Closed
Bug 105004
Opened 23 years ago
Closed 23 years ago
Crash scrolling absolute positioned textarea
Categories
(Core :: Layout: Form Controls, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: nicks, Assigned: smontagu)
Details
(Keywords: crash, testcase, Whiteboard: [selection])
Attachments
(3 files)
|
155 bytes,
text/html
|
Details | |
|
1.10 KB,
patch
|
Details | Diff | Splinter Review | |
|
586 bytes,
patch
|
rbs
:
review+
kinmoz
:
superreview+
|
Details | Diff | Splinter Review |
build 2001101503: 1. Browse the following HTML page: -------- <html> <head> </head> <body > <textarea style="position:absolute;width:100px;height:50px"> this is enough text to scroll </textarea> </body> <html> --------- 2. Click in the textarea. 3. Use the right arrow on the keyboard to scroll to the right. When you get to the end of the text in the textarea, the browser crashes (nsFrame::GetFrameFromDirection)
|
||
Comment 1•23 years ago
|
||
was able to reproduce. Incident ID 36772655 Stack Signature nsFrame::GetFrameFromDirection 960296e3 Bug ID Trigger Time 2001-10-16 10:17:17 Email Address madhur@netscape.com URL Visited User Comments trying to reproduce bug 105004 Build ID 2001101505 Product ID Netscape6.20 Platform ID Win32 Trigger Reason Access violation Stack Trace nsFrame::GetFrameFromDirection [d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrame.cpp, line 3880] nsTextFrame::PeekOffset [d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3940] nsSelection::MoveCaret [d:\builds\seamonkey\mozilla\content\base\src\nsSelection.cpp, line 1577] nsSelection::CharacterMove [d:\builds\seamonkey\mozilla\content\base\src\nsSelection.cpp, line 2945] nsTextInputSelectionImpl::CharacterMove [d:\builds\seamonkey\mozilla\layout\html\forms\src\nsGfxTextControlFrame2.cpp, line 837] nsSelectionMoveCommands::DoCommand [d:\builds\seamonkey\mozilla\editor\base\nsEditorCommands.cpp, line 389] nsControllerCommandManager::DoCommand [d:\builds\seamonkey\mozilla\content\xul\document\src\nsControllerCommandManager .cpp, line 184] nsEditorController::DoCommand [d:\builds\seamonkey\mozilla\editor\base\nsEditorController.cpp, line 192] nsXBLPrototypeHandler::ExecuteHandler [d:\builds\seamonkey\mozilla\content\xbl\src\nsXBLPrototypeHandler.cpp, line 311] DoKey [d:\builds\seamonkey\mozilla\content\xbl\src\nsXBLKeyHandler.cpp, line 92] nsXBLKeyHandler::KeyPress [d:\builds\seamonkey\mozilla\content\xbl\src\nsXBLKeyHandler.cpp, line 108] nsEventListenerManager::HandleEvent [d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line 1633] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1688] nsHTMLTextAreaElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLTextAreaElement.cpp, line 594] PresShell::HandleEventInternal [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5715] PresShell::HandleEvent [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5640] nsView::HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 377] nsView::HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 350] nsView::HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 350] nsViewManager::DispatchEvent [d:\builds\seamonkey\mozilla\view\src\nsViewManager.cpp, line 2076] HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 68] nsWindow::DispatchEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 730] nsWindow::DispatchWindowEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 747] nsWindow::DispatchKeyEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 2403] nsWindow::OnKeyDown [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 2471] nsWindow::ProcessMessage [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 3172]
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
||
Comment 2•23 years ago
|
||
crash seen on all plaforms -- win2000, linux 7.1, macOSX
Keywords: testcase
OS: Windows 2000 → All
|
|
||
Comment 3•23 years ago
|
||
This is a bug in some IBMBIDI code in nsFrame::GetFrameFromDirection(). Apparently in this specific case, GetFirstLeaf() and GetLastLeaf() are both returning NULL, so newFrame gets null'd out, and we crash when calling newFrame->IsSelectable(). I have a patch that works around the crash by checking for null, which I will post, but it would be a good idea for simon@softel.co.il to look into the assumptions being made by the IBMBIDI code to see why they aren't true in this particular case.
Assignee: kin → simon
Whiteboard: [selection]
|
Assignee | |
Comment 7•23 years ago
|
||
Checking for null return as well as error return from |GetLine| prevents this crash
Attachment #57536 -
Flags: superreview+
Comment on attachment 57536 [details] [diff] [review] Suggested patch sr=kin@netscape.com
Comment on attachment 57536 [details] [diff] [review] Suggested patch r=rbs
Attachment #57536 -
Flags: review+
|
|
Assignee | |
Comment 10•23 years ago
|
||
Fix checked in
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
|
|
||
Updated•23 years ago
|
Status: RESOLVED → VERIFIED
|
|
||
Comment 11•23 years ago
|
||
verified fixed on win2k buildID: 2001-11-19-06trunk redhat linux 7.1 buildID: 2001-11-20-08trunk macOS 10 buildID: 2001-11-19-08trunk
You need to log in
before you can comment on or make changes to this bug.
Description
•