Closed
Bug 198254
Opened 21 years ago
Closed 20 years ago
Closing a javascript-created popup window crashes mozilla [@ nsWebShell::OnLinkClick ]
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: slaton, Assigned: jst)
References
()
Details
(4 keywords)
Crash Data
Attachments
(4 files)
4.82 KB,
text/plain
|
Details | |
75.88 KB,
text/plain
|
Details | |
169 bytes,
text/html
|
Details | |
663 bytes,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
brendan
:
approval-aviary+
brendan
:
approval1.7.5+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030314 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030314 Mozilla crashes when you click on the "Close Window" link of a javascript-created window. Reproducible: Sometimes Steps to Reproduce: 1. Visit the website url I've provided. 2. Click on the product image, which uses javascript to pop open a window with a larger image. 3. When you click "Close Window" on the new window, Mozilla crashes. Actual Results: Mozilla crashes Expected Results: Just closed the popup window. Using the Modern theme.
Comment 1•21 years ago
|
||
I see this using linux 2003031808. Talkback ID TB18255846E This needs the 'crash' keyword The offening link is: <a href="javascript: self.close();" onclick="self.close();">Close Window</a> Having said all of which this is probably a dupe of bug 60938
Updated•21 years ago
|
Keywords: crash,
stackwanted
Whiteboard: TB18255846E
Comment 3•21 years ago
|
||
stacktrace from CVS. the stack is similar to bug 60938, but is a bit different
Comment 4•21 years ago
|
||
regression between linux trunk 2003022605 and 2003022705, perhaps bug 125318 marking NEW ==> DOM 0
Comment 5•21 years ago
|
||
==> DOM 0 for real
Assignee: asa → dom_bugs
Component: Browser-General → DOM Level 0
QA Contact: asa → ashishbhatt
Comment 6•21 years ago
|
||
the basic idea is that an nsWebShell object is being accessed after it has been deleted
Comment 7•21 years ago
|
||
whatever regression I was seeing was probably just a regression in reproducibility. I can get 1.3 (which is what slaton originally reported it with) to crash along with 1.2.1. I've noticed that it is easier to reproduce if you drag over the link to trigger the drag'n'drop, release and then click while the flying-paper-icon is still visible. the stack trace for that is the same as clicking normally.
Comment 8•21 years ago
|
||
Assignee | ||
Comment 9•21 years ago
|
||
Comment 10•21 years ago
|
||
I am unable to reproduce the crash with the patch applied
Comment 11•21 years ago
|
||
*** Bug 198737 has been marked as a duplicate of this bug. ***
Updated•21 years ago
|
OS: Linux → All
Comment 12•21 years ago
|
||
*** Bug 201026 has been marked as a duplicate of this bug. ***
Comment 13•21 years ago
|
||
Tryed to reproduce it, and the window closed properly without crashing mozilla 1.4b - 2003043008 - win XP pro
Comment 14•21 years ago
|
||
This worked fine with the 2003042511/Gtk2 build. Anyone like to mark gthis fixed?
Comment 15•21 years ago
|
||
Something is still going wrong. I'm crashing on the original steps to reprocuce above, using a 20030429 build on WinNT. I'll try again and see if I can get a stack trace -
Comment 16•21 years ago
|
||
NOTE: the crash is intermittent. I'm following the original steps to reproduce given above, over and over again. Eventually, I crash at a "Privileged Instruction". My binary stack trace on WinNT is: 036d32ba() DOCSHELL! 01a21fe2() GKLAYOUT! 011b7ab1() GKLAYOUT! 01202a63() GKLAYOUT! 01304a29() GKLAYOUT! 0112cd97() GKLAYOUT! 0112cc5a() GKLAYOUT! 011f9677() GKLAYOUT! 011f83f7() GKLAYOUT! 0112ce96() GKLAYOUT! 0112ca0c() GKLAYOUT! 0127afa1() GKLAYOUT! 0127cee9() GKLAYOUT! 0127d6fc() GKWIDGET! 014c1eeb() GKWIDGET! 014c589a() GKWIDGET! 014c5c84() GKWIDGET! 014c2455() USER32! 77e7124c() 01a20102()
Comment 17•21 years ago
|
||
My Moz 1.3.1 on Linux Mandrake 9.1 crashes on clicking OK on a popup saying I'm logged in at www.asnbank.nl. (Yez, that is a bank.) It is reproducable allright, just log in at www.asnbank.nl by clicking the lower squirrel that says: "log hier direct in". Provide with any name and 5 digit password. Clicking OK on the popup will crash Mozilla.
Comment 18•20 years ago
|
||
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 Could not crash with any URL listed, nor with the testcase.
Updated•20 years ago
|
Attachment #117815 -
Attachment mime type: text/plain → text/html
Comment 19•20 years ago
|
||
testcase (as html) still crashes for me with linux trunk 2004033007.
Updated•20 years ago
|
Summary: Closing a javascript-created popup window crashes mozilla → Closing a javascript-created popup window crashes mozilla [@ nsWebShell::OnLinkClick ]
Whiteboard: TB18255846E
Attachment #117821 -
Flags: superreview?(jst)
Attachment #117821 -
Flags: review?(jst)
Attachment #117821 -
Flags: superreview?(jst)
Attachment #117821 -
Flags: superreview?(bzbarsky)
Attachment #117821 -
Flags: review?(jst)
Attachment #117821 -
Flags: review?(bzbarsky)
Comment 20•20 years ago
|
||
Comment on attachment 117821 [details] [diff] [review] Would this fix it? Yeah, this seems reasonable....
Attachment #117821 -
Flags: superreview?(bzbarsky)
Attachment #117821 -
Flags: superreview+
Attachment #117821 -
Flags: review?(bzbarsky)
Attachment #117821 -
Flags: review+
Assignee | ||
Updated•20 years ago
|
Attachment #117821 -
Flags: approval1.7.3?
Attachment #117821 -
Flags: approval-aviary?
Comment 21•20 years ago
|
||
Noting blocking-aviary1.0PR1 and blocking-1.7.3. /be
Flags: blocking1.7.3+
Flags: blocking-aviary1.0PR+
Comment 22•20 years ago
|
||
Comment on attachment 117821 [details] [diff] [review] Would this fix it? a=brendan@mozilla.org for aviary1.0PR1 and 1.7.3. /be
Attachment #117821 -
Flags: approval1.7.3?
Attachment #117821 -
Flags: approval1.7.3+
Attachment #117821 -
Flags: approval-aviary?
Attachment #117821 -
Flags: approval-aviary+
Assignee | ||
Comment 23•20 years ago
|
||
Fixed on trunk, aviary and 1.7 branches.
Status: NEW → RESOLVED
Closed: 20 years ago
Keywords: fixed-aviary1.0,
fixed1.7.3
Resolution: --- → FIXED
Comment 24•20 years ago
|
||
This patch regressed clicking links on XSLT generated links, see bug 256514.
Updated•13 years ago
|
Crash Signature: [@ nsWebShell::OnLinkClick ]
You need to log in
before you can comment on or make changes to this bug.
Description
•