text" name="classe" size="35" value=""> " 3-Then go to Normal tabbed panel 4-Click after the word "crash". 5-Select ALL the line, press SHIFT + END (if you just press SHIFT+right arrow, you don't select the text area) 6-Press SHIFT+CTRL+left arrow (deselecting the text area of the form) 7- crash :-(((( If you add the tag <form> and </form> there is no diference Actual Results: craaaaaasssshhhhh ;) Expected Results: keep alive Incident: TB6286857Q Captured 15/05/02 01:26 Type: Program Crash: Comments: I'm going to write a bug When you open the composer for the first time, the source panel look like <html> <head> <title></title> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> </head> <body> <br> </body> </html> Then inside the body tags you add the "critical" line. There are othe incidents, in the 5 minuts before (+o-) But it's easily reproducibly, so you can make your own report ;) Hope it helps to improve MOZILLA!!!!
|
||
Comment 1•22 years ago
|
||
-->core based on stack
Assignee: syd → kin
Component: Editor: Composer → Editor: Core
--> mjudge (selection) We're blowing the stack because we get into infinite recursion during a PeekOffset() call: BRFrame::PeekOffset(BRFrame * const 0x04f1af04, nsIPresContext * 0x046df310, nsPeekOffsetStruct * 0x0012ca98) line 265 + 17 bytes nsTextFrame::PeekOffset(nsTextFrame * const 0x04f1af5c, nsIPresContext * 0x046df310, nsPeekOffsetStruct * 0x0012ca98) line 4290 + 29 bytes nsFrame::PeekOffset(nsFrame * const 0x04f1af04, nsIPresContext * 0x046df310, nsPeekOffsetStruct * 0x0012ca98) line 3465 + 29 bytes BRFrame::PeekOffset(BRFrame * const 0x04f1af04, nsIPresContext * 0x046df310, nsPeekOffsetStruct * 0x0012ca98) line 265 + 17 bytes nsTextFrame::PeekOffset(nsTextFrame * const 0x04f1af5c, nsIPresContext * 0x046df310, nsPeekOffsetStruct * 0x0012ca98) line 4290 + 29 bytes nsFrame::PeekOffset(nsFrame * const 0x04f1af04, nsIPresContext * 0x046df310, nsPeekOffsetStruct * 0x0012ca98) line 3465 + 29 bytes BRFrame::PeekOffset(BRFrame * const 0x04f1af04, nsIPresContext * 0x046df310, nsPeekOffsetStruct * 0x0012ca98) line 265 + 17 bytes nsTextFrame::PeekOffset(nsTextFrame * const 0x04f1af5c, nsIPresContext * 0x046df310, nsPeekOffsetStruct * 0x0012ca98) line 4290 + 29 bytes nsFrame::PeekOffset(nsFrame * const 0x04f1af04, nsIPresContext * 0x046df310, nsPeekOffsetStruct * 0x0012ca98) line 3465 + 29 bytes
Assignee: kin → mjudge
|
||
Comment 3•22 years ago
|
||
confirming bug, this also happens with a recent mozillla 1.2 nightly under windows 2000. Reproduced it by following the steps indicated talkbak id: TB12421173G btw. the shift + END in step 5 did NOT select the form fields
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 4•20 years ago
|
||
WFM. Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7b) Gecko/20040330 Microsoft Windows 2000 Pro 5.00.2195 SP4
|
||
Comment 5•20 years ago
|
||
I just reproduced this with original steps. Ginn Chen: Shouldn't your patch for bug 256835 solve also this crash? 2004082407/SeaMonkey-trunk/W2K -> TB664749Z: ntdll.dll + 0x4c114 (0x77fcc114) MSVCRT.DLL + 0x1532 (0x78001532) MSVCRT.DLL + 0x14cf (0x780014cf) nsFrame::GetFrameFromDirection [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsFrame.cpp, line 3913] nsTextFrame::PeekOffset [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsTextFrame.cpp, line 4254] nsFrame::PeekOffset [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsFrame.cpp, line 3625] BRFrame::PeekOffset [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsBRFrame.cpp, line 256] nsFrame::PeekOffset [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsFrame.cpp, line 3625] BRFrame::PeekOffset [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsBRFrame.cpp, line 256] nsTextFrame::PeekOffset [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsTextFrame.cpp, line 4257] nsFrame::PeekOffset [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsFrame.cpp, line 3625] BRFrame::PeekOffset [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsBRFrame.cpp, line 256] ... Reassigning to default owners.
Assignee: mjudge → mozeditor
QA Contact: sujay → bugzilla
Summary: composer crash selecting a <form> text area → composer crash selecting a <form> text area [@ ntdll.dll - nsFrame::GetFrameFromDirection ]
confirmed, mozilla will not crash with my patch of bug 256835
*** This bug has been marked as a duplicate of 256835 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
|
||
Updated•13 years ago
|
Crash Signature: [@ ntdll.dll - nsFrame::GetFrameFromDirection ]
You need to log in
before you can comment on or make changes to this bug.
Description
•