Closed
Bug 194493
Opened 22 years ago
Closed 22 years ago
M130B Trunk crash when executing javascript command onmouseover [@ nsEventStateManager::GenerateMouseEnterExit ] [@ nsEventStateManager::DispatchMouseEvent]
Categories
(Core :: Layout, defect, P1)
Core
Layout
Tracking
()
RESOLVED
FIXED
mozilla1.3final
People
(Reporter: jomppa, Assigned: john)
References
()
Details
(Keywords: crash, testcase, topcrash+, Whiteboard: fixed1.3)
Crash Data
Attachments
(2 files, 1 obsolete file)
3.32 KB,
text/plain
|
Details | |
3.19 KB,
patch
|
saari
:
review+
bryner
:
superreview+
asa
:
approval1.3+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030221 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030221 In the page http://www.futurecrew.com/skaven/, the image changing (onmouseover) code crashes the mozilla. When using IE6.0SP1 the page works fine. I don't know whether this is a javascript or layout problem. Reproducible: Always Steps to Reproduce: 1.Open page http://www.futurecrew.com/skaven/ 2.Move mouse cursor on and around the images 3.The mozilla crashes Actual Results: The mozilla crashes instead of changing the picture. Expected Results: Change the picture layout using javascript or don't do anything (if the script language is not compatible with mozilla one) Mozilla version 1.3.20030.22105, module gklayout.dll versio 1.3.20030.22105, Address 0x000c3af5.
Comment 1•22 years ago
|
||
confirming using build 2003022202 on Win2k: TB17404345Q.
Comment 2•22 years ago
|
||
confirming BuildID 2003032108 on Win98: TB17404811W reminds me at Bug 186132 Crash mouseovering box with CSS - Trunk [@ nsEventStateManager::DispatchMouseEvent] but that one has been fixed Feb 20th.
Comment 3•22 years ago
|
||
confirming build 2003022122, Linux x86 talkback: TB17405741M
Updated•22 years ago
|
OS: Windows XP → All
Hardware: PC → All
Comment 4•22 years ago
|
||
REGRESSION between 2003021908 and 2003022008 faulty, but no crash on build IDs 2003021808 and -1908, crash with -2008 and -2108 Win98SP1, tested with one fresh profile for all tests, and fresh prorgammdirectory for each unzipped win32-talkback.zip. Can´t give TB-Nbrs, deleted one directory after sending, and the other one won´t send. URL and Bug-nbr noted in TB. faulty: Frontpage-generated. Left Images in the topframe are restored on mouseout, other images in topframe are replaced by ALT-text on first Mouseover, and with broken-Image-icon afterwards.
Stack indeed looks like the one in bug 186132. And the crash occured the third time i moused over an image
Comment 6•22 years ago
|
||
Confirming with a fresh CVS trunk build on WindowsME.
Assignee | ||
Comment 8•22 years ago
|
||
This fixes the crash. The problem is, mLastMouseOverFrame was being set to a frame that went away during the event. Even though we deal with this case entirely *within* DispatchMouseEvent, we don't take care of it in the callers. In this patch I made DispatchMouseEvent clear the frame *for* the callers. I have checked all callers and this looks like the right thing to do for them.
Assignee | ||
Comment 9•22 years ago
|
||
I like this patch better, it eliminates a variable. Please note that while this patch fixes the crash, there is an evangelism on this site--mouseovers will give you wrong images. They have an element like <a ... lowsrc="blah"> and they are expecting JavaScript element.lowsrc to give them the value of that attribute. That's not how it works. It may be that IE supports lowsrc and that's why it works there.
Attachment #115261 -
Attachment is obsolete: true
Assignee | ||
Updated•22 years ago
|
Attachment #115262 -
Flags: superreview?(bryner)
Attachment #115262 -
Flags: review?(saari)
Comment 10•22 years ago
|
||
stack from Linux debug build (CVS 10h ago): #0 0xdddddddd in ?? () #1 0x40ebf3ca in nsEventStateManager::GenerateMouseEnterExit ( this=0x42501348, aPresContext=0x41cb72f8, aEvent=0xbfffece0) at nsEventStateManager.cpp:2527 #2 0x40eb7f17 in nsEventStateManager::PreHandleEvent (this=0x42501348, aPresContext=0x41cb72f8, aEvent=0xbfffece0, aTargetFrame=0x42b6efb0, aStatus=0xbfffe9e4, aView=0x42b49bd0) at nsEventStateManager.cpp:373 #3 0x40d88ebb in PresShell::HandleEventInternal (this=0x425f3ea8, aEvent=0xbfffece0, aView=0x42b49bd0, aFlags=1, aStatus=0xbfffe9e4) at nsPresShell.cpp:6220 #4 0x40d88b5e in PresShell::HandleEvent (this=0x425f3ea8, aView=0x42b49bd0, aEvent=0xbfffece0, aEventStatus=0xbfffe9e4, aForceHandle=0, aHandled=@0xbfffe9e8) at nsPresShell.cpp:6150 #5 0x41bd43dd in nsViewManager::HandleEvent (this=0x427afa78, aView=0x42b55510, aEvent=0xbfffece0, aCaptured=0) at nsViewManager.cpp:2210 #6 0x41bc9c37 in nsView::HandleEvent (this=0x42b55510, aVM=0x427afa78, aEvent=0xbfffece0, aCaptured=0) at nsView.cpp:303 #7 0x41bd3b0f in nsViewManager::DispatchEvent (this=0x427afa78, aEvent=0xbfffece0, aStatus=0xbfffebcc) at nsViewManager.cpp:1942 #8 0x41bc9628 in HandleEvent (aEvent=0xbfffece0) at nsView.cpp:80 #9 0x4142d51f in nsWidget::DispatchEvent (this=0x42b57ee0, aEvent=0xbfffece0, aStatus=@0xbfffec7c) at nsWidget.cpp:1496 [...]
Keywords: stackwanted
Summary: crash when executing javascript command onmouseover → crash when executing javascript command onmouseover [@ nsEventStateManager::GenerateMouseEnterExit ]
Whiteboard: TB17404345Q
Comment 11•22 years ago
|
||
Comment on attachment 115262 [details] [diff] [review] Patch v1.1 spiff, r=saari
Attachment #115262 -
Flags: review?(saari) → review+
Comment 12•22 years ago
|
||
Adding testcase keyword and making topcrash+. Adding nsEventStateManager::DispatchMouseEvent to summary as well. Here is a recent Talkback incident for future reference: Incident ID 17444820 Stack Signature nsEventStateManager::DispatchMouseEvent 83cbc9d7 Email Address Product ID MozillaTrunk Build ID 2003022308 Trigger Time 2003-02-23 15:34:51 Platform Win32 Operating System Windows 98 4.10 build 67766222 Module GKLAYOUT.DLL URL visited http://www.futurecrew.com/skaven/ User Comments bugzilla 194493 Trigger Reason Access violation Source File Name c:/builds/seamonkey/mozilla/content/events/src/nsEventStateManager.cpp Trigger Line No. 2447 Stack Trace nsEventStateManager::DispatchMouseEvent [c:/builds/seamonkey/mozilla/content/events/src/nsEventStateManager.cpp, line 2447] nsEventStateManager::GenerateMouseEnterExit [c:/builds/seamonkey/mozilla/content/events/src/nsEventStateManager.cpp, line 2530] nsEventStateManager::PreHandleEvent [c:/builds/seamonkey/mozilla/content/events/src/nsEventStateManager.cpp, line 376] PresShell::HandleEventInternal [c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp, line 6223] PresShell::HandleEvent [c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp, line 6179] nsViewManager::HandleEvent [c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp, line 2208] nsView::HandleEvent [c:/builds/seamonkey/mozilla/view/src/nsView.cpp, line 309] nsViewManager::DispatchEvent [c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp, line 1944] HandleEvent [c:/builds/seamonkey/mozilla/view/src/nsView.cpp, line 83] nsWindow::DispatchEvent [c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 1117] nsWindow::DispatchWindowEvent [c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 1134] nsWindow::DispatchMouseEvent [c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 5374] ChildWindow::DispatchMouseEvent [c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 5629] nsWindow::ProcessMessage [c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 4065] nsWindow::WindowProc [c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 1401] KERNEL32.DLL + 0x363b (0xbff7363b) KERNEL32.DLL + 0x242e7 (0xbff942e7) 0x00658b66
Comment 13•22 years ago
|
||
Is this going to make it into Mozilla 1.3? The priority or target milestone still need to be set.
Summary: crash when executing javascript command onmouseover [@ nsEventStateManager::GenerateMouseEnterExit ] [@ nsEventStateManager::DispatchMouseEvent] → M130B Trunk crash when executing javascript command onmouseover [@ nsEventStateManager::GenerateMouseEnterExit ] [@ nsEventStateManager::DispatchMouseEvent]
Updated•22 years ago
|
Attachment #115262 -
Flags: superreview?(bryner) → superreview+
Assignee | ||
Updated•22 years ago
|
Attachment #115262 -
Flags: approval1.3?
Comment 14•22 years ago
|
||
Comment on attachment 115262 [details] [diff] [review] Patch v1.1 a=asa (on behalf of drivers) for checkin to 1.3
Attachment #115262 -
Flags: approval1.3? → approval1.3+
Assignee | ||
Comment 15•22 years ago
|
||
Fix checked in on 1.3. Leaving open until tree gets green and fix can be checked in to trunk.
Priority: -- → P1
Target Milestone: --- → mozilla1.3final
Assignee | ||
Comment 16•22 years ago
|
||
Checked in on trunk (checked in to 1.3 earlier). Happy day.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Updated•21 years ago
|
Whiteboard: fixed1.3
Updated•13 years ago
|
Crash Signature: [@ nsEventStateManager::GenerateMouseEnterExit ]
[@ nsEventStateManager::DispatchMouseEvent]
Updated•6 years ago
|
Product: Core → Core Graveyard
Updated•6 years ago
|
Component: Layout: Misc Code → Layout
Product: Core Graveyard → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•