Closed
Bug 212793
Opened 21 years ago
Closed 21 years ago
crash when following link with a file upload box is on the screen with XSLT generated content
Categories
(Core :: XSLT, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: KBogert, Assigned: jag+mozilla)
References
Details
(Keywords: crash, fixed1.4.1)
Attachments
(6 files)
101 bytes,
text/xml
|
Details | |
412 bytes,
text/xml
|
Details | |
160.05 KB,
text/plain
|
Details | |
41.71 KB,
text/plain
|
Details | |
41.71 KB,
application/zip
|
Details | |
673 bytes,
patch
|
axel
:
review+
jst
:
superreview+
chofmann
:
approval1.4.1+
chofmann
:
approval1.5b+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 On a page generated from transforming an XML document into html which includes the form file upload box <input type="file"> Mozilla freezes after clicking on a link (anchor) in the page. Does not do this on normal html pages. Does it even when you have not changed the box (or clicked browse). The box seems to work fine, pulls up the browse window and lets me select a file, but will freeze afterward too. Reproducible: Always Steps to Reproduce: 1.Create a XML file 2.Create a stylesheet to transform that XML file into an html doc. Include a form on it with a file upload input tag and a link to test 3.Open up the XML file and click on the link Actual Results: Total Freeze, except you can close the browser. Windows 2000 comes up with the generating an error log window after the browser closes and talkback is activated. Unfortunately, I can't send the bug report because I am behind a proxy server which requires me to login (talkback doesn't give me the option of setting a username/password for a proxy) Expected Results: Opened the link I have not tested this compeletely, maybe it is having a problem with the enctype of the form or something else, but it seems to only happen with a file upload box.
Reporter | ||
Comment 1•21 years ago
|
||
A simple XML file for testing
Reporter | ||
Comment 2•21 years ago
|
||
Contains a link and a form with a file upload element
Reporter | ||
Updated•21 years ago
|
Attachment #127827 -
Attachment mime type: text/xml → text/plain
Reporter | ||
Comment 3•21 years ago
|
||
Comment on attachment 127827 [details] simple XML file ><?xml version="1.0"?> ><?xml-stylesheet type="text/xsl" href="http://bugzilla.mozilla.org/attachment.cgi?id=127828&action=view"?> ><FormTest> ></FormTest>
Attachment #127827 -
Attachment mime type: text/plain → text/xml
Reporter | ||
Updated•21 years ago
|
Attachment #127827 -
Attachment mime type: text/xml → text/plain
Reporter | ||
Comment 4•21 years ago
|
||
Comment on attachment 127827 [details] simple XML file <?xml version="1.0"?> <?xml-stylesheet type="text/xsl" href="http://bugzilla.mozilla.org/attachment.cgi?id=127828&action=view"?> <FormTest> </FormTest>
Reporter | ||
Comment 5•21 years ago
|
||
I saved the talkback information for this bug. It is not a nightly build, but I have tested this in a nightly build and it does the same thing. Windows 98 says the fault occurs in gklayout.dll. Whatever is causing it, it is new to 1.4 because I can't make this happen in 1.3
Reporter | ||
Comment 6•21 years ago
|
||
This was generated with the lastest nightly build of Mozilla Firebird. It appears this bug appeared in the release of Mozilla 1.4 (or a release candidate). Mozilla Firebird v 0.6 does not have this problem, and it uses 1.4b
Reporter | ||
Comment 7•21 years ago
|
||
This was generated with the lastest nightly build of Mozilla Firebird. It appears this bug appeared in the release of Mozilla 1.4 (or a release candidate). Mozilla Firebird v 0.6 does not have this problem, and it uses 1.4b
Reporter | ||
Comment 8•21 years ago
|
||
I have identified Mozilla 1.4 rc2 as the first milestone that this bug appears in. Next I will try and find the first nightly build...
Reporter | ||
Comment 9•21 years ago
|
||
Moving this to XSLT because this really isn't a form-submission problem
Component: Form Submission → XSLT
Comment 10•21 years ago
|
||
this is a regression from bug 203960 by jag, relevant check-in is http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=nsGenericHTMLElement.cpp&branch=&root=/cvsroot&subdir=mozilla/content/html/content/src&command=DIFF_FRAMESET&rev1=1.408&rev2=1.409 He removed the null check on aHistory when there's no docshell. No idea why there is none, of course. Over to jag for further traction, triage and component. The stack trace is: nsGenericHTMLElement::GetLayoutHistoryAndKey(nsIHTMLContent * 0x03a5f820, nsILayoutHistoryState * * 0x0069ec50, nsACString & {...}) line 2723 + 10 bytes nsGenericHTMLElement::GetPrimaryPresState(nsIHTMLContent * 0x03a5f820, nsIPresState * * 0x0069ed58) line 2669 + 37 bytes nsHTMLInputElement::SaveState(nsHTMLInputElement * const 0x03a5f840) line 2505 + 39 bytes nsGenericHTMLLeafFormElement::SetDocument(nsGenericHTMLLeafFormElement * const 0x03a5f820, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 4327 nsHTMLInputElement::SetDocument(nsHTMLInputElement * const 0x03a5f820, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1784 + 21 bytes nsBindingManager::ChangeDocumentFor(nsBindingManager * const 0x03a44058, nsIContent * 0x03a4e2d4, nsIDocument * 0x03a43bc8, nsIDocument * 0x00000000) line 610 nsGenericElement::SetDocument(nsGenericElement * const 0x03a4e2d4, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1767 nsGenericHTMLElement::SetDocument(nsGenericHTMLElement * const 0x03a4e2d4, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1333 + 21 bytes nsGenericHTMLLeafFormElement::SetDocument(nsGenericHTMLLeafFormElement * const 0x03a4e2d4, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 4347 + 21 bytes nsHTMLInputElement::SetDocument(nsHTMLInputElement * const 0x03a4e2d4, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1784 + 21 bytes nsGenericElement::SetDocumentInChildrenOf(nsIContent * 0x03a4db64, nsIDocument * 0x00000000, int 0x00000001) line 1745 nsGenericElement::SetDocument(nsGenericElement * const 0x03a4db64, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1806 + 17 bytes nsGenericHTMLElement::SetDocument(nsGenericHTMLElement * const 0x03a4db64, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1333 + 21 bytes nsHTMLFormElement::SetDocument(nsHTMLFormElement * const 0x03a4db64, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 676 + 21 bytes nsGenericElement::SetDocumentInChildrenOf(nsIContent * 0x03a4d99c, nsIDocument * 0x00000000, int 0x00000001) line 1745 nsGenericElement::SetDocument(nsGenericElement * const 0x03a4d99c, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1806 + 17 bytes nsGenericHTMLElement::SetDocument(nsGenericHTMLElement * const 0x03a4d99c, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1333 + 21 bytes nsHTMLBodyElement::SetDocument(nsHTMLBodyElement * const 0x03a4d99c, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 523 nsGenericElement::SetDocumentInChildrenOf(nsIContent * 0x03a4d514, nsIDocument * 0x00000000, int 0x00000001) line 1745 nsGenericElement::SetDocument(nsGenericElement * const 0x03a4d514, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1806 + 17 bytes nsGenericHTMLElement::SetDocument(nsGenericHTMLElement * const 0x03a4d514, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1333 + 21 bytes nsDocument::SetScriptGlobalObject(nsDocument * const 0x03a43bc8, nsIScriptGlobalObject * 0x00000000) line 1756 DocumentViewerImpl::Close(DocumentViewerImpl * const 0x039cfb98) line 1052 nsDocShell::SetupNewViewer(nsDocShell * const 0x035c44b8, nsIContentViewer * 0x039151ac) line 4795 nsDocShell::Embed(nsDocShell * const 0x035c44dc, nsIContentViewer * 0x039151ac, const char * 0x02b5c964, nsISupports * 0x00000000) line 4135 + 23 bytes nsDocShell::CreateContentViewer(nsDocShell * const 0x035c44b8, const char * 0x0069f810, nsIRequest * 0x0370262c, nsIStreamListener * * 0x0069f7d8) line 4547 + 32 bytes nsDSURIContentListener::DoContent(nsDSURIContentListener * const 0x01b1e30c, const char * 0x0069f810, int 0x00000001, nsIRequest * 0x0370262c, nsIStreamListener * * 0x0069f7d8, int * 0x0069f738) line 109 + 33 bytes nsDocumentOpenInfo::DispatchContent(nsIRequest * 0x0370262c, nsISupports * 0x00000000) line 411 + 90 bytes nsDocumentOpenInfo::OnStartRequest(nsDocumentOpenInfo * const 0x036997fc, nsIRequest * 0x0370262c, nsISupports * 0x00000000) line 227 + 16 bytes nsHttpChannel::CallOnStartRequest() line 620 + 60 bytes nsHttpChannel::OnStartRequest(nsHttpChannel * const 0x03702634, nsIRequest * 0x03afcea4, nsISupports * 0x00000000) line 3186 nsInputStreamPump::OnStateStart() line 362 + 42 bytes nsInputStreamPump::OnInputStreamReady(nsInputStreamPump * const 0x03afcea8, nsIAsyncInputStream * 0x03a01da0) line 318 + 11 bytes nsInputStreamReadyEvent::EventHandler(PLEvent * 0x03a2bde8) line 117 PL_HandleEvent(PLEvent * 0x03a2bde8) line 671 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x008dbab8) line 606 + 9 bytes _md_TimerProc(HWND__ * 0x00000a40, unsigned int 0x00000113, unsigned int 0x00000000, unsigned long 0x01488b32) line 977 + 9 bytes KERNEL32! bff62317() _md_TimerProc(HWND__ * 0x0fe01007, unsigned int 0x000008bf, unsigned int 0x01488b32, unsigned long 0x01130000) line 970 45600003()
Assignee: form-submission → jaggernaut
Status: UNCONFIRMED → NEW
Ever confirmed: true
Updated•21 years ago
|
Attachment #127827 -
Attachment mime type: text/plain → text/xml
Comment 11•21 years ago
|
||
adjusting topic, note, nothing of the data is talkback, AFAICT. it's just windows crash data.
Keywords: crash
Summary: freeze when a file upload box is on the screen when generated with XSLT → crash when following link with a file upload box is on the screen with XSLT generated content
Comment 12•21 years ago
|
||
*** Bug 215049 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 13•21 years ago
|
||
Assignee | ||
Updated•21 years ago
|
Attachment #129306 -
Flags: superreview?(jst)
Attachment #129306 -
Flags: review?(axel)
Comment 14•21 years ago
|
||
Comment on attachment 129306 [details] [diff] [review] That should of course be outside the docshell check. no idea why we end up without a container. But this is how it used to work, let's land this wallpaper, hopefully for 1.5
Attachment #129306 -
Flags: review?(axel) → review+
Comment 15•21 years ago
|
||
*** Bug 215314 has been marked as a duplicate of this bug. ***
Comment 16•21 years ago
|
||
Comment on attachment 129306 [details] [diff] [review] That should of course be outside the docshell check. sr=jst
Attachment #129306 -
Flags: superreview?(jst) → superreview+
Comment 17•21 years ago
|
||
Comment on attachment 129306 [details] [diff] [review] That should of course be outside the docshell check. The offending code is on the 1.4.x branch, too, let's fix it there as well. And we shouldn't ship another crash happy bitch, please lets get this landed on the frozen trunk, too.
Attachment #129306 -
Flags: approval1.5b?
Attachment #129306 -
Flags: approval1.4.x?
Comment 18•21 years ago
|
||
Comment on attachment 129306 [details] [diff] [review] That should of course be outside the docshell check. approved for 1.4.x and 1.5b .. get it landed as soon as possible... thanks
Attachment #129306 -
Flags: approval1.5b?
Attachment #129306 -
Flags: approval1.5b+
Attachment #129306 -
Flags: approval1.4.x?
Attachment #129306 -
Flags: approval1.4.x+
Reporter | ||
Comment 19•21 years ago
|
||
Confirmed with latest Mozilla nightly (2003080804). No trace of this bug. Thank you all. I will try with 1.4.1 when it is released.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Comment 21•21 years ago
|
||
*** Bug 216571 has been marked as a duplicate of this bug. ***
Comment 22•21 years ago
|
||
*** Bug 216660 has been marked as a duplicate of this bug. ***
You need to log in
before you can comment on or make changes to this bug.
Description
•