Closed Bug 341288 Opened 18 years ago Closed 17 years ago

Firefox crashes in certain usage involving iframe and javascript

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
1.5.0.x Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: vvv, Unassigned)

Details

(Keywords: crash, testcase)

Attachments

(2 files)

frame document for the testcase
497 bytes, text/html
Details
testcase
1008 bytes, text/html
Details 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060406 Firefox/1.5.0.4 (Debian-1.5.dfsg+1.5.0.4-1)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060406 Firefox/1.5.0.4 (Debian-1.5.dfsg+1.5.0.4-1)

firefox crashes in certain usage involving iframe and javascript - see below


Reproducible: Always

Steps to Reproduce:
1. create a file crashme.html (copy the content between the lines with the "=" signs):
===========================================
<html>
<head>
<title>This is a test</title>
<script>
	function openWin(){
		var edit_win = document.getElementById("edit_iframe");
		edit_win.style.display = "block";
		edit_win.style.left = 20;
		edit_win.style.top = document.body.scrollTop + 20;
		edit_win.width = 800;
		edit_win.height = 400;
	}
	function closeWin(){
		var edit_win = document.getElementById("edit_iframe");
		edit_win.style.display = "none";
	}
</script>
</head>
<body>
<iframe name="edit_iframe" id="edit_iframe" style="display: none; position: absolute;" src="crashme-iframe.html"></iframe>
<BR>
<BR>
<a href="javascript:openWin()">Click this</a><BR>
<a href="javascript:openWin()">Click this</a><BR>
<a href="javascript:openWin()">Click this</a><BR>
<BR>
<BR>
Some text<BR>
Some text<BR>
Some text<BR>
</body>
</html>
===========================================

2. create a file crashme-iframe.html (copy the content between the lines with the "=" signs):
===========================================
<html>
<head>
<title>This is a test</title>
<script>
function crashme() {
	if ( confirm("Do you want to continue?") ) {
		if (window.opener && !window.opener.closed)
			window.opener.closeWin();
		else
			parent.top.closeWin();
	}
}
</script>
</head>
<body bgcolor="#FFFFFF">
<div align="right">
<a href="javascript:crashme()">CRASH ME</a>
</div>
Some text<BR>
Some text<BR>
</body>
</html>
===========================================

3. put these files into the same directory, and start "firefox /path/to/crashme.html", where "/path/to/" is the avove-mentioned directory;
or put both files into a web server, and open the URL with crashme.html

4. click any of the "Click this" links (there are 3 of them); an iframe will become visible; click the "CRASH ME" link; a javascript confirm box will appear;
click "OK" in that javascript confirm box

Actual Results:  
at this point, firefox crashes with "Segmentation fault". (in some cases i had to repeat the step 4 2-3 times before this happens)

Expected Results:  
firefox should not crash
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9a1) Gecko/20060610 Minefield/3.0a1 - Build ID: 0000000000
WFM.

Can you reproduce this with an official Mozilla build of Firefox? If so, can you provide a Talkback ID please?
Keywords: crash
Summary: firefox crashes in certain usage involving iframe and javascript → Firefox crashes in certain usage involving iframe and javascript
Version: unspecified → 1.5.0.x Branch
yes, i've reproduced the crash in the official build - see the
Talkback ID TB19812118Y:
http://talkback-public.mozilla.org/search/start.jsp?search=2&type=iid&id=TB19812118Y

Workaround: If display="none" is set in a timeout then the crash doesn't happen.

I guess the reason is that in this case the iframe gets a chance to loose its focus before.
Attached file testcase 

    
    

    
  
Thanks for the clean report. The testcase works fine for me on Windows: trunk, 2.0, and 1.5.0.7. Is the testcase I attached correct? Can you still reproduce the bug?
If yes, would you mind posting a new talkback ID, since Philip was unable to process the one you posted. If you have time, testing with a recent trunk nightly build will be appreciated.

Keywords: testcase

    
    

    
  
I can't reproduce this on Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b2) Gecko/2007121016 Firefox/3.0b2

    
    

    
  
I can't reproduce on Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071128 Iceweasel/2.0.0.11 (Debian-2.0.0.11-1), so it was probably fixed between 1.5 and 2.0


    
    

    
  
Thanks for following up.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: