Closed Bug 15772 Opened 25 years ago Closed 25 years ago

Selecting items in select-list crashes browser

Categories

(Core :: Layout, defect, P3)

x86
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: morse, Assigned: vidur)

Details

This crash occurs on the dialog that displays wallet contents. So to demonstrate this, you need to put some items in your wallet. You can do that as follows: 1. From menu select edit/wallet/samples 2. Click on the word "here" to get to the interview form 3. Fill out name-prefix, fist-name, middle-name, and last name 4. From menu select edit/wallet/capture-form OK, now we are ready to demonstrate the bug. Do that as follows: 1. From menu go to edit/wallet/wallet-contents 2. In the "field names" list you will see: name.first name.last name.middle name.prefix with the name.first being the selected entry. 3. Select some other entry. It gets selected fine 4. Select yet another entry or go back to the first entry. You get the crash shown below I'll come up with a simplified test case soon. nsGenericElement::HandleDOMEvent(nsIPresContext & {...}, nsEvent * 0x0012d71c, nsIDOMEvent * * 0x0012d5f8, unsigned int 1, nsEventStatus & nsEventStatus_eIgnore) line 776 + 33 bytes nsHTMLSelectElement::HandleDOMEvent(nsHTMLSelectElement * const 0x029fe390, nsIPresContext & {...}, nsEvent * 0x0012d71c, nsIDOMEvent * * 0x00000000, unsigned int 1, nsEventStatus & nsEventStatus_eIgnore) line 794 nsEventStateManager::SendFocusBlur(nsEventStateManager * const 0x02a356e0, nsIContent * 0x029fa170) line 1506 nsEventStateManager::SetContentState(nsEventStateManager * const 0x02a356e0, nsIContent * 0x029fa170, int 2) line 1395 nsHTMLSelectElement::SetFocus(nsHTMLSelectElement * const 0x029fa178, nsIPresContext * 0x02895860) line 599 nsEventStateManager::ChangeFocus(nsIContent * 0x029fa170, int 1) line 1052 nsEventStateManager::PostHandleEvent(nsEventStateManager * const 0x02a356e0, nsIPresContext & {...}, nsGUIEvent * 0x0012dcb0, nsIFrame * 0x02a0fa20, nsEventStatus & nsEventStatus_eIgnore, nsIView * 0x02a02390) line 449 + 19 bytes PresShell::HandleEvent(PresShell * const 0x028be5f4, nsIView * 0x02a02390, nsGUIEvent * 0x0012dcb0, nsEventStatus & nsEventStatus_eIgnore) line 2111 + 43 bytes nsView::HandleEvent(nsView * const 0x02a02390, nsGUIEvent * 0x0012dcb0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 834 nsView::HandleEvent(nsView * const 0x02a07530, nsGUIEvent * 0x0012dcb0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 819 nsView::HandleEvent(nsView * const 0x02a075c0, nsGUIEvent * 0x0012dcb0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 819 nsView::HandleEvent(nsView * const 0x028e1900, nsGUIEvent * 0x0012dcb0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 819 nsView::HandleEvent(nsView * const 0x028e0a30, nsGUIEvent * 0x0012dcb0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 819 nsView::HandleEvent(nsView * const 0x028e0b10, nsGUIEvent * 0x0012dcb0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 819 nsView::HandleEvent(nsView * const 0x028bea10, nsGUIEvent * 0x0012dcb0, unsigned int 28, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 819 nsViewManager::DispatchEvent(nsViewManager * const 0x028bef20, nsGUIEvent * 0x0012dcb0, nsEventStatus & nsEventStatus_eIgnore) line 1670 HandleEvent(nsGUIEvent * 0x0012dcb0) line 63 nsWindow::DispatchEvent(nsWindow * const 0x02a073f4, nsGUIEvent * 0x0012dcb0, nsEventStatus & nsEventStatus_eIgnore) line 342 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012dcb0) line 363 nsWindow::DispatchMouseEvent(unsigned int 302, nsPoint * 0x00000000) line 3313 + 21 bytes ChildWindow::DispatchMouseEvent(unsigned int 302, nsPoint * 0x00000000) line 3531 nsWindow::ProcessMessage(unsigned int 513, unsigned int 1, long 524302, long * 0x0012ded4) line 2535 + 24 bytes nsWindow::WindowProc(HWND__ * 0x00d9042e, unsigned int 513, unsigned int 1, long 524302) line 520 + 27 bytes USER32! 77e7126
Assignee: troy → vidur
Vidur, assigning to you because it crashes in DOM code
Well I simplified it considerably but somewhere along the line the stack trace changed (I don't know when this occured because I wasn't paying attention to it). So here's the simplified case and the new stack trace. I sure hope this is the same bug because if it isn't I just wasted about four hours simplifying it. <html> <head> <script> schema_frame = 1; function loadFrames() { /* create the schema list */ top.frames[schema_frame].document.open(); top.frames[schema_frame].document.write( "<body bgcolor='#cccccc' name='schema'>" + "<form>" + "<table>" + "<tr>" + "<td>" + // "<select size='10' onchange='top.loadFrames();'>" "<select size='10' onchange=\"setTimeout('top.loadFrames();',0)\">" + "<option>AAA</option>" + "<option>BBB</option>" + "</select>" + "</td>" + "</tr>" + "</table>" + "</form>" + "</body>" ); top.frames[schema_frame].document.close(); } </script> </head> <frameset rows="15,115" frameborder="no" border="0" bordercolor="#cccccc" onload="loadFrames();"> <frame src="about:blank"> <frame src="about:blank"> </frameset> <noframes> <body> <p> </p> </body> </noframes> </html> **************** nsGenericElement::GetParent(nsIContent * & 0x00000000) line 723 + 24 bytes nsHTMLSelectElement::GetParent(const nsHTMLSelectElement * const 0x024ec0b0, nsIContent * & 0x00000000) line 164 + 18 bytes nsCSSFrameConstructor::FindPrimaryFrameFor(nsCSSFrameConstructor * const 0x024d8390, nsIPresContext * 0x02482670, nsIFrameManager * 0x02489dc0, nsIContent * 0x024ec0b0, nsIFrame * * 0x0012f434) line 7783 StyleSetImpl::FindPrimaryFrameFor(StyleSetImpl * const 0x024d8430, nsIPresContext * 0x02482670, nsIFrameManager * 0x02489dc0, nsIContent * 0x024ec0b0, nsIFrame * * 0x0012f434) line 980 FrameManager::GetPrimaryFrameFor(FrameManager * const 0x02489dc0, nsIContent * 0x024ec0b0, nsIFrame * * 0x0012f434) line 322 nsCSSFrameConstructor::FindPrimaryFrameFor(nsCSSFrameConstructor * const 0x024d8390, nsIPresContext * 0x02482670, nsIFrameManager * 0x02489dc0, nsIContent * 0x024f830c, nsIFrame * * 0x0012f4ac) line 7785 StyleSetImpl::FindPrimaryFrameFor(StyleSetImpl * const 0x024d8430, nsIPresContext * 0x02482670, nsIFrameManager * 0x02489dc0, nsIContent * 0x024f830c, nsIFrame * * 0x0012f4ac) line 980 FrameManager::GetPrimaryFrameFor(FrameManager * const 0x02489dc0, nsIContent * 0x024f830c, nsIFrame * * 0x0012f4ac) line 322 nsCSSFrameConstructor::FindPrimaryFrameFor(nsCSSFrameConstructor * const 0x024d8390, nsIPresContext * 0x02482670, nsIFrameManager * 0x02489dc0, nsIContent * 0x024f829c, nsIFrame * * 0x0012f58c) line 7785 StyleSetImpl::FindPrimaryFrameFor(StyleSetImpl * const 0x024d8430, nsIPresContext * 0x02482670, nsIFrameManager * 0x02489dc0, nsIContent * 0x024f829c, nsIFrame * * 0x0012f58c) line 980 FrameManager::GetPrimaryFrameFor(FrameManager * const 0x02489dc0, nsIContent * 0x024f829c, nsIFrame * * 0x0012f58c) line 322 PresShell::GetPrimaryFrameFor(const PresShell * const 0x024d8280, nsIContent * 0x024f829c, nsIFrame * * 0x0012f58c) line 1897 + 32 bytes nsDOMSelection::selectFrames(nsDOMSelection * const 0x024d81b0, nsIDOMRange * 0x027c3ca0, int 0) line 1903 + 39 bytes nsDOMSelection::Clear() line 1748 nsDOMSelection::Collapse(nsDOMSelection * const 0x024d81b0, nsIDOMNode * 0x024fb840, int 1) line 2416 nsRangeList::TakeFocus(nsRangeList * const 0x024d8210, nsIContent * 0x024fb84c, unsigned int 1, unsigned int 1, int 0, int 0) line 1113 nsRangeList::HandleClick(nsRangeList * const 0x024d8210, nsIContent * 0x024fb84c, unsigned int 1, unsigned int 1, int 0, int 0) line 1026 nsFrame::HandlePress(nsFrame * const 0x02479c30, nsIPresContext & {...}, nsGUIEvent * 0x0012fbd0, nsEventStatus & nsEventStatus_eIgnore) line 814 nsFrame::HandleEvent(nsFrame * const 0x02479c30, nsIPresContext & {...}, nsGUIEvent * 0x0012fbd0, nsEventStatus & nsEventStatus_eIgnore) line 772 nsBlockFrame::HandleEvent(nsBlockFrame * const 0x02478140, nsIPresContext & {...}, nsGUIEvent * 0x0012fbd0, nsEventStatus & nsEventStatus_eIgnore) line 5518 + 24 bytes PresShell::HandleEvent(PresShell * const 0x024d8284, nsIView * 0x02267480, nsGUIEvent * 0x0012fbd0, nsEventStatus & nsEventStatus_eIgnore) line 2106 + 38 bytes nsView::HandleEvent(nsView * const 0x02267480, nsGUIEvent * 0x0012fbd0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 834 nsView::HandleEvent(nsView * const 0x02503390, nsGUIEvent * 0x0012fbd0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 819 nsView::HandleEvent(nsView * const 0x02503e90, nsGUIEvent * 0x0012fbd0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 819 nsView::HandleEvent(nsView * const 0x024ece30, nsGUIEvent * 0x0012fbd0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 819 nsView::HandleEvent(nsView * const 0x024eaf90, nsGUIEvent * 0x0012fbd0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 819 nsView::HandleEvent(nsView * const 0x024ed8d0, nsGUIEvent * 0x0012fbd0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 819 nsView::HandleEvent(nsView * const 0x024d86a0, nsGUIEvent * 0x0012fbd0, unsigned int 28, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 819 nsViewManager::DispatchEvent(nsViewManager * const 0x024d8ba0, nsGUIEvent * 0x0012fbd0, nsEventStatus & nsEventStatus_eIgnore) line 1670 HandleEvent(nsGUIEvent * 0x0012fbd0) line 63 nsWindow::DispatchEvent(nsWindow * const 0x02503254, nsGUIEvent * 0x0012fbd0, nsEventStatus & nsEventStatus_eIgnore) line 342 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fbd0) line 363 nsWindow::DispatchMouseEvent(unsigned int 302, nsPoint * 0x00000000) line 3313 + 21 bytes ChildWindow::DispatchMouseEvent(unsigned int 302, nsPoint * 0x00000000) line 3531 nsWindow::ProcessMessage(unsigned int 513, unsigned int 1, long 1835020, long * 0x0012fdf4) line 2535 + 24 bytes nsWindow::WindowProc(HWND__ * 0x04800458, unsigned int 513, unsigned int 1, long 1835020) line 520 + 27 bytes USER32! 77e71268()
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
The original problem mentioned was fixed by my checkin on 10/12/1999. Needed to check that the element hadn't been removed from the document tree before dispatching a blur event. Got a chance to take a look at the JS behind the dialog. Why is the entire dialog being rewritten on focus and blur changes? Either way, not my problem. The dialog doesn't crash anymore.
Status: RESOLVED → VERIFIED
With the 0ct 21 build (1999102110), the crash is nolonger occuring.
You need to log in before you can comment on or make changes to this bug.