Closed Bug 86313 Opened 23 years ago Closed 23 years ago

Invalid page fault in JSDOM.DLL

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.2

People

(Reporter: basic, Assigned: jst)

Details

(Keywords: crash, Whiteboard: [HAVE FIX] r=jag, sr=me)

Attachments

(5 files)

testcase (left frame)
151 bytes, text/html
Details
actual testcase (main file)
351 bytes, text/html
Details
testcase that actually works
358 bytes, text/html
Details
Full stack trace
4.44 KB, text/plain
Details
patch for this bug and a couple of its clones
1.49 KB, patch
Details | Diff | Splinter Review 
Build 2001061520 win32 talkback installer sea trunk

In the to be attached testcase when pressing on the "test" button it causes a
crash. Not sure how to describe this bug any further.
Attached file testcase (left frame) 

    
    

    
  


  

    
    

    
  


  

    
    

    
  
confirming with win2k build 20010613 (CVS debug) and 0617 (CVS opt)

A part of the stack :
GlobalWindowImpl::GetScrollY(GlobalWindowImpl * const 0x0360a704, int * 
0x0012d620) line 1507 + 17 bytes
GlobalWindowImpl::GetPageYOffset(GlobalWindowImpl * const 0x0360a704, int * 
0x0012d620) line 1474
XPTC_InvokeByIndex(nsISupports * 0x0360a704, unsigned int 58, unsigned int 1, 
nsXPTCVariant * 0x0012d620) line 139
XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode 
CALL_GETTER) line 1881 + 42 bytes
XPCWrappedNative::GetAttribute(XPCCallContext & {...}) line 1771 + 14 bytes
XPC_WN_GetterSetter(JSContext * 0x02b4f378, JSObject * 0x0338a830, unsigned int 
0, long * 0x036bd614, long * 0x0012d868) line 1284 + 9 bytes
Severity: normal → critical
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash

    
    

    
  
I know that I should not patch more than one bug per patch, but one could argue
that they're all the same bug.  I'll bet dolars to donuts that this particular
oversight happens more often.
Keywords: patch

    
    

    
  
Thanks for the patch! I had a look at it and it's a good change, but I'd like to
add this change too (which fixes the root of the problem in this case):

Index: dom/src/base/nsGlobalWindow.cpp
===================================================================
RCS file: /cvsroot/mozilla/dom/src/base/nsGlobalWindow.cpp,v
retrieving revision 1.412
diff -u -r1.412 nsGlobalWindow.cpp
--- nsGlobalWindow.cpp  2001/05/23 06:33:28     1.412
+++ nsGlobalWindow.cpp  2001/06/17 21:04:18
@@ -3685,6 +3685,8 @@
 GlobalWindowImpl::GetScrollInfo(nsIScrollableView **aScrollableView,
                                 float *aP2T, float *aT2P)
 {
+  *aScrollableView = nsnull;
+
   // Flush pending notifications so that the presentation is up to
   // date.
   FlushPendingNotifications();

With that addition, sr=jst, we should get this in for mozilla0.9.2.

Jag, r=?
Status: NEW → ASSIGNED
Keywords: mozilla0.9.2
OS: Windows 98 → All
Hardware: PC → All
Whiteboard: [HAVE FIX]
Target Milestone: --- → mozilla0.9.2

    
    

    
  
r=jag

    
  
Whiteboard: [HAVE FIX] → [HAVE FIX] r=jag, sr=me

    
    

    
  
a=tor for trunk checkin


    
    

    
  
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

    
    

    
  
verified fixed build 2001061804 win32
Status: RESOLVED → VERIFIED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: