Closed Bug 167228 Opened 23 years ago Closed 23 years ago

possible crash in nsEventStateManager::PreHandleEvent

Categories

(Core :: DOM: UI Events & Focus Handling, defect)

Product:
Core
Component:
DOM: UI Events & Focus Handling
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: bzbarsky, Assigned: bryner)

References

(
URL
)

Details

Attachments

(1 file, 2 obsolete files)

real testcase
607 bytes, text/html
Details
If I click a link that opens a new window, Mozilla crashes. This is a regression from version 1.374 of nsEventStateManager.cpp. The code that crashes is in the NS_DEACTIVATE of nsEventStateManager::PreHandleEvent : nsCOMPtr<nsIFocusController> focusController = getter_AddRefs(GetFocusControllerForDocument(mDocument)); if (focusController) { // Suppress the command dispatcher. focusController->SetSuppressFocus(PR_TRUE, "Deactivate Suppression"); } // Now fire blurs. We have to fire a blur on the focused window // and on the focused element if there is one. if (gLastFocusedDocument && gLastFocusedDocument == mDocument) { if (gLastFocusedContent) { // Blur the element. nsCOMPtr<nsIPresShell> shell; nsCOMPtr<nsIDOMElement> focusedElement; focusController->GetFocusedElement(getter_AddRefs(focusedElement)); This last line crashes because focusController is null. It looks like we need to wrap some more of that code in |if (focusController)| checks, but I don't know enough about this code to tell what events we need to fire even when we have no focusController.
Attached file more complete testcase (obsolete) —
I also see this crash about 50% of the time when I close context menus.
Attached file real testcase
Attachment #98245 - Attachment is obsolete: true
Attachment #98246 - Attachment is obsolete: true
OK. Looks like the problem was that I had only picked up the newer versions of _some_ of the files in bryner's patch. Once I update all of them, things are happy. Donwgrading accordingly. If focusController is never null whenever gLastFocusedDocument is non-null, this is just invalid. Otherwise, the lack of a null-check still seems suspect.
Severity: blocker → normal
Summary: Any link click which opens a new window crashes → possible crash in nsEventStateManager::PreHandleEvent
I don't think that's possible, off the top of my head. We can get at the focus controller whenever the document has a DocShell, and that's certainly necessary for it to be focused, so...
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
verified. Sorry for the trouble.
Status: RESOLVED → VERIFIED
Component: Event Handling → User events and focus handling
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: