Closed Bug 16855 Opened 25 years ago Closed 25 years ago

[CRASH] triple-clicking blank text widget

Categories

(Core :: DOM: Editor, defect, P1)

Product:
Core
Component:
DOM: Editor
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: alecf, Assigned: mozeditor)

Details

if I triple-click in a blank text widget, I get this:

#0  nsContentIterator::GetNextSibling (this=0xbfffec1c, aNode=0xbfffec1c,
    aSibling=0xbfffec2c) at nsContentIterator.cpp:452
#1  0x40d42781 in nsContentSubtreeIterator::Init (this=0x871a530,
    aRange=0x8719fa0) at nsContentIterator.cpp:890
#2  0x40d68712 in nsDOMSelection::selectFrames (this=0x8587ab8,
    aRange=0x8719fa0, aFlags=1) at nsRangeList.cpp:1888
#3  0x40d6b0f9 in nsDOMSelection::Extend (this=0x8587ab8,
    aParentNode=0x8594e88, aOffset=-1) at nsRangeList.cpp:3186
#4  0x40bf661b in nsTextFrame::HandleMultiplePress (this=0x865a070,
    aPresContext=@0x85609a8, aEvent=0xbffff210, aEventStatus=@0xbffff104)
    at nsTextFrame.cpp:2435
#5  0x40bc668d in nsFrame::HandlePress (this=0x865a070,
    aPresContext=@0x85609a8, aEvent=0xbffff210, aEventStatus=@0xbffff104)
    at nsFrame.cpp:795
#6  0x40bc65e7 in nsFrame::HandleEvent (this=0x865a070,
    aPresContext=@0x85609a8, aEvent=0xbffff210, aEventStatus=@0xbffff104)
    at nsFrame.cpp:771
#7  0x40bbf7a5 in nsBlockFrame::HandleEvent (this=0x8658288,
    aPresContext=@0x85609a8, aEvent=0xbffff210, aEventStatus=@0xbffff104)
    at nsBlockFrame.cpp:5894
#8  0x40bec444 in PresShell::HandleEvent (this=0x85879e8, aView=0x859d850,
    aEvent=0xbffff210, aEventStatus=@0xbffff104) at nsPresShell.cpp:2173
#9  0x40f5d094 in ?? ()
   from /home1/alecf/xpc/mozilla/dist/bin/components/libraptorview.so
(More stack frames follow...)


It's crashing because this on line
449	  if (NS_FAILED(aNode->GetParent(*getter_AddRefs(parent))))
450	    return NS_ERROR_FAILURE;
451
452	  if (NS_FAILED(parent->IndexOf(aNode, indx)))
453	    return NS_ERROR_FAILURE;

GetParent seems to succeed, but sets parent to null.
aNode is some kind of nsIXML????::AnonymousElement (sorry, lost the type,
picking it from memory)

My guess is that this anonymous element node  is not setting it's parent or
something.
actually, if I just add a
if (!parent) return NS_ERROR_FAILURE;
in between those two code fragments above, it doesn't crash.
Assignee: buster → mjudge
assigned to Mike based on stack trace.
Assignee: mjudge → jfrancis
i have fixed this bug, that is to say it doesnt happen. you are correct we need
to check for null as well.  I am reassigning this to joe since this is in his
code. he can go through it and remove assumptions of a non-null parent when
NS_OK is returned.
Status: NEW → ASSIGNED
Target Milestone: M11
accepting bug; m11
Severity: normal → critical
Priority: P3 → P1
Summary: crash triple-clicking blank text widget → [CRASH] triple-clicking blank text widget
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
somebody fixed this already.  I reviewed the fix and made a couple of tweaks.
Status: RESOLVED → VERIFIED
verified in 11/4 build.
You need to log in before you can comment on or make changes to this bug.