Closed
Bug 19085
Opened 26 years ago
Closed 26 years ago
[CRASH]Browser crashes after visiting a page with a file input
Categories
(Core :: Layout: Form Controls, defect, P3)
Core
Layout: Form Controls
Tracking
()
VERIFIED
WORKSFORME
M12
People
(Reporter: kinmoz, Assigned: pollmann)
Details
Attachments
(1 file)
|
72 bytes,
text/html
|
Details |
If you load any page that has a file input tag <input type=file> on it, then
visit some other page, you crash. I haven't had a chance to verify that this
happens on the Mac, but this happens on both Win32 and Linux.
To reproduce:
1. Start the browser.
2. Select "Debug->ViewerDemos->#8 Form" from the menus.
3. Now visit another page by hitting the back button, or typing in another URL
in the URL field.
You should crash with the following stack trace:
nsFileControlFrame::GetProperty(nsFileControlFrame * const 0x031db410, nsIAtom *
0x01574ac0, nsString & {...}) line 509 + 16 bytes
nsFileControlFrame::SaveState(nsFileControlFrame * const 0x031db41c,
nsIPresContext * 0x03282360, nsISupports * * 0x0012d684) line 542 + 30 bytes
CaptureFrameStateFor(nsIPresContext * 0x03282360, nsIFrame * 0x031db3b0,
nsILayoutHistoryState * 0x033da940) line 1388 + 20 bytes
FrameManager::CaptureFrameState(FrameManager * const 0x031f1c60, nsIPresContext
* 0x03282360, nsIFrame * 0x031db3b0, nsILayoutHistoryState * 0x033da940) line
1406 + 17 bytes
FrameManager::CaptureFrameState(FrameManager * const 0x031f1c60, nsIPresContext
* 0x03282360, nsIFrame * 0x031ccf80, nsILayoutHistoryState * 0x033da940) line
1415 + 24 bytes
FrameManager::CaptureFrameState(FrameManager * const 0x031f1c60, nsIPresContext
* 0x03282360, nsIFrame * 0x031a8070, nsILayoutHistoryState * 0x033da940) line
1415 + 24 bytes
FrameManager::CaptureFrameState(FrameManager * const 0x031f1c60, nsIPresContext
* 0x03282360, nsIFrame * 0x031a3500, nsILayoutHistoryState * 0x033da940) line
1415 + 24 bytes
FrameManager::CaptureFrameState(FrameManager * const 0x031f1c60, nsIPresContext
* 0x03282360, nsIFrame * 0x02faf1f0, nsILayoutHistoryState * 0x033da940) line
1415 + 24 bytes
FrameManager::CaptureFrameState(FrameManager * const 0x031f1c60, nsIPresContext
* 0x03282360, nsIFrame * 0x02fde850, nsILayoutHistoryState * 0x033da940) line
1415 + 24 bytes
FrameManager::CaptureFrameState(FrameManager * const 0x031f1c60, nsIPresContext
* 0x03282360, nsIFrame * 0x02fde170, nsILayoutHistoryState * 0x033da940) line
1415 + 24 bytes
FrameManager::CaptureFrameState(FrameManager * const 0x031f1c60, nsIPresContext
* 0x03282360, nsIFrame * 0x02faf040, nsILayoutHistoryState * 0x033da940) line
1415 + 24 bytes
PresShell::GetHistoryState(PresShell * const 0x031f7740, nsILayoutHistoryState *
* 0x0012d8c8) line 1974 + 46 bytes
nsWebShell::GetHistoryState(nsWebShell * const 0x0319fe30, nsISupports * *
0x0012d8c8) line 2830 + 30 bytes
nsWebShell::LoadURL(nsWebShell * const 0x0319fe30, const unsigned short *
0x033d8990, const char * 0x00370e60, nsIInputStream * 0x00000000, int 1,
unsigned int 0, const unsigned int 0, nsISupports * 0x00000000, const unsigned
short * 0x00000000) line 2386 + 45 bytes
nsWebShell::LoadURL(nsWebShell * const 0x0319fe30, const unsigned short *
0x033d8990, nsIInputStream * 0x00000000, int 1, unsigned int 0, const unsigned
int 0, nsISupports * 0x00000000, const unsigned short * 0x00000000) line 1991
nsBrowserInstance::LoadUrl(nsBrowserInstance * const 0x03265610, const unsigned
short * 0x033d8990) line 958 + 37 bytes
XPTC_InvokeByIndex(nsISupports * 0x03265610, unsigned int 7, unsigned int 1,
nsXPTCVariant * 0x0012dfd0) line 139
nsXPCWrappedNativeClass::CallWrappedMethod(JSContext * 0x02fb4e00,
nsXPCWrappedNative * 0x03265260, const XPCNativeMemberDescriptor * 0x03265324,
nsXPCWrappedNativeClass::CallMode CALL_METHOD, unsigned int 1, long *
0x0253ce80, long * 0x0012e180) line 894 + 43 bytes
WrappedNative_CallMethod(JSContext * 0x02fb4e00, JSObject * 0x024d30d0, unsigned
int 1, long * 0x0253ce80, long * 0x0012e180) line 191 + 34 bytes
js_Invoke(JSContext * 0x02fb4e00, unsigned int 1, unsigned int 0) line 673 + 26
bytes
js_Interpret(JSContext * 0x02fb4e00, long * 0x0012e9d4) line 2245 + 15 bytes
js_Invoke(JSContext * 0x02fb4e00, unsigned int 0, unsigned int 0) line 689 + 13
bytes
js_Interpret(JSContext * 0x02fb4e00, long * 0x0012f1e4) line 2245 + 15 bytes
js_Invoke(JSContext * 0x02fb4e00, unsigned int 1, unsigned int 2) line 689 + 13
bytes
js_InternalCall(JSContext * 0x02fb4e00, JSObject * 0x024ac080, long 38453384,
unsigned int 1, long * 0x0012f34c, long * 0x0012f304) line 766 + 15 bytes
JS_CallFunction(JSContext * 0x02fb4e00, JSObject * 0x024ac080, JSFunction *
0x03035b90, unsigned int 1, long * 0x0012f34c, long * 0x0012f304) line 2732 + 32
bytes
nsJSContext::CallFunction(nsJSContext * const 0x02fb6160, void * 0x024ac080,
void * 0x03035b90, unsigned int 1, void * 0x0012f34c, int * 0x0012f348) line 467
+ 33 bytes
nsJSEventListener::HandleEvent(nsIDOMEvent * 0x033e9624) line 107 + 48 bytes
nsEventListenerManager::HandleEvent(nsIPresContext & {...}, nsEvent *
0x0012f5f8, nsIDOMEvent * * 0x0012f554, unsigned int 7, nsEventStatus &
nsEventStatus_eIgnore) line 822 + 21 bytes
nsGenericElement::HandleDOMEvent(nsIPresContext & {...}, nsEvent * 0x0012f5f8,
nsIDOMEvent * * 0x0012f554, unsigned int 1, nsEventStatus &
nsEventStatus_eIgnore) line 795
nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x0303371c,
nsIPresContext & {...}, nsEvent * 0x0012f5f8, nsIDOMEvent * * 0x00000000,
unsigned int 1, nsEventStatus & nsEventStatus_eIgnore) line 625 + 31 bytes
nsEnderEventListener::KeyUp(nsIDOMEvent * 0x033e9994) line 2935 + 62 bytes
nsEventListenerManager::HandleEvent(nsIPresContext & {...}, nsEvent *
0x0012facc, nsIDOMEvent * * 0x0012f850, unsigned int 2, nsEventStatus &
nsEventStatus_eIgnore) line 787 + 17 bytes
nsDocument::HandleDOMEvent(nsDocument * const 0x032c86e0, nsIPresContext &
{...}, nsEvent * 0x0012facc, nsIDOMEvent * * 0x0012f850, unsigned int 2,
nsEventStatus & nsEventStatus_eIgnore) line 2381
nsHTMLHtmlElement::HandleDOMEvent(nsHTMLHtmlElement * const 0x032c9c4c,
nsIPresContext & {...}, nsEvent * 0x0012facc, nsIDOMEvent * * 0x0012f850,
unsigned int 2, nsEventStatus & nsEventStatus_eIgnore) line 191 + 41 bytes
nsGenericElement::HandleDOMEvent(nsIPresContext & {...}, nsEvent * 0x0012facc,
nsIDOMEvent * * 0x0012f850, unsigned int 2, nsEventStatus &
nsEventStatus_eIgnore) line 797 + 39 bytes
nsHTMLBodyElement::HandleDOMEvent(nsHTMLBodyElement * const 0x033c317c,
nsIPresContext & {...}, nsEvent * 0x0012facc, nsIDOMEvent * * 0x0012f850,
unsigned int 2, nsEventStatus & nsEventStatus_eIgnore) line 720
nsGenericDOMDataNode::HandleDOMEvent(nsIPresContext & {...}, nsEvent *
0x0012facc, nsIDOMEvent * * 0x0012f850, unsigned int 1, nsEventStatus &
nsEventStatus_eIgnore) line 798 + 39 bytes
nsTextNode::HandleDOMEvent(nsTextNode * const 0x033e49fc, nsIPresContext &
{...}, nsEvent * 0x0012facc, nsIDOMEvent * * 0x00000000, unsigned int 1,
nsEventStatus & nsEventStatus_eIgnore) line 207
PresShell::HandleEvent(PresShell * const 0x033c2434, nsIView * 0x033ddf90,
nsGUIEvent * 0x0012facc, nsEventStatus & nsEventStatus_eIgnore) line 2410 + 39
bytes
nsView::HandleEvent(nsView * const 0x033ddf90, nsGUIEvent * 0x0012facc, unsigned
int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 840
nsView::HandleEvent(nsView * const 0x033dc720, nsGUIEvent * 0x0012facc, unsigned
int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 825
nsView::HandleEvent(nsView * const 0x033c2810, nsGUIEvent * 0x0012facc, unsigned
int 28, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 825
nsViewManager::DispatchEvent(nsViewManager * const 0x033c2d20, nsGUIEvent *
0x0012facc, nsEventStatus & nsEventStatus_eIgnore) line 1724
HandleEvent(nsGUIEvent * 0x0012facc) line 69
nsWindow::DispatchEvent(nsWindow * const 0x033dc5e4, nsGUIEvent * 0x0012facc,
nsEventStatus & nsEventStatus_eIgnore) line 437 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012facc) line 458
nsWindow::DispatchKeyEvent(unsigned int 132, unsigned short 13, unsigned int 13)
line 2160 + 15 bytes
nsWindow::OnKeyUp(unsigned int 13, unsigned int 28) line 2415
nsWindow::ProcessMessage(unsigned int 257, unsigned int 13, long -1071906815,
long * 0x0012fdfc) line 2672 + 40 bytes
nsWindow::WindowProc(HWND__ * 0x0235091c, unsigned int 257, unsigned int 13,
long -1071906815) line 624 + 27 bytes
USER32! 77e71820()
|
||
Updated•26 years ago
|
Assignee: karnaze → pollmann
|
|
||
Comment 1•26 years ago
|
||
Reassigning to EricP.
|
|
Assignee | |
Updated•26 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M12
|
|
Assignee | |
Comment 2•26 years ago
|
||
Which build did you see this crash in? I'm using a build from yesterday on
Linux and don't see the crash. I will try on NT and with today's tree to see if
I can reproduce the crash.
Did you have to type into the file control or select a file before seeing the
crash?
This is in my debug build for today (11/17/99). You just have to visit a page
with a FileInput element on it, no need to type in or browser with it.
|
|
Assignee | |
Comment 4•26 years ago
|
||
Thanks Kin, I'm waiting for builds now and I'll try to track this one down.
|
|
Assignee | |
Comment 5•26 years ago
|
||
I can't even get a file input to display in today's build. It's also crashing
for me. Got this on the console when I viewed the testcase in viewer
nsLineLayout: FileControl(input)(1)@0x82dbd40 metrics=-559038737,-559038737!
nsLineLayout: FileControl(input)(1)@0x82dbd40 didn't set whad
-559038737,-559038737,-559038737,-559038737!
Block(form)(1)@0x82db528: line=0x82ddc20 xmost=-559038737
Attaching simplified test case...
|
|
Assignee | |
Comment 6•26 years ago
|
||
In linux mozilla 1999-11-20-08-M12, I'm crashing on a bugzilla attach-file page
(has one file input) either when I click the "Browse" button or when I leave the
page.
|
|
Assignee | |
Comment 8•26 years ago
|
||
David, do you see anything for the attached test case? I don't see anything at
all for windows or Linux. The file input uses a text input frame and a button
frame, and while I see them in the frame model (dumped using viewer), I don't
see anything visually on the page, and get this error:
nsLineLayout: FileControl(input)(1)@0x84f9970 metrics=-559038737,-559038737!
nsLineLayout: FileControl(input)(1)@0x84f9970 didn't set whad
-559038737,-559038737,-559038737,-559038737!
Block(form)(1)@0x8202870: line=0x824e958 xmost=-559038737
|
|
Assignee | |
Comment 9•26 years ago
|
||
LXR tells me that -559038737 is equal to the mystical number 0xdeadbeef,
indicating that when the file control's reflow command was called, the desired
metrics for width, height, ascent, and decent were not set.
The file control frame deferrs to nsAreaFrame for it's reflow logic, so I'll
trace through that to see if I get any leads.
No, I don't see anything for the attached testcase...
|
|
||
Updated•26 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → WORKSFORME
|
|
||
Comment 11•26 years ago
|
||
try this on Linux and NT and it no longer crashes (with GFX scrollbars turned
on) marking works for me.
|
|
||
Comment 12•26 years ago
|
||
I don't see the crash using the 1999121508 build under Linux. Marking
verified.
You need to log in
before you can comment on or make changes to this bug.
Description
•