Closed Bug 212793 Opened 21 years ago Closed 21 years ago

crash when following link with a file upload box is on the screen with XSLT generated content

Categories

(Core :: XSLT, defect)

x86
Windows 2000
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: KBogert, Assigned: jag+mozilla)

References

Details

(Keywords: crash, fixed1.4.1)

Attachments

(6 files)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624

On a page generated from transforming an XML document into html which includes
the form file upload box <input type="file">  Mozilla freezes after clicking on
a link (anchor) in the page.  Does not do this on normal html pages.  Does it
even when you have not changed the box (or clicked browse).  The box seems to
work fine, pulls up the browse window and lets me select a file, but will freeze
afterward too.

Reproducible: Always

Steps to Reproduce:
1.Create a XML file
2.Create a stylesheet to transform that XML file into an html doc.  Include a
form on it with a file upload input tag and a link to test
3.Open up the XML file and click on the link

Actual Results:  
Total Freeze, except you can close the browser.  Windows 2000 comes up with the
generating an error log window after the browser closes and talkback is
activated.  Unfortunately, I can't send the bug report because I am behind a
proxy server which requires me to login (talkback doesn't give me the option of
setting a username/password for a proxy)

Expected Results:  
Opened the link

I have not tested this compeletely, maybe it is having a problem with the
enctype of the form or something else, but it seems to only happen with a file
upload box.
Attached file simple XML file
A simple XML file for testing
Contains a link and a form with a file upload element
Attachment #127827 - Attachment mime type: text/xml → text/plain
Comment on attachment 127827 [details]
simple XML file

><?xml version="1.0"?>
><?xml-stylesheet type="text/xsl" href="http://bugzilla.mozilla.org/attachment.cgi?id=127828&action=view"?>
><FormTest>
></FormTest>
Attachment #127827 - Attachment mime type: text/plain → text/xml
Attachment #127827 - Attachment mime type: text/xml → text/plain
Comment on attachment 127827 [details]
simple XML file

<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl"
href="http://bugzilla.mozilla.org/attachment.cgi?id=127828&action=view"?>
<FormTest>
</FormTest>
I saved the talkback information for this bug.	It is not a nightly build, but
I have tested this in a nightly build and it does the same thing.  Windows 98
says the fault occurs in gklayout.dll.	Whatever is causing it, it is new to
1.4 because I can't make this happen in 1.3
This was generated with the lastest nightly build of Mozilla Firebird.	It
appears this bug appeared in the release of Mozilla 1.4 (or a release
candidate).  Mozilla Firebird v 0.6 does not have this problem, and it uses
1.4b
This was generated with the lastest nightly build of Mozilla Firebird.	It
appears this bug appeared in the release of Mozilla 1.4 (or a release
candidate).  Mozilla Firebird v 0.6 does not have this problem, and it uses
1.4b
I have identified Mozilla 1.4 rc2 as the first milestone that this bug appears
in.  Next I will try and find the first nightly build...
Moving this to XSLT because this really isn't a form-submission problem
Component: Form Submission → XSLT
this is a regression from bug 203960 by jag, relevant check-in is
http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=nsGenericHTMLElement.cpp&branch=&root=/cvsroot&subdir=mozilla/content/html/content/src&command=DIFF_FRAMESET&rev1=1.408&rev2=1.409

He removed the null check on aHistory when there's no docshell. No idea why
there is none, of course. Over to jag for further traction, triage and component.

The stack trace is:

nsGenericHTMLElement::GetLayoutHistoryAndKey(nsIHTMLContent * 0x03a5f820,
nsILayoutHistoryState * * 0x0069ec50, nsACString & {...}) line 2723 + 10 bytes
nsGenericHTMLElement::GetPrimaryPresState(nsIHTMLContent * 0x03a5f820,
nsIPresState * * 0x0069ed58) line 2669 + 37 bytes
nsHTMLInputElement::SaveState(nsHTMLInputElement * const 0x03a5f840) line 2505 +
39 bytes
nsGenericHTMLLeafFormElement::SetDocument(nsGenericHTMLLeafFormElement * const
0x03a5f820, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 4327
nsHTMLInputElement::SetDocument(nsHTMLInputElement * const 0x03a5f820,
nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1784 + 21 bytes
nsBindingManager::ChangeDocumentFor(nsBindingManager * const 0x03a44058,
nsIContent * 0x03a4e2d4, nsIDocument * 0x03a43bc8, nsIDocument * 0x00000000)
line 610
nsGenericElement::SetDocument(nsGenericElement * const 0x03a4e2d4, nsIDocument *
0x00000000, int 0x00000001, int 0x00000001) line 1767
nsGenericHTMLElement::SetDocument(nsGenericHTMLElement * const 0x03a4e2d4,
nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1333 + 21 bytes
nsGenericHTMLLeafFormElement::SetDocument(nsGenericHTMLLeafFormElement * const
0x03a4e2d4, nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 4347
+ 21 bytes
nsHTMLInputElement::SetDocument(nsHTMLInputElement * const 0x03a4e2d4,
nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1784 + 21 bytes
nsGenericElement::SetDocumentInChildrenOf(nsIContent * 0x03a4db64, nsIDocument *
0x00000000, int 0x00000001) line 1745
nsGenericElement::SetDocument(nsGenericElement * const 0x03a4db64, nsIDocument *
0x00000000, int 0x00000001, int 0x00000001) line 1806 + 17 bytes
nsGenericHTMLElement::SetDocument(nsGenericHTMLElement * const 0x03a4db64,
nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1333 + 21 bytes
nsHTMLFormElement::SetDocument(nsHTMLFormElement * const 0x03a4db64, nsIDocument
* 0x00000000, int 0x00000001, int 0x00000001) line 676 + 21 bytes
nsGenericElement::SetDocumentInChildrenOf(nsIContent * 0x03a4d99c, nsIDocument *
0x00000000, int 0x00000001) line 1745
nsGenericElement::SetDocument(nsGenericElement * const 0x03a4d99c, nsIDocument *
0x00000000, int 0x00000001, int 0x00000001) line 1806 + 17 bytes
nsGenericHTMLElement::SetDocument(nsGenericHTMLElement * const 0x03a4d99c,
nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1333 + 21 bytes
nsHTMLBodyElement::SetDocument(nsHTMLBodyElement * const 0x03a4d99c, nsIDocument
* 0x00000000, int 0x00000001, int 0x00000001) line 523
nsGenericElement::SetDocumentInChildrenOf(nsIContent * 0x03a4d514, nsIDocument *
0x00000000, int 0x00000001) line 1745
nsGenericElement::SetDocument(nsGenericElement * const 0x03a4d514, nsIDocument *
0x00000000, int 0x00000001, int 0x00000001) line 1806 + 17 bytes
nsGenericHTMLElement::SetDocument(nsGenericHTMLElement * const 0x03a4d514,
nsIDocument * 0x00000000, int 0x00000001, int 0x00000001) line 1333 + 21 bytes
nsDocument::SetScriptGlobalObject(nsDocument * const 0x03a43bc8,
nsIScriptGlobalObject * 0x00000000) line 1756
DocumentViewerImpl::Close(DocumentViewerImpl * const 0x039cfb98) line 1052
nsDocShell::SetupNewViewer(nsDocShell * const 0x035c44b8, nsIContentViewer *
0x039151ac) line 4795
nsDocShell::Embed(nsDocShell * const 0x035c44dc, nsIContentViewer * 0x039151ac,
const char * 0x02b5c964, nsISupports * 0x00000000) line 4135 + 23 bytes
nsDocShell::CreateContentViewer(nsDocShell * const 0x035c44b8, const char *
0x0069f810, nsIRequest * 0x0370262c, nsIStreamListener * * 0x0069f7d8) line 4547
+ 32 bytes
nsDSURIContentListener::DoContent(nsDSURIContentListener * const 0x01b1e30c,
const char * 0x0069f810, int 0x00000001, nsIRequest * 0x0370262c,
nsIStreamListener * * 0x0069f7d8, int * 0x0069f738) line 109 + 33 bytes
nsDocumentOpenInfo::DispatchContent(nsIRequest * 0x0370262c, nsISupports *
0x00000000) line 411 + 90 bytes
nsDocumentOpenInfo::OnStartRequest(nsDocumentOpenInfo * const 0x036997fc,
nsIRequest * 0x0370262c, nsISupports * 0x00000000) line 227 + 16 bytes
nsHttpChannel::CallOnStartRequest() line 620 + 60 bytes
nsHttpChannel::OnStartRequest(nsHttpChannel * const 0x03702634, nsIRequest *
0x03afcea4, nsISupports * 0x00000000) line 3186
nsInputStreamPump::OnStateStart() line 362 + 42 bytes
nsInputStreamPump::OnInputStreamReady(nsInputStreamPump * const 0x03afcea8,
nsIAsyncInputStream * 0x03a01da0) line 318 + 11 bytes
nsInputStreamReadyEvent::EventHandler(PLEvent * 0x03a2bde8) line 117
PL_HandleEvent(PLEvent * 0x03a2bde8) line 671 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x008dbab8) line 606 + 9 bytes
_md_TimerProc(HWND__ * 0x00000a40, unsigned int 0x00000113, unsigned int
0x00000000, unsigned long 0x01488b32) line 977 + 9 bytes
KERNEL32! bff62317()
_md_TimerProc(HWND__ * 0x0fe01007, unsigned int 0x000008bf, unsigned int
0x01488b32, unsigned long 0x01130000) line 970
45600003()
Assignee: form-submission → jaggernaut
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attachment #127827 - Attachment mime type: text/plain → text/xml
adjusting topic, note, nothing of the data is talkback, AFAICT. it's just windows
crash data.
Keywords: crash
Summary: freeze when a file upload box is on the screen when generated with XSLT → crash when following link with a file upload box is on the screen with XSLT generated content
*** Bug 215049 has been marked as a duplicate of this bug. ***
Attachment #129306 - Flags: superreview?(jst)
Attachment #129306 - Flags: review?(axel)
Comment on attachment 129306 [details] [diff] [review]
That should of course be outside the docshell check.

no idea why we end up without a container. But this is how it used to work,
let's land this wallpaper, hopefully for 1.5
Attachment #129306 - Flags: review?(axel) → review+
*** Bug 215314 has been marked as a duplicate of this bug. ***
Comment on attachment 129306 [details] [diff] [review]
That should of course be outside the docshell check.

sr=jst
Attachment #129306 - Flags: superreview?(jst) → superreview+
Comment on attachment 129306 [details] [diff] [review]
That should of course be outside the docshell check.

The offending code is on the 1.4.x branch, too, let's fix it there as well. And
we shouldn't ship another crash happy bitch, please lets get this landed on the
frozen trunk, too.
Attachment #129306 - Flags: approval1.5b?
Attachment #129306 - Flags: approval1.4.x?
Comment on attachment 129306 [details] [diff] [review]
That should of course be outside the docshell check.

approved for 1.4.x and 1.5b  ..  get it landed as soon as possible... thanks
Attachment #129306 - Flags: approval1.5b?
Attachment #129306 - Flags: approval1.5b+
Attachment #129306 - Flags: approval1.4.x?
Attachment #129306 - Flags: approval1.4.x+
Confirmed with latest Mozilla nightly (2003080804).  No trace of this bug. 
Thank you all.  I will try with 1.4.1 when it is released.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
checked in on the branch, too
Keywords: fixed1.4.1
*** Bug 216571 has been marked as a duplicate of this bug. ***
*** Bug 216660 has been marked as a duplicate of this bug. ***
Blocks: 224532
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: