Closed
Bug 202726
Opened 21 years ago
Closed 21 years ago
crash if a special style is given to a textarea field [@ nsSelection::GetFrameForNodeOffset ]
Categories
(Core :: Layout: Form Controls, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 175896
People
(Reporter: dominik.dresel, Unassigned)
Details
(Keywords: crash, testcase)
Crash Data
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312 The appended page will make Mozilla to crash, if you type in more than 5 returns. --- snip html-code --- <html> <head> <title>Demonstrates overflow:hidden-textarea-error in Mozilla</title> <style> <!-- textarea { overflow:hidden; } --> </style> </head> <body> Demonstration of this error: <br> Click on the textarea-field an press your return-key 5 times. <br> The cursor will go out of the textarea and the browser will crash. <br> (overflow:hidden;) <br> Affected versions of Mozilla: 1.3 (stable) and perhaps more... <br> <textarea name="post" rows="3" cols="10"></textarea> </body> </html> --- snip --- Reproducible: Always Steps to Reproduce: 1. Click into textarea-field 2. Press return 5 times Actual Results: Crash of Mozilla (process was killed) Expected Results: Mozilla should show a scrollbar on the right side of the textarea instead. It does so, if the style "overflow:hidden;" is not given. My theme was "Modern"
Comment 1•21 years ago
|
||
crashing build 20030420 (CVS) on Linux: ###!!! ASSERTION: frame was not removed from primary frame map before destruction or was readded to map after being removed: '!PL_DHASH_ENTRY_IS_BUSY(entry) || entry->frame != aFrame', file nsFrameManager.cpp, line 1048 Break: at file nsFrameManager.cpp, line 1048 ###!!! ASSERTION: existing overflow list: 'rv != NS_IFRAME_MGR_PROP_OVERWRITTEN', file nsBlockFrame.cpp, line 4686 Break: at file nsBlockFrame.cpp, line 4686 Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1024 (LWP 6004)] 0x40f78b5e in nsSelection::GetFrameForNodeOffset (this=0x872a310, aNode=0x8248d68, aOffset=5, aHint=HINTRIGHT, aReturnFrame=0xbfffda60, aReturnOffset=0xbfffda64) at nsSelection.cpp:3080 3080 result = (*aReturnFrame)->GetChildFrameContainingOffset(*aReturnOffset, aHint, &aOffset, aReturnFrame); [...] *** This bug has been marked as a duplicate of 175896 ***
Updated•13 years ago
|
Crash Signature: [@ nsSelection::GetFrameForNodeOffset ]
You need to log in
before you can comment on or make changes to this bug.
Description
•