Closed Bug 21877 Opened 25 years ago Closed 25 years ago

[Crash] event handler derefs released object

Categories

(Core :: DOM: UI Events & Focus Handling, defect, P3)

Product:
Core
Component:
DOM: UI Events & Focus Handling
Platform:
x86
Other
Type:
defect

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: selmer, Assigned: joki)

References

Details

(Keywords: crash) 

12/14 build.

I don't have the URL of the page, but I clicked on a link and did a download and
then clicked on another link to download a zip file and ended up here.  At this
point in the trace, mParent appears to have been released but we're trying to
dereference it.

nsGenericElement::HandleDOMEvent(nsIPresContext * 0x0335dc20, nsEvent *
0x0012f518, nsIDOMEvent * * 0x0012f1cc, unsigned int 1, nsEventStatus *
0x0012f538) line 774 + 33 bytes
nsHTMLButtonElement::HandleDOMEvent(nsHTMLButtonElement * const 0x033063bc,
nsIPresContext * 0x0335dc20, nsEvent * 0x0012f518, nsIDOMEvent * * 0x00000000,
unsigned int 1, nsEventStatus * 0x0012f538) line 428 + 31 bytes
nsEventStateManager::SendFocusBlur(nsEventStateManager * const 0x0312a050,
nsIPresContext * 0x0335dc20, nsIContent * 0x033dd4bc) line 1938
nsEventStateManager::SetContentState(nsEventStateManager * const 0x0312a050,
nsIContent * 0x033dd4bc, int 3) line 1820
nsHTMLAnchorElement::HandleDOMEvent(nsHTMLAnchorElement * const 0x033dd4bc,
nsIPresContext * 0x0335dc20, nsEvent * 0x0012fb68, nsIDOMEvent * * 0x0012f884,
unsigned int 2, nsEventStatus * 0x0012fa74) line 360
nsGenericDOMDataNode::HandleDOMEvent(nsIPresContext * 0x0335dc20, nsEvent *
0x0012fb68, nsIDOMEvent * * 0x0012f884, unsigned int 1, nsEventStatus *
0x0012fa74) line 799 + 39 bytes
nsTextNode::HandleDOMEvent(nsTextNode * const
0x033dd29c, nsIPresContext * 0x0335dc20, nsEvent * 0x0012fb68, nsIDOMEvent * *
0x00000000, unsigned int 1, nsEventStatus * 0x0012fa74) line 207
PresShell::HandleEvent(PresShell * const 0x03327164, nsIView * 0x033d4040,
nsGUIEvent * 0x0012fb68, nsEventStatus * 0x0012fa74) line 2599 + 39 bytes
nsView::HandleEvent(nsView * const 0x033d4040, nsGUIEvent * 0x0012fb68, unsigned
int 8, nsEventStatus * 0x0012fa74, int & 0) line 841
nsView::HandleEvent(nsView
* const 0x033d4490, nsGUIEvent * 0x0012fb68, unsigned int 8, nsEventStatus *
0x0012fa74, int & 0) line 826
nsView::HandleEvent(nsView * const 0x03325460,
nsGUIEvent * 0x0012fb68, unsigned int 28, nsEventStatus * 0x0012fa74, int & 0)
line 826
nsViewManager::DispatchEvent(nsViewManager * const 0x03323480,
nsGUIEvent * 0x0012fb68, nsEventStatus * 0x0012fa74) line 1678
HandleEvent(nsGUIEvent * 0x0012fb68) line 69
nsWindow::DispatchEvent(nsWindow *
const 0x033d4364, nsGUIEvent * 0x0012fb68, nsEventStatus &
nsEventStatus_eIgnore) line 421 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fb68) line 442
nsWindow::DispatchMouseEvent(unsigned int 302, nsPoint * 0x00000000) line 3332 +
21 bytes
ChildWindow::DispatchMouseEvent(unsigned int 302, nsPoint * 0x00000000)
line 3550
nsWindow::ProcessMessage(unsigned int 513, unsigned int 1, long
20316437, long * 0x0012fdc8) line 2627 + 24 bytes
nsWindow::WindowProc(HWND__ *
0x022503fa, unsigned int 513, unsigned int 1, long 20316437) line 608 + 27 bytes
USER32! 77e71820()
01360115(
Severity: normal → critical
*** Bug 14703 has been marked as a duplicate of this bug. ***
Moving crash bugs into M13.
Target Milestone: M13 → M14
Mass-moving excess bugs to M14
Adding "crash" keyword to all known open crasher bugs.
Keywords: crash
we had a lot of problems with mParent for a while.  We added a bunch of checks 
to catch bad parent situations so it shouldn't be happening anymore.  marking 
INVALID since I don't have a testcase or url to look at specifically.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → INVALID
Keywords: verifyme
Verified per joki's comments.
Status: RESOLVED → VERIFIED
Keywords: verifyme
Component: Event Handling → User events and focus handling
You need to log in before you can comment on or make changes to this bug.