Closed
Bug 121023
Opened 23 years ago
Closed 23 years ago
Trun M097 Crash when choosing value from pulldown menu [@ nsXULElement::HandleDOMEvent][@ js_EmitTree]
Categories
(Core :: Layout: Form Controls, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 112241
People
(Reporter: moz, Assigned: john)
References
()
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
6.80 KB,
text/plain
|
Details |
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:0.9.7+) Gecko/20020118
BuildID: 2002011821 (static build)
At the LaRedoute Online Shop I crash when changing the size of garments I want
to buy.
Reproducible: Always
Steps to Reproduce:
1.Go to http://www.laredoute.ch
2.Choose a product
3.Change it's size using the pulldown-menu on the page
Actual Results: Crash after a few seconds with the CPU at 100%
I've tried to produce a stack-trace using run-mozilla.sh -g. This didn't really
work, here's the shortened result:
*****************************
where
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 1791)]
0x0875e6b1 in nsXULElement::HandleDOMEvent ()
(gdb) #0 0x0875e6b1 in nsXULElement::HandleDOMEvent ()
#1 0x0875f452 in nsXULElement::HandleDOMEvent ()
#2 0x0875f452 in nsXULElement::HandleDOMEvent ()
#3 0x0875f452 in nsXULElement::HandleDOMEvent ()
#4 0x0875f452 in nsXULElement::HandleDOMEvent ()
#5 0x0875f452 in nsXULElement::HandleDOMEvent ()
#6 0x0875f452 in nsXULElement::HandleDOMEvent ()
#7 0x08762d85 in nsXULElement::HandleChromeEvent ()
#8 0x0868748e in GlobalWindowImpl::HandleDOMEvent ()
#9 0x087a54ef in nsDocument::HandleDOMEvent ()
#10 0x087c015c in nsGenericElement::HandleDOMEvent ()
**** Line #10 repeated
#34 0x087c0131 in nsGenericElement::HandleDOMEvent ()
#35 0x0882161a in nsHTMLSelectElement::HandleDOMEvent ()
#36 0x088674d3 in PresShell::HandleEventInternal ()
#37 0x088673a1 in PresShell::HandleEventWithTarget ()
#38 0x08968bb0 in nsListControlFrame::SelectionChanged ()
#39 0x08968ae4 in nsListControlFrame::UpdateSelection ()
#40 0x08950f85 in nsComboboxControlFrame::UpdateSelection ()
#41 0x086f1d30 in nsHTMLOptionElement::SetText ()
#42 0x400c81a1 in XPTC_InvokeByIndex () from ./libxpcom.so
#43 0x0853e9ab in XPCWrappedNative::CallMethod ()
#44 0x08543ad4 in XPC_WN_GetterSetter ()
#45 0x08d0c1d2 in js_Invoke ()
#46 0x08d0c3fc in js_InternalInvoke ()
#47 0x08d1dd48 in js_SetProperty ()
#48 0x08d12946 in js_Interpret ()
#49 0x08d0c5cb in js_Execute ()
#50 0x08d1b571 in js_obj_toString ()
#51 0x08d0c1d2 in js_Invoke ()
#52 0x08d13374 in js_Interpret ()
#53 0x08d0c220 in js_Invoke ()
#54 0x08d13374 in js_Interpret ()
#55 0x08d0c220 in js_Invoke ()
#56 0x08d0c3fc in js_InternalInvoke ()
#57 0x08cf1afa in JS_CallFunctionValue ()
#58 0x086850a4 in nsJSContext::CallEventHandler ()
#59 0x086a8a68 in nsJSEventListener::HandleEvent ()
#60 0x086d295d in nsEventListenerManager::HandleEventSubType ()
#61 0x086d4092 in nsEventListenerManager::HandleEvent ()
**** This part (#34-#61) repeated lots of times
#8755 0x0882161a in nsHTMLSelectElement::HandleDOMEvent ()
#8756 0x087c03d3 in nsGenericElement::HandleDOMEvent ()
#8757 0x088674d3 in PresShell::HandleEventInternal ()
#8758 0x0886733c in PresShell::HandleEvent ()
#8759 0x086ab659 in nsView::HandleEvent ()
#8760 0x086b404d in nsViewManager::DispatchEvent ()
#8761 0x086ab100 in nsFocusController::HandleEvent ()
#8762 0x086cb0ab in nsWidget::DispatchEvent ()
#8763 0x086cb008 in nsWidget::DispatchWindowEvent ()
#8764 0x086cb112 in nsWidget::DispatchMouseEvent ()
#8765 0x086cbbb1 in nsWidget::OnButtonReleaseSignal ()
#8766 0x086b892c in nsWindow::HandleGDKEvent ()
#8767 0x086c77c7 in handle_gdk_event ()
#8768 0x086c75b4 in handle_gdk_event ()
#8769 0x40428dd4 in gdk_event_dispatch () from /usr/lib/libgdk-1.2.so.0
#8770 0x4045ac46 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
#8771 0x4045b273 in g_main_iterate () from /usr/lib/libglib-1.2.so.0
#8772 0x4045b43c in g_main_run () from /usr/lib/libglib-1.2.so.0
#8773 0x4037376c in gtk_main () from /usr/lib/libgtk-1.2.so.0
#8774 0x086c1e03 in nsAppShell::Run ()
#8775 0x08a865cd in nsAppShellService::Run ()
#8776 0x084f4d43 in DoCommandLines ()
#8777 0x084f554a in main ()
#8778 0x404b67ee in __libc_start_main () from /lib/libc.so.6
(gdb) No breakpoints or watchpoints.
(gdb) cont
LWP 1791 exited.
LWP 2044 exited.
LWP 1795 exited.
LWP 1794 exited.
LWP 1793 exited.
Program exited normally.
(gdb)
*******************
This took a few minutes with 100% CPU usage and unresponsive X-Server (could
change to console though).
Also crashes for me with 2002011908/ Win98SE.
Talkback-ID: TB1900237X
Windows says it's a "stack error" in JS3250.DLL
|
||
Comment 2•23 years ago
|
||
Confirming on 2002011503 Win2k. --> OS=All.
Talkback ID is TB1901435W.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
this looks like dom events is incorrectly setting a callback which results in a
stack overflow :)
Assignee: asa → joki
Component: Browser-General → DOM Events
QA Contact: doronr → vladimire
js_EmitTree [d:\builds\seamonkey\mozilla\js\src\jsemit.c, line 1829]
EmitPropOp [d:\builds\seamonkey\mozilla\js\src\jsemit.c, line 1670]
js_EmitTree [d:\builds\seamonkey\mozilla\js\src\jsemit.c, line 3573]
EmitPropOp [d:\builds\seamonkey\mozilla\js\src\jsemit.c, line 1670]
js_EmitTree [d:\builds\seamonkey\mozilla\js\src\jsemit.c, line 3573]
EmitPropOp [d:\builds\seamonkey\mozilla\js\src\jsemit.c, line 1670]
js_EmitTree [d:\builds\seamonkey\mozilla\js\src\jsemit.c, line 3573]
EmitElemOp [d:\builds\seamonkey\mozilla\js\src\jsemit.c, line 1709]
js_EmitTree [d:\builds\seamonkey\mozilla\js\src\jsemit.c, line 3583]
js_EmitTree [d:\builds\seamonkey\mozilla\js\src\jsemit.c, line 3258]
js_EmitTree [d:\builds\seamonkey\mozilla\js\src\jsemit.c, line 3165]
Statements [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 930]
js_CompileTokenStream [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 393]
CompileTokenStream [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2833]
JS_CompileUCScriptForPrincipals [d:\builds\seamonkey\mozilla\js\src\jsapi.c,
line 2913]
obj_eval [d:\builds\seamonkey\mozilla\js\src\jsobj.c, line 1018]
js_Invoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 834]
js_Interpret [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 2799]
js_Invoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 850]
js_Interpret [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 2799]
js_Invoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 850]
js_InternalInvoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 925]
JS_CallFunctionValue [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 3407]
nsJSContext::CallEventHandler
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 1014]
nsJSEventListener::HandleEvent
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 182]
nsEventListenerManager::HandleEventSubType
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line
1206]
nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line
1809]
nsGenericElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1648]
nsHTMLSelectElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLSelectElement.cpp,
line 1812]
PresShell::HandleEventInternal
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5993]
PresShell::HandleEventWithTarget
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5956]
nsListControlFrame::SelectionChanged
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsListControlFrame.cpp, line
2149]
nsListControlFrame::UpdateSelection
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsListControlFrame.cpp, line
2106]
nsComboboxControlFrame::UpdateSelection
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsComboboxControlFrame.cpp,
line 1898]
nsHTMLOptionElement::SetText
[d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLOptionElement.cpp,
line 623]
XPTC_InvokeByIndex
[d:\builds\seamonkey\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp,
line 106]
XPCWrappedNative::CallMethod
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednative.cpp, line 2000]
XPC_WN_GetterSetter
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp,
line 1291]
js_Invoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 834]
js_InternalInvoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 925]
js_SetProperty [d:\builds\seamonkey\mozilla\js\src\jsobj.c, line 2601]
js_Interpret [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 2644]
js_Execute [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 1014]
obj_eval [d:\builds\seamonkey\mozilla\js\src\jsobj.c, line 1033]
js_Invoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 834]
js_Interpret [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 2799]
js_Invoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 850]
js_Interpret [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 2799]
js_Invoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 850]
js_InternalInvoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 925]
JS_CallFunctionValue [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 3407]
nsJSContext::CallEventHandler
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 1014]
nsJSEventListener::HandleEvent
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 182]
nsEventListenerManager::HandleEventSubType
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line
1206]
nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line
1809]
nsGenericElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1648]
nsHTMLSelectElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLSelectElement.cpp,
line 1812]
PresShell::HandleEventInternal
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5993]
PresShell::HandleEventWithTarget
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5956]
nsListControlFrame::SelectionChanged
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsListControlFrame.cpp, line
2149]
nsListControlFrame::UpdateSelection
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsListControlFrame.cpp, line
2106]
nsComboboxControlFrame::UpdateSelection
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsComboboxControlFrame.cpp,
line 1898]
nsHTMLOptionElement::SetText
[d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLOptionElement.cpp,
line 623]
XPTC_InvokeByIndex
[d:\builds\seamonkey\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp,
line 106]
I am seeing this same behavior with build 2002012309 for Win2K. Just choosing
selections in the first two pulldowns at www.malaysiaair.com. Attaching stack
Summary: Crash when choosing value from pulldown menu → Trun M097 Crash when choosing value from pulldown menu [@ nsXULElement::HandleDOMEvent][@ js_EmitTree]
:-( domevents!=events? .. trying xul, => hyatt
Assignee: joki → hyatt
Component: DOM Events → XP Toolkit/Widgets: XUL
QA Contact: vladimire → jrgm
|
||
Comment 7•23 years ago
|
||
I actually get the EmitCheck/js_Emit3 stack trace when I change the size on an
item on a laredoute.ch page (not the HandleDOMEvent stack).
I don't know about malaysiaair.com, but I believe the bug on laredoute.ch is
the same as bug 112052.
In the laredboute.com form, a <select> control has a onchange handler, and
that handler modifies "document.aForm.thisSelect.aOption = 'foobar';", which
then recursively triggers the onchange handler again (and again).
This one (or the dup, if it is a dup) is a must fix for mozilla 1.0. We do not
want to break DOM 0 compatibility of the handling of onchange.
-> jkeiser, since the other bug (bug 112052 went to him).
Assignee: hyatt → jkeiser
Component: XP Toolkit/Widgets: XUL → HTML Form Controls
|
|
||
Updated•23 years ago
|
QA Contact: jrgm → madhur
|
|
||
Comment 8•23 years ago
|
||
I tried jkeiser's changes for bug 112241, which is the for the same issue as
this bug, and both the laredoute.com pages and the malaysiaair.com pages do not
crash with those changes. Marking dup.
*** This bug has been marked as a duplicate of 112241 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
|
||
Updated•14 years ago
|
Crash Signature: [@ nsXULElement::HandleDOMEvent]
[@ js_EmitTree]
You need to log in
before you can comment on or make changes to this bug.
Description
•