Closed
Bug 164065
Opened 22 years ago
Closed 22 years ago
Trunk crashes with form submission [@ nsHTMLInputElement::SubmitNamesValues]
Categories
(Core :: Layout: Form Controls, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: greer, Assigned: alexsavulov)
References
Details
(Keywords: crash, testcase, topcrash+)
Crash Data
Attachments
(2 files)
336 bytes,
text/html
|
Details | |
2.69 KB,
patch
|
alexsavulov
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
A group of crashes at nsHTMLInputElement::SubmitNamesValues has been showing up in the Trunk Talkback data since the 16th. (Build ID range: 2002081612 to 2002082104) cc'ing joki. Possibly a regression from his checkin for bug 162648 on 8/15. cc'ing jkeiser for input. Unfortunately, there is a dearth of user comment to point to the steps causing this crash. One user has commented: (9514706) URL: http://www.dell.com (9514706) removed item from dell shopping cart then tried to close confirmation window Stack Trace: nsHTMLInputElement::SubmitNamesValues [c:/builds/seamonkey/mozilla/content/html/content/src/nsHTMLInputElement.cpp line 2305] nsHTMLFormElement::WalkFormElements [c:/builds/seamonkey/mozilla/content/html/content/src/nsHTMLFormElement.cpp line 1022] nsHTMLFormElement::DoSubmit [c:/builds/seamonkey/mozilla/content/html/content/src/nsHTMLFormElement.cpp line 826] nsHTMLFormElement::DoSubmitOrReset [c:/builds/seamonkey/mozilla/content/html/content/src/nsHTMLFormElement.cpp line 766] nsHTMLFormElement::HandleDOMEvent [c:/builds/seamonkey/mozilla/content/html/content/src/nsHTMLFormElement.cpp line 732] PresShell::HandleDOMEventWithTarget [c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp line 6171] nsHTMLInputElement::HandleDOMEvent [c:/builds/seamonkey/mozilla/content/html/content/src/nsHTMLInputElement.cpp line 1724] PresShell::HandleEventInternal [c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp line 6123] PresShell::HandleEventWithTarget [c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp line 6091] nsEventStateManager::CheckForAndDispatchClick [c:/builds/seamonkey/mozilla/content/events/src/nsEventStateManager.cpp line 2759] nsEventStateManager::PostHandleEvent [c:/builds/seamonkey/mozilla/content/events/src/nsEventStateManager.cpp line 1763] PresShell::HandleEventInternal [c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp line 6144] PresShell::HandleEvent [c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp line 6046] nsViewManager::HandleEvent [c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp line 2098] nsView::HandleEvent [c:/builds/seamonkey/mozilla/view/src/nsView.cpp line 301] nsViewManager::DispatchEvent [c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp line 1909] HandleEvent [c:/builds/seamonkey/mozilla/view/src/nsView.cpp line 83] nsWindow::DispatchEvent [c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 1038] nsWindow::DispatchWindowEvent [c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 1055] nsWindow::DispatchMouseEvent [c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 5127] ChildWindow::DispatchMouseEvent [c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 5382] nsWindow::ProcessMessage [c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 3834] nsWindow::WindowProc [c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 1304] USER32.dll + 0x2a290 (0x77e3a290) USER32.dll + 0x45b1 (0x77e145b1) USER32.dll + 0x5b1d (0x77e15b1d) nsAppShellService::Run [c:/builds/seamonkey/mozilla/xpfe/appshell/src/nsAppShellService.cpp line 452] main1 [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line 1525] main [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line 1876] WinMain [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line 1894] WinMainCRTStartup() KERNEL32.DLL + 0x1ca90 (0x77e9ca90) Source File : c:/builds/seamonkey/mozilla/content/html/content/src/nsHTMLInputElement.cpp line : 2305
Comment 2•22 years ago
|
||
Should this get the keyword zt4newcrash?
It doesn't qualify as zt4newcrash because it was not introduced in the past 72hrs. It first started appearing 5 days ago.
Comment 4•22 years ago
|
||
I'm crashing while click on <INPUT TYPE="image"> where SRC is non-existent image. 2002082208/trunk/W2K -> TB9721859Y, TB9721858E, TB9721669G, TB9721665Z, TB9721324K Is it same signature or I have to fill new bug report?
Adam, same signatures, same crash. And your testcase crashes for me too. With a testcase -> topcrash+
Assignee | ||
Comment 6•22 years ago
|
||
i'm on it. thanks for the testcase.
Comment 8•22 years ago
|
||
Good call. The problem was specifically caused by the change to nsHTMLInputElement.cpp: @@ -2306,8 +2311,8 @@ PRInt32 clickedY; nsIFormControlFrame* formControlFrame = GetFormControlFrame(PR_TRUE); - nsCOMPtr<nsIImageControlFrame> imageControlFrame( - do_QueryInterface(formControlFrame)); + nsIImageControlFrame* imageControlFrame = nsnull; + CallQueryInterface(formControlFrame, &imageControlFrame); if (imageControlFrame) { imageControlFrame->GetClickedX(&clickedX); imageControlFrame->GetClickedY(&clickedY); CallQueryInterface is not null-safe WRT left-hand-side (more's the pity). My bad. I'll fix it manana if no one else has.
*** Bug 164523 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 10•22 years ago
|
||
nullcheck patch
Assignee | ||
Comment 11•22 years ago
|
||
r=jkeiser (verbal)
Assignee | ||
Updated•22 years ago
|
Attachment #96747 -
Flags: review+
Comment 12•22 years ago
|
||
Comment on attachment 96747 [details] [diff] [review] proposed patch sr=jst
Attachment #96747 -
Flags: superreview+
Assignee | ||
Comment 13•22 years ago
|
||
*** Bug 164834 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 14•22 years ago
|
||
fixed on trunk
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Updated•13 years ago
|
Crash Signature: [@ nsHTMLInputElement::SubmitNamesValues]
You need to log in
before you can comment on or make changes to this bug.
Description
•