Closed Bug 11488 Opened 21 years ago Closed 21 years ago

[Crasher] Application crashes if we try to delete option from select through javascript.

Categories

(Core :: DOM: Core & HTML, defect, P1)

x86
Windows 95
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: desale, Assigned: pollmann)

References

()

Details

Attachments

(1 file)

If we try to delete any option of select through javascript, application
crashes.

BUILD: 1999-08-09-09. [Apprunner/viewer]

STEPS TO REPRODUCE:
1] Visit URL I provided. [Or you can save your own HTML file with code I'm
providing. Open this file in viewer and apprunner.]
2] You'll see one select, and one button "Remove Option".
3] Please select any option, and then click button "Remove Option".

EXPECTED RESULTS:
Selected option should get removed from select.

ACTUAL RESULTS:
Application Crashes.

CODE:

<html>
<head>
<title>optgroup.html</title>
<script>

function RemoveContent(inForm)
  {
	var num = inForm.mySelect.selectedIndex;
	inForm.mySelect.options[num]= null;
	history.go(0);
  }
</script>
</head>

<body bgcolor="#FFFFFF" text="#000000">
<form name="workform">
<H3>Directions to Follow:</H3>
Please select any option and click button "Remove Option".<br>

<select name=mySelect size=4>
<option value="Zero" Selected> Zero</option>
<option value="One" > One</option>
<option value="Two" > Two</option>
<option value="Three" > Three</option>
</select><br>
<input type=button id="button2" value="Remove Option"
onclick="RemoveContent(this.form)">
</form>
</body>
</html>


END OF CODE:


STACK TRACE:

Incident ID: 12218661

Trigger Type:  Program Crash

Trigger Reason:  Access violation


Call Stack:    (Signature = nsCSSFrameConstructor::ContentRemoved e1f0f116)

nsCSSFrameConstructor::ContentRemoved
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 4832]

StyleSetImpl::ContentRemoved
[d:\builds\seamonkey\mozilla\layout\base\src\nsStyleSet.cpp, line 818]

PresShell::ContentRemoved
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 1602]

nsDocument::ContentRemoved
[d:\builds\seamonkey\mozilla\layout\base\src\nsDocument.cpp, line 1633]

nsHTMLDocument::ContentRemoved
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLDocument.cpp, line
894]

nsGenericHTMLContainerElement::RemoveChildAt
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsGenericHTMLElement.cpp,
line 2794]

nsGenericHTMLContainerElement::RemoveChild
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsGenericHTMLElement.cpp,
line 2605]

nsHTMLFormElement::RemoveChild
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLFormElement.cpp, line
66]

nsHTMLSelectElement::Remove
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLSelectElement.cpp,
line 347]

nsOptionList::SetProperty
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLSelectElement.cpp,
line 1048]

nsJSUtils::nsCallJSScriptObjectSetProperty
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSUtils.cpp, line 118]

SetMimeTypeArrayProperty
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSMimeTypeArray.cpp, line 171]

js_SetProperty
[d:\builds\seamonkey\mozilla\js\src\jsobj.c, line 1899]

js_Interpret
[d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 2208]

js_Invoke
[d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 675]

js_Interpret
[d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 2229]

js_Invoke
[d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 675]

js_InternalCall
[d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 748]

JS_CallFunctionValue
[d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2645]

nsJSEventListener::HandleEvent
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 98]

nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line
608]

nsGenericElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp, line 784]

nsHTMLInputElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLInputElement.cpp,
line 511]

nsEventStateManager::CheckForAndDispatchClick
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventStateManager.cpp, line
736]

nsEventStateManager::PostHandleEvent
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventStateManager.cpp, line
262]

PresShell::HandleEvent
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 1886]

nsView::HandleEvent
[d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 834]

nsView::HandleEvent
[d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 819]

nsView::HandleEvent
[d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 819]

nsView::HandleEvent
[d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 819]

nsViewManager::DispatchEvent
[d:\builds\seamonkey\mozilla\view\src\nsViewManager.cpp, line 1611]

HandleEvent
[d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 67]

nsWindow::DispatchEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 502]

nsWindow::DispatchWindowEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 523]

nsWindow::DispatchMouseEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 3270]

ChildWindow::DispatchMouseEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 3463]

nsWindow::ProcessMessage
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 2526]

nsWindow::WindowProc
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 572]

KERNEL32.DLL + 0x35d9 (0xbff735d9)


KERNEL32.DLL + 0x2222f (0xbff9222f)


0x00638c00


 Registers:
 EAX:00000000 EBX:00000000 ECX:0063f0dc EDX:0063f0d8
 ESI:098050c0 EDI:09a7e790 ESP:0063f078 EBP:0063f0cc
 EIP:604dda3d cf PF af ZF sf of IF df nt RF vm   IOPL: 0

 CS:016f DS:0177 SS:0177 ES:0177 FS:0faf GS:0000


 Operating System:  Windows 95 4.0 build 67306684

 Service Pack:   C

 Processor:  Not Available

 Processor Speed:  Not Available

 Physical Memory:  128.0 MB

 MEMORYSTATUS Structure:
                    Available     Total
 Physical Memory:   32.4 MB       128.0 MB
 Page File:         1001.0 MB     1001.0 MB
 Virtual Memory:    1882.4 MB     2044.0 MB
Crashes are all M11/P1/critical.
Assignee: vidur → pollmann
I've got a fix for this one in my local tree as soon as the fires go out...
Checked in a fix so that history.go(0) now does the right thing (i.e. doesn't
reload).
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Awesome V.  Checked in my fix too.
Status: RESOLVED → VERIFIED
Everything working fine. Marking verified.
You need to log in before you can comment on or make changes to this bug.