Firefox Crashes When the File Input `Browse...` Button Is Hidden and There's an Overflow
Categories
(Core :: Layout: Form Controls, defect, P3)
Tracking
()
People
(Reporter: artemx100, Assigned: MatsPalmgren_bugz)
References
Details
(Keywords: crash, reproducible, testcase)
Crash Data
Attachments
(3 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0
Steps to reproduce:
- Create a file input element with a fixed width
- Hide the
Browse...
button with ::file-selector-button{display: none;} - Select a file with a long enough name to cause some overflow
Actual results:
The browser crashes
Expected results:
The browser should not crash
Comment 1•3 years ago
|
||
I can reproduce the crash on Nightly85.0a1 Windows10.
Crash report: https://crash-stats.mozilla.org/report/index/79be5f99-ccf4-4e58-a8e6-1d5eb0201129
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll nsFileControlFrame::Reflow layout/forms/nsFileControlFrame.cpp:171
1 xul.dll nsLineLayout::ReflowFrame layout/generic/nsLineLayout.cpp:875
2 xul.dll nsBlockFrame::DoReflowInlineFrames layout/generic/nsBlockFrame.cpp:4325
3 xul.dll nsBlockFrame::Reflow layout/generic/nsBlockFrame.cpp:1376
4 xul.dll nsBlockFrame::ReflowBlockFrame layout/generic/nsBlockFrame.cpp:3846
5 xul.dll nsBlockFrame::Reflow layout/generic/nsBlockFrame.cpp:1376
6 xul.dll nsContainerFrame::ReflowChild layout/generic/nsContainerFrame.cpp:1082
7 xul.dll nsCanvasFrame::Reflow layout/generic/nsCanvasFrame.cpp:789
8 xul.dll nsHTMLScrollFrame::ReflowScrolledFrame layout/generic/nsGfxScrollFrame.cpp:757
9 xul.dll nsHTMLScrollFrame::Reflow layout/generic/nsGfxScrollFrame.cpp:1279
Updated•3 years ago
|
Assignee | ||
Comment 2•3 years ago
|
||
Updated•3 years ago
|
Pushed by mpalmgren@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9fe7eb376ecd Deal with the ::file-selector-button pseudo having no frame. r=emilio
By the way, you can also make it instantly crash as soon as you open it by adjusting the input width to 1px (or anything small enough) so that the default text is enough to overflow it. It might be useful for automated tests.
Assignee | ||
Comment 5•3 years ago
|
||
Ah, that's a good point... I'll add that as a crashtest, thanks!
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 6•3 years ago
|
||
Comment 7•3 years ago
|
||
bugherder |
Updated•3 years ago
|
Pushed by mpalmgren@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2bec807450ad part 2 - Add a crashtest. r=emilio
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/26671 for changes under testing/web-platform/tests
Updated•3 years ago
|
Comment 10•3 years ago
|
||
bugherder |
Upstream PR merged by moz-wptsync-bot
Comment 12•3 years ago
|
||
The patch landed in nightly and beta is affected.
:mats, is this bug important enough to require an uplift?
If not please set status_beta
to wontfix
.
For more information, please visit auto_nag documentation.
Updated•3 years ago
|
Description
•