User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1 When a textarea is given the style "overflow: hidden", you can crash the browser by typing in text goes beyond the bottom of the textarea and then backspacing so that the cursor should re-appear in the textarea. In http://www.clarodigital.com.br/ there's a textarea to the right of the page that reproduces this crash. Reproducible: Always Steps to Reproduce: 1. Type text in textarea so that the cursor is not visible. 2. backspace until the cursor should become visible again. Actual Results: Mozilla and Firebird both crash. Expected Results: Not crashed. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "REC-html401-19991224/loose.dtd"><html lang="en"> <head> <title>Textarea crash.html</title> </head> <body> <form> <textarea rows="2" cols="17" style="overflow: hidden">Digite sua mensagem aqui.</textarea> </textarea> </form> </body> </html>
confirming mozilla 2003080504, Windows XP
WFM on Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1 and Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030804
Confirmed crash on Solaris with cvs 20030806. Building a debug version and will post a stack shortly. Reporter please change OS/hardware to All/All.
Changed OS to 'All' as per request.
OS: Windows 2000 → All
Hmm, restarted the computer and this time it crashed both Mozilla and Firebird, weird... Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030804
Try www.vivo-rs.com.br, click on "Não sou cliente vivo" (in the green box) and repeat the steps... It crashes the browser too... It seems to be a problem with brazilian Telecom sites... :-)
Created attachment 129282 [details] Slightly different stack from same test case. Here is a slightly different stack from the same test case.
Note, both stacks do something like foo->GetPrimaryFrameFor(theNode, aReturnFrame); and then try to dereference *aReturnFrame which is NULL. (gdb) x *aReturnFrame 0x912e60: 0x00000000
dupe of "crash when selecting data overflowing vertically in a textarea having the overflow = hidden property [@ nsSelection::GetFrameForNodeOffset ]" stacktrace there is the same as the second one here (at least near the top) and the textarea in this bug has "overflow: hidden" *** This bug has been marked as a duplicate of 175896 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.