Closed
Bug 116918
Opened 23 years ago
Closed 23 years ago
onFocus/onBlur crashes browser
Categories
(Core :: DOM: Events, defect)
Tracking
()
People
(Reporter: philarete, Assigned: joki)
Details
(Keywords: crash, Whiteboard: [INF-REC])
Attachments
(2 files)
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.7) Gecko/20011221 BuildID: 2001122106 The following HTML fragment will crash every version of Mozilla I've tried on Win32. (Haven't tried other platforms.) <html> <body onLoad="document.form1.field1.focus()"> <form name="form1"> <input type="text" name="field1" onFocus="document.form1.field1.select()" onBlur="document.form1.field2.focus()"> <input type="text" name="field2" onFocus="document.form1.field2.select()"> </form> </body> </html> Reproducible: Always Steps to Reproduce: 1. Attempt to load given HTML fragment. 2. 3. Actual Results: Broswer crashes. Expected Results: Browser does not crash.
Comment 1•23 years ago
|
||
Confirming Build ID 2001122408, Win 98, TB909866W
Comment 2•23 years ago
|
||
stephend, could you get the stack? TB909866W
Comment 3•23 years ago
|
||
Comment 4•23 years ago
|
||
I see this on Windows 98 2001122606-trunk. Oddly, I have no problems when it is loaded from the local filesystem.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 5•23 years ago
|
||
cfm: build 2001122106 (moz 0.9.7), w2k, TB926000G This is perhaps a dup of bug 65581.
Comment 6•23 years ago
|
||
Comment 7•23 years ago
|
||
ksosez means -> threading
Assignee: asa → rpotts
Component: Browser-General → Threading
QA Contact: doronr → rpotts
Comment 8•23 years ago
|
||
I doubt our puny threading code is responsible for this. :-) Sending off to DOM Events.
Assignee: rpotts → joki
Component: Threading → DOM Events
QA Contact: rpotts → vladimire
Comment 9•23 years ago
|
||
The problem seems to be a recursive infinite loop that blows the stack: nsEventStateManager::SendFocusBlur(nsEventStateManager * const 0x040fbea8, nsIPresContext * 0x040c1448, nsIContent * 0x0414ac40) line 3533 nsEventStateManager::SetContentState(nsEventStateManager * const 0x040fbeb0, nsIContent * 0x0414ac40, int 2) line 3311 nsHTMLInputElement::Select(nsHTMLInputElement * const 0x0414ac6c) line 848 XPTC_InvokeByIndex(nsISupports * 0x0414ac6c, unsigned int 91, unsigned int 0, nsXPTCVariant * 0x00037774) line 106 XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode CALL_METHOD) line 2009 + 42 bytes XPC_WN_CallMethod(JSContext * 0x03c3e680, JSObject * 0x03d88fc8, unsigned int 0, long * 0x0413c504, long * 0x00037a48) line 1266 + 14 bytes js_Invoke(JSContext * 0x03c3e680, unsigned int 0, unsigned int 0) line 832 + 23 bytes js_Interpret(JSContext * 0x03c3e680, long * 0x00038838) line 2798 + 15 bytes js_Invoke(JSContext * 0x03c3e680, unsigned int 1, unsigned int 2) line 849 + 13 bytes js_InternalInvoke(JSContext * 0x03c3e680, JSObject * 0x03d88fc8, long 64524272, unsigned int 0, unsigned int 1, long * 0x00038aa8, long * 0x00038960) line 924 + 20 bytes JS_CallFunctionValue(JSContext * 0x03c3e680, JSObject * 0x03d88fc8, long 64524272, unsigned int 1, long * 0x00038aa8, long * 0x00038960) line 3405 + 31 bytes nsJSContext::CallEventHandler(nsJSContext * const 0x03b81a98, void * 0x03d88fc8, void * 0x03d88ff0, unsigned int 1, void * 0x00038aa8, int * 0x00038aac, int 0) line 1011 + 33 bytes nsJSEventListener::HandleEvent(nsJSEventListener * const 0x0414af38, nsIDOMEvent * 0x041c7608) line 180 + 77 bytes nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x0414aff8, nsIDOMEvent * 0x041c7608, nsIDOMEventTarget * 0x041c7af0, unsigned int 1, unsigned int 7) line 1205 + 20 bytes nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x0414aed0, nsIPresContext * 0x040c1448, nsEvent * 0x0003970c, nsIDOMEvent * * 0x000392c4, nsIDOMEventTarget * 0x041c7af0, unsigned int 7, nsEventStatus * 0x00039738) line 1722 + 36 bytes nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x0414ac40, nsIPresContext * 0x040c1448, nsEvent * 0x0003970c, nsIDOMEvent * * 0x000392c4, unsigned int 1, nsEventStatus * 0x00039738) line 1648 nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x0414ac40, nsIPresContext * 0x040c1448, nsEvent * 0x0003970c, nsIDOMEvent * * 0x00000000, unsigned int 1, nsEventStatus * 0x00039738) line 1147 + 29 bytes nsEventStateManager::SendFocusBlur(nsEventStateManager * const 0x040fbea8, nsIPresContext * 0x040c1448, nsIContent * 0x0414ac40) line 3615 nsEventStateManager::SetContentState(nsEventStateManager * const 0x040fbeb0, nsIContent * 0x0414ac40, int 2) line 3311 and so forth
Comment 10•23 years ago
|
||
Bug 116206 comes to mind
Comment 11•23 years ago
|
||
dup'ing per joki@netscape.com *** This bug has been marked as a duplicate of 77271 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Whiteboard: [INF-REC]
You need to log in
before you can comment on or make changes to this bug.
Description
•