Closed Bug 198849 Opened 21 years ago Closed 12 years ago

Bad Focus/Focus/Blur caused infinite recursion (stack overflow) perhaps nsEventStateManager::SendFocusBlur

Tracking

()

Status:

RESOLVED WORKSFORME

People

(Reporter: timeless, Unassigned)

References

Details

(Keywords: crash)

Attachments

(1 file)

Reproduces 198849 in Mozilla 1.6b 21 years ago Richard Barnett 315 bytes, text/html		Details

timeless

Reporter

Description

•

21 years ago

version: Smontagu's 8bit 1.3branch build


Infinite recursion in XBL Event Land:




The top of the stack is special:


js_EmitTree(JSContext * 0x08b1e3a0, JSCodeGenerator * 0x00034168, JSParseNode * 
0x149998e8) line 1956 + 9 bytes


EmitPropOp(JSContext * 0x08b1e3a0, JSParseNode * 0x14999918, int 53, 
JSCodeGenerator * 0x00034168) line 1747 + 10 bytes


js_EmitTree(JSContext * 0x08b1e3a0, JSCodeGenerator * 0x00000000, JSParseNode * 
0x14999918) line 3734


js_EmitTree(JSContext * 0x08b1e3a0, JSCodeGenerator * 0x14999918, JSParseNode * 
0x0a2dc018) line 3754 + 11 bytes


js_EmitTree(JSContext * 0x08b1e3a0, JSCodeGenerator * 0x0a2dc018, JSParseNode * 
0x0a2dc078) line 3324 + 10 bytes


Statements(JSContext * 0x00000003, JSTokenStream * 0x0a2dc078, JSTreeContext * 
0x00034168) line 919 + 42 bytes


FunctionBody(JSContext * 0x00000001, JSTokenStream * 0x14999570, JSFunction * 
0x14ca3968, JSTreeContext * 0x00034168) line 559 + 21 bytes


js_CompileFunctionBody(JSContext * 0x13b03d00, JSTokenStream * 0x0003547c, 
JSFunction * 0x14ca3968) line 606 + 15 bytes


JS_CompileUCFunctionForPrincipals(JSContext * 0x07064268, JSObject * 0x12c51da0, 
JSPrincipals * 0x14999570, const char * 0x14ca3968, unsigned int 1, const char * 
* 0x01a06208, const unsigned short * 0x0333ba90, unsigned int 68, const char * 
0x00000000, unsigned int 0) line 3190 + 12 bytes


nsJSContext::CompileEventHandler(nsJSContext * const 0x00e3f798, void * 
0x12c51da0, nsIAtom * 0x14ca3940 {"onxblblur"}, const nsAString & {...}, int 1, 
void * * 0x00034670) line 933 + 62 bytes


nsXBLPrototypeHandler::ExecuteHandler(nsXBLPrototypeHandler * const 0x0333ba90, 
nsIDOMEventReceiver * 0x0b7b3510, nsIDOMEvent * 0x14ca39b0) line 438


nsXBLFocusHandler::Blur(nsXBLFocusHandler * const 0x01d31088 {"blur"}, 
nsIDOMEvent * 0x14ca39b0) line 118


nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x14db08f0, 
nsIPresContext * 0x00000001, nsEvent * 0x00035058, nsIDOMEvent * * 0x14d6a7b0, 
nsIDOMEventTarget * 0x14ca3a10, unsigned int 4, nsEventStatus * 0x00035090) line 
1717


nsXULElement::HandleDOMEvent(nsXULElement * const 0x092d8500, nsIPresContext * 
0x07079530, nsEvent * 0x00035058, nsIDOMEvent * * 0x00034da0, unsigned int 4, 
nsEventStatus * 0x00035090) line 3349


nsXULElement::HandleDOMEvent(nsXULElement * const 0x15971820, nsIPresContext * 
0x07079530, nsEvent * 0x00035058, nsIDOMEvent * * 0x00034da0, unsigned int 4, 
nsEventStatus * 0x00035090) line 3329


nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x10341830, 
nsIPresContext * 0x07079530, nsEvent * 0x14f91be8, nsIDOMEvent * * 0x00034da0, 
unsigned int 7, nsEventStatus * 0x00035090) line 1882


nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x14eaaac8, 
nsIPresContext * 0x07079530, nsEvent * 0x00035058, nsIDOMEvent * * 0x00000000, 
unsigned int 1, nsEventStatus * 0x00035090) line 1456


nsEventStateManager::SendFocusBlur(nsEventStateManager * const 0x00000000, 
nsIPresContext * 0x09b20980, nsIContent * 0x0b28e470, int 1) line 4125


nsEventStateManager::SetContentState(nsEventStateManager * const 0x0a9ff568, 
nsIContent * 0x0b28e470, int 2) line 3920


nsHTMLInputElement::SetFocus(nsHTMLInputElement * const 0x14cd32d0, 
nsIPresContext * 0x14901268) line 1083


nsGenericHTMLElement::SetElementFocus(nsGenericHTMLElement * const 0x00000000, 
int 1) line 4378


nsHTMLInputElement::Focus(nsHTMLInputElement * const 0x0b28e494) line 1042


XPTC_InvokeByIndex(nsISupports * 0x0b28e494, unsigned int 90, unsigned int 0, 
nsXPTCVariant * 0x00035248) line 102


XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode 
326724776) line 2023 + 22 bytes


XPC_WN_CallMethod(JSContext * 0x08b1e3a0, JSObject * 0x13796ca8, unsigned int 0, 
long * 0x027c8864, long * 0x027c8558) line 1292 + 10 bytes




I believe a frame looks like:


XPC_WN_CallMethod(JSContext * 0x08b1e3a0, JSObject * 0x13796ca8, unsigned int 0, 
long * 0x027c8864, long * 0x027c8558) line 1292 + 10 bytes


js_Invoke(JSContext * 0x00000001, unsigned int 0, unsigned int 0) line 843 + 17 
bytes


js_Interpret(JSContext * 0x08b1e3a0, long * 0x00036ce8) line 2812


js_Invoke(JSContext * 0x00000001, unsigned int 1, unsigned int 2) line 860 + 10 
bytes


js_InternalInvoke(JSContext * 0x14b61b80, JSObject * 0x12c51da0, long 330316600, 
unsigned int 0, unsigned int 1, long * 0x00036ed0, long * 0x00036e04) line 935 + 
13 bytes


JS_CallFunctionValue(JSContext * 0x08b1e3a0, JSObject * 0x12c51da0, long 
330316600, unsigned int 1, long * 0x00036ed0, long * 0x00036e04) line 3431 + 26 
bytes


nsJSContext::CallEventHandler(nsJSContext * const 0x00e187f0, void * 0x12c51da0, 
void * 0x13b03b38, unsigned int 1, void * 0x00036ed0, int * 0x00036ecc, int 0) 
line 1040 + 25 bytes


nsJSEventListener::HandleEvent(nsJSEventListener * const 0x08b1e3a0, nsIDOMEvent 
* 0x0c0b5110) line 181 + 30 bytes


nsXBLPrototypeHandler::ExecuteHandler(nsXBLPrototypeHandler * const 0x03099068, 
nsIDOMEventReceiver * 0x15b77da0, nsIDOMEvent * 0x0c0b5110) line 455


nsXBLFocusHandler::Focus(nsXBLFocusHandler * const 0x00e4c5f8 {"focus"}, 
nsIDOMEvent * 0x0c0b5110) line 102


nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x14db08f0, 
nsIPresContext * 0x00000000, nsEvent * 0x00037c38, nsIDOMEvent * * 0x151aaa60, 
nsIDOMEventTarget * 0x14f5bcf8, unsigned int 4, nsEventStatus * 0x00037cc8) line 
1722


nsXULElement::HandleDOMEvent(nsXULElement * const 0x092d8500, nsIPresContext * 
0x07079530, nsEvent * 0x00037c38, nsIDOMEvent * * 0x00037980, unsigned int 4, 
nsEventStatus * 0x00037cc8) line 3349


nsXULElement::HandleDOMEvent(nsXULElement * const 0x15971820, nsIPresContext * 
0x07079530, nsEvent * 0x00037c38, nsIDOMEvent * * 0x00037980, unsigned int 4, 
nsEventStatus * 0x00037cc8) line 3329


nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x10341830, 
nsIPresContext * 0x07079530, nsEvent * 0x14f91be8, nsIDOMEvent * * 0x00037980, 
unsigned int 7, nsEventStatus * 0x00037cc8) line 1882


nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x14eaaac8, 
nsIPresContext * 0x07079530, nsEvent * 0x00037c38, nsIDOMEvent * * 0x00000000, 
unsigned int 1, nsEventStatus * 0x00037cc8) line 1456


nsEventStateManager::SendFocusBlur(nsEventStateManager * const 0x00000000, 
nsIPresContext * 0x00000000, nsIContent * 0x00000000, int 1) line 4227


nsEventStateManager::SetContentState(nsEventStateManager * const 0x0a9ff568, 
nsIContent * 0x0b28e470, int 2) line 3920


nsHTMLInputElement::SetFocus(nsHTMLInputElement * const 0x14cd32d0, 
nsIPresContext * 0x14901268) line 1083


nsGenericHTMLElement::SetElementFocus(nsGenericHTMLElement * const 0x00000000, 
int 1) line 4378


nsHTMLInputElement::Focus(nsHTMLInputElement * const 0x0b28e494) line 1042


XPTC_InvokeByIndex(nsISupports * 0x0b28e494, unsigned int 90, unsigned int 0, 
nsXPTCVariant * 0x00037e28) line 102


XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode 
326724776) line 2023 + 22 bytes


XPC_WN_CallMethod(JSContext * 0x08b1e3a0, JSObject * 0x13796ca8, unsigned int 0, 
long * 0x027c8864, long * 0x027c8558) line 1292 + 10 bytes




I was in Mozilla Composer editing a table (submitted by gisburn for the solaris 
release note section, which i had totally rearranged), i /might/ have opened a 
table property dialog or link property dialog. I'm going to keep this alive for 
a bit.

Gilles Durys

Comment 1

•

21 years ago

*** Bug 198848 has been marked as a duplicate of this bug. ***

saari (gone)

Comment 2

•

21 years ago

->bryner

Assignee: saari → bryner

Richard Barnett

Comment 3

•

21 years ago

Attached file Reproduces 198849 in Mozilla 1.6b — Details

Richard Barnett

Comment 4

•

21 years ago

Hit this in 1.6b (Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.6b)
Gecko/20031208) on the "checkout" page for <www.skywest.com.au>.  

Attachment 139465 [details] reproduces this (tab from first input to the one saying
"Adult") in 1.6b but not in 1.5rc2.

Mats Palmgren (inactive)

Comment 5

•

20 years ago

WFM (no crash), Mozilla 2004-12-16-05 trunk Linux.

Brian Ryner (not reading)

Updated

•

18 years ago

Assignee: bryner → events

QA Contact: desale → ian

Version: Other Branch → Trunk

Phil Ringnalda (:philor)

Updated

•

15 years ago

Assignee: events → nobody

QA Contact: ian → events

Robert Kaiser

Comment 6

•

12 years ago

Based on comment #5 and me also not hitting this with attachment 139465 [details] on current Nightly, let's make this WFM.

Status: NEW → RESOLVED

Closed: 12 years ago

Resolution: --- → WORKSFORME

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Bad Focus/Focus/Blur caused infinite recursion (stack overflow) perhaps nsEventStateManager::SendFocusBlur

Categories

(Core :: DOM: Events, defect)

Tracking

()

People

(Reporter: timeless, Unassigned)

References

Details

(Keywords: crash)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Comment 3

Comment 4

Comment 5

Updated

Updated

Comment 6

Attachment

General

Description

File Name

Content Type