Closed Bug 145912 Opened 22 years ago Closed 22 years ago

crash while certify payment order in eBanka [@ nsHTMLTextAreaElement::GetValueInternal]

Categories

(Core :: Layout, defect)

x86
All
defect
Not set
critical

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: aha, Assigned: attinasi)

References

()

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

I'm crashing using 2002052008/trunk/Win2K after clicking 'Certify' button on
'NEW PAYMENT ORDER' page.

Repro:
1. login to eBanka (heh, restricted, for clients only)
   (using Mobile Electronic Key secured)
2. chose PAYMENTS, CONVERSIONS | Payment order
3. fill required form fields
4. hit Certify 
  (links to javascript:top.Program.RequiredTrSubmit('200','ACBlik');)

Actual: crash  Expected: something different =)

Stephen, should I ask you for TB6496701G or TB6496644K?
Keywords: crash
Bug doesn't affect branch builds (tested with 2002051806 and 2002052006).
Attached file XP generated.
I tested it on 2002051906 not present, but on 2002052008 under XP Pro I noticed
a crash when I push button Template. I will send here appcompat.txt done by XP.
yep, with 2002052008, it crash when you try to hit image with hyperlink assigned
(not at all - only when called function have parameters and is in other frames ?
i just try it a few times I can focus a little bit, but not now). what I want to
said - I belive this bug is occur not only on eBanka pages and if someone
without account want to replicate it try 
https://demo.ebanka.cz/demo/demo_02/cz/demo5.html
(it's just demo but with same scripts and mechanism like on normal bank pages) 
just find some buttons called "certifikuj", as it seems to me no one made full
english version of demo (https://demo.ebanka.cz/demo/demo_02/eng/demo.html) so I
can try to, but later. 
Confirming regards previous comments.
Status: UNCONFIRMED → NEW
Ever confirmed: true
  only notice - the crash occur (like in all previous bugs) in function
closeDocument() located in top_function.js
(in first bug this.frames.document points to null (as debugger said) and
javascript error occured.)
now this.frames.document point to HTMLdocument, this.frames.document.open point
to function (the same close, write), but calling some of them will cause crash.
Other way call of top.Main.document.open/close/write() will crash.
If u will browse menu for a while mozilla will crash (probably from the same
reason) too. It looks to me like some sort of buffer overflow - after a few
dynamic rendered pages mozilla crash. doesn't metter which page is to be
rendered, rendering only 1 page will after some time cause error too. I could
check if in script is everything closed and correct. But I think that any change
of page code will not help. 
nsHTMLTextAreaElement::GetValueInternal [nsHTMLTextAreaElement.cpp, line 440]
nsHTMLTextAreaElement::SaveState [nsHTMLTextAreaElement.cpp, line 958]
nsGenericHTMLContainerFormElement::SetDocument [nsGenericHTMLElement.cpp, line 4271]
nsGenericElement::SetDocumentInChildrenOf [nsGenericElement.cpp, line 1593]
nsGenericElement::SetDocument [nsGenericElement.cpp, line 1660]
nsGenericHTMLElement::SetDocument [nsGenericHTMLElement.cpp, line 1286]
nsGenericElement::SetDocumentInChildrenOf [nsGenericElement.cpp, line 1593]
nsGenericElement::SetDocument [nsGenericElement.cpp, line 1660]
nsGenericHTMLElement::SetDocument [nsGenericHTMLElement.cpp, line 1286]
nsGenericElement::SetDocumentInChildrenOf [nsGenericElement.cpp, line 1593]
nsGenericElement::SetDocument [nsGenericElement.cpp, line 1660]
nsGenericHTMLElement::SetDocument [nsGenericHTMLElement.cpp, line 1286]
nsGenericElement::SetDocumentInChildrenOf [nsGenericElement.cpp, line 1593]
nsGenericElement::SetDocument [nsGenericElement.cpp, line 1660]
nsGenericHTMLElement::SetDocument [nsGenericHTMLElement.cpp, line 1286]
nsGenericElement::SetDocumentInChildrenOf [nsGenericElement.cpp, line 1593]
nsGenericElement::SetDocument [nsGenericElement.cpp, line 1660]
nsGenericHTMLElement::SetDocument [nsGenericHTMLElement.cpp, line 1286]
nsGenericElement::SetDocumentInChildrenOf [nsGenericElement.cpp, line 1593]
nsGenericElement::SetDocument [nsGenericElement.cpp, line 1660]
nsGenericHTMLElement::SetDocument [nsGenericHTMLElement.cpp, line 1286]
nsHTMLBodyElement::SetDocument [nsHTMLBodyElement.cpp, line 647]
nsGenericHTMLContainerElement::RemoveChildAt [nsGenericHTMLElement.cpp, line 4124]
nsHTMLDocument::OpenCommon [nsHTMLDocument.cpp, line 2387]
nsHTMLDocument::Open [nsHTMLDocument.cpp, line 2529]
nsHTMLDocumentSH::DocumentOpen [nsDOMClassInfo.cpp, line 4553]
js_Invoke [jsinterp.c, line 790]
js_Interpret [jsinterp.c, line 2744]
js_Invoke [jsinterp.c, line 806]
js_Interpret [jsinterp.c, line 2744]
js_Invoke [jsinterp.c, line 806]
js_Interpret [jsinterp.c, line 2744]
js_Invoke [jsinterp.c, line 806]
js_Interpret [jsinterp.c, line 2744]
js_Invoke [jsinterp.c, line 806]
js_Interpret [jsinterp.c, line 2744]
js_Execute [jsinterp.c, line 970]
JS_EvaluateUCScriptForPrincipals [jsapi.c, line 3377]
nsJSContext::EvaluateString [nsJSEnvironment.cpp, line 703]
nsJSThunk::EvaluateScript [nsJSProtocolHandler.cpp, line 271]
nsJSChannel::AsyncOpen [nsJSProtocolHandler.cpp, line 608]
nsDocumentOpenInfo::Open [nsURILoader.cpp, line 175]
nsURILoader::OpenURIVia [nsURILoader.cpp, line 539]
nsURILoader::OpenURI [nsURILoader.cpp, line 500]
nsDocShell::DoChannelLoad [nsDocShell.cpp, line 5175]
nsDocShell::DoURILoad [nsDocShell.cpp, line 4954]
nsDocShell::InternalLoad [nsDocShell.cpp, line 4743]
nsWebShell::OnLinkClickSync [nsWebShell.cpp, line 629]
OnLinkClickEvent::HandleEvent [nsWebShell.cpp, line 462]
PL_HandleEvent [plevent.c, line 597]
PL_ProcessPendingEvents [plevent.c, line 530]
_md_EventReceiverProc [plevent.c, line 1078]
nsAppShellService::Run [nsAppShellService.cpp, line 451]
main1 [nsAppRunner.cpp, line 1472]
main [nsAppRunner.cpp, line 1808]
WinMain [nsAppRunner.cpp, line 1826]
WinMainCRTStartup()
KERNEL32.DLL + 0x17d08 (0x77e97d08) 
-> LAyout
Assignee: Matti → attinasi
Component: Browser-General → Layout
QA Contact: imajes-qa → petersen
jst, jkeiser - shouldn't this bug be regression of fixing bug 74091 or bug
134278? It appears firstly in 2002052008/trunk build.
OS: Windows 2000 → All
Summary: crash while certify payment order in eBanka → crash while certify payment order in eBanka [@ nsHTMLTextAreaElement::GetValueInternal]
Jkeiser, could you have a look at this?
Changing QA contact to amar
QA Contact: petersen → amar
Oh.  This should be gone now.  This was the "textarea does not exist" crash I
introduced.
Anyone, can you reproduce with a nightly from yesterday or today?
WFM 2002052108/Win2K -> Resolving as WORKSFORME.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → WORKSFORME
 Verified WFM
Status: RESOLVED → VERIFIED
Crash Signature: [@ nsHTMLTextAreaElement::GetValueInternal]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: