crash when backspace is used in textarea in certain conditions

RESOLVED DUPLICATE of bug 175896

Status

()

--
critical
RESOLVED DUPLICATE of bug 175896
16 years ago
16 years ago

People

(Reporter: kj, Unassigned)

Tracking

({crash})

Trunk
x86
All
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(3 attachments)

(Reporter)

Description

16 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1

When a textarea is given the style "overflow: hidden", you can crash the browser
by typing in text goes beyond the bottom of the textarea and then backspacing so
that the cursor should re-appear in the textarea.

In http://www.clarodigital.com.br/ there's a textarea to the right of the page
that reproduces this crash.

Reproducible: Always

Steps to Reproduce:
1. Type text in textarea so that the cursor is not visible.
2. backspace until the cursor should become visible again.
Actual Results:  
Mozilla and Firebird both crash.

Expected Results:  
Not crashed.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"REC-html401-19991224/loose.dtd"><html lang="en">
<head>
<title>Textarea crash.html</title>
</head>

<body>
<form>
    <textarea rows="2" cols="17" style="overflow: hidden">Digite sua mensagem
aqui.</textarea>
    </textarea>
</form>
</body>
</html>

Comment 1

16 years ago
confirming mozilla 2003080504, Windows XP

Comment 2

16 years ago
WFM on Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030728
Mozilla Firebird/0.6.1 and Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.5b) Gecko/20030804

Comment 3

16 years ago
Confirmed crash on Solaris with cvs 20030806. Building a debug
version and will post a stack shortly. Reporter please change OS/hardware
to All/All. 
(Reporter)

Comment 4

16 years ago
Changed OS to 'All' as per request.
OS: Windows 2000 → All

Comment 5

16 years ago
Hmm, restarted the computer and this time it crashed both Mozilla and Firebird,
weird... 

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030804

Comment 6

16 years ago
Try www.vivo-rs.com.br, click on "Não sou cliente vivo" (in the green box) and
repeat the steps... It crashes the browser too... It seems to be a problem with
brazilian Telecom sites... :-)

Comment 7

16 years ago
Created attachment 129279 [details]
Error message

Comment 8

16 years ago
Created attachment 129280 [details]
Debug stack from Solaris

Comment 9

16 years ago
Created attachment 129282 [details]
Slightly different stack from same test case.

Here is a slightly different stack from the same test case.

Comment 10

16 years ago
Note, both stacks do something like

  foo->GetPrimaryFrameFor(theNode, aReturnFrame);

and then try to dereference *aReturnFrame which is NULL.

(gdb) x *aReturnFrame
0x912e60:       0x00000000

Comment 11

16 years ago
dupe of "crash when selecting data overflowing vertically in a textarea having
the overflow = hidden property [@ nsSelection::GetFrameForNodeOffset ]"

stacktrace there is the same as the second one here (at least near the top) and
the textarea in this bug has "overflow: hidden"

*** This bug has been marked as a duplicate of 175896 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 16 years ago
Keywords: crash
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.