Closed Bug 12485 Opened 21 years ago Closed 20 years ago

[CRASH] A crash occurs with a A element that contains both HREF and ONFOCUS attributes.


(Core :: DOM: Core & HTML, defect, P1, critical)






(Reporter: chrispetersen, Assigned: joki)





(1 file)

Version: Apprunner
Build: 1999082412 (Aug 24 M9)
Platform: All
Expected Results: The HREF source should load in the browser window.
What I got: A crash occurs after clicking on the OK button in a JS dialog.
Steps to reproduce:

1) Open the following file:http://slip/projects/marvin/html/a_onfocus.html
2) Click on the link to activate the onfocus handler.
3) In the JS dialog, click OK.
4) The application should crash.
*** Bug 12484 has been marked as a duplicate of this bug. ***
Note that this crashes apprunner only and not viewer.  Here's a stack trace (my
own Sep 4 build on Linux apprunner):

#0  0x40d7b2a3 in nsEventStateManager::SendFocusBlur (this=0x86a00f8,
    aContent=0x86b735c) at nsEventStateManager.cpp:1388
#1  0x40d7ab0a in nsEventStateManager::SetContentState (this=0x86a00f8,
    aContent=0x86b735c, aState=3) at nsEventStateManager.cpp:1257
#2  0x40dd676c in nsHTMLAnchorElement::HandleDOMEvent (this=0x86b7350,
    aPresContext=@0x878cea8, aEvent=0xbffff31c, aDOMEvent=0xbfffef84,
    aFlags=2, aEventStatus=@0xbffff290) at nsHTMLAnchorElement.cpp:300
#3  0x40f7420e in nsGenericDOMDataNode::HandleDOMEvent (this=0x86a0510,
    aPresContext=@0x878cea8, aEvent=0xbffff31c, aDOMEvent=0xbfffef84,
    aFlags=1, aEventStatus=@0xbffff290) at nsGenericDOMDataNode.cpp:747
#4  0x40f9ef7d in nsTextNode::HandleDOMEvent (this=0x86a04f8,
    aPresContext=@0x878cea8, aEvent=0xbffff31c, aDOMEvent=0x0, aFlags=1,
    aEventStatus=@0xbffff290) at nsTextNode.cpp:200
#5  0x40dba2b0 in PresShell::HandleEvent (this=0x869cb50, aView=0x869d418,
    aEvent=0xbffff31c, aEventStatus=@0xbffff290) at nsPresShell.cpp:1991
#6  0x41cc9ac3 in nsView::HandleEvent (this=0x869d418, event=0xbffff31c,
    aEventFlags=8, aStatus=@0xbffff290, aHandled=@0xbffff224) at nsView.cpp:834
#7  0x41cc9a52 in nsView::HandleEvent (this=0x8695bf8, event=0xbffff31c,
    aEventFlags=8, aStatus=@0xbffff290, aHandled=@0xbffff224) at nsView.cpp:818
#8  0x41cc9a52 in nsView::HandleEvent (this=0x8695b48, event=0xbffff31c,
    aEventFlags=8, aStatus=@0xbffff290, aHandled=@0xbffff224) at nsView.cpp:818
#9  0x41cc9a52 in nsView::HandleEvent (this=0x8691698, event=0xbffff31c,
    aEventFlags=28, aStatus=@0xbffff290, aHandled=@0xbffff224)
    at nsView.cpp:818
#10 0x41cd2e03 in nsViewManager::DispatchEvent (this=0x8691540,
    aEvent=0xbffff31c, aStatus=@0xbffff290) at nsViewManager.cpp:1735
#11 0x41cc7be4 in HandleEvent (aEvent=0xbffff31c) at nsView.cpp:66
#12 0x40601ce2 in nsWidget::DispatchEvent (this=0x871e070, event=0xbffff31c,
    aStatus=@0xbffff2cc) at nsWidget.cpp:1150
#13 0x40601a0c in nsWidget::DispatchWindowEvent (this=0x871e070,
    event=0xbffff31c) at nsWidget.cpp:1016
#14 0x40601da0 in nsWidget::DispatchMouseEvent (this=0x871e070,
    aEvent=@0xbffff31c) at nsWidget.cpp:1177
#15 0x40602b96 in nsWidget::OnButtonPressSignal (this=0x871e070,
    aGdkButtonEvent=0x868b7c8) at nsWidget.cpp:1738
#16 0x4060372e in nsWidget::ButtonPressSignal (aWidget=0x871e178,
    aGdkButtonEvent=0x868b7c8, aData=0x871e070) at nsWidget.cpp:2188
#17 0x40790229 in gtk_marshal_BOOL__POINTER ()
#18 0x4075565d in gtk_handlers_run ()
#19 0x40754ab2 in gtk_signal_real_emit ()
#20 0x40752c05 in gtk_signal_emit ()
#21 0x407879d8 in gtk_widget_event ()
#22 0x40728b22 in gtk_propagate_event ()
#23 0x40727d7a in gtk_main_do_event ()
#24 0x407d00fb in gdk_event_dispatch ()
#25 0x407fda86 in g_main_dispatch ()
#26 0x407fe041 in g_main_iterate ()
#27 0x407fe1e1 in g_main_run ()
#28 0x407277a9 in gtk_main ()
#29 0x405ed699 in nsAppShell::Run (this=0x8097160) at nsAppShell.cpp:371
#30 0x4046f661 in ?? ()
   from /home/david/mozilla/src/mozilla/dist/bin/
#31 0x804b158 in main1 (argc=1, argv=0xbffff9c4) at nsAppRunner.cpp:836
#32 0x804b265 in main (argc=1, argv=0xbffff9c4) at nsAppRunner.cpp:859
#33 0x4027bcb3 in ?? () from /lib/
Crashes are all M11/P1/critical.
Assignee: vidur → joki
This is mine.
Closed: 20 years ago
Resolution: --- → FIXED
Should be fixed.
With the Dec 20 builds (Mac, Windows, and Linux) , this problem has been fixed.
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.