crash [@ nsIDocument::GetDocumentURL ] navigating away from suntrust

RESOLVED FIXED in mozilla1.7

Status

()

Toolkit
Password Manager
--
critical
RESOLVED FIXED
15 years ago
10 years ago

People

(Reporter: ClammyPickle-Forums, Assigned: Brian Ryner (not reading))

Tracking

({crash})

unspecified
mozilla1.7
x86
Windows XP
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7

Example:

Banking website (SunTrust)
Have UserID & password stored for the site.

Go to the login page and info is already populated for you from password manager
and cursor is IN the box...

Instead of clicking the sign-in button to enter, you navigate away from the
page, for example clicking the home button.......

Firebird crashes!

Repeat same steps above and when the page loads and cursor is in the box, click
anywhere on the page which will remove the cursor from the box, and then
navigate away from this page without logging in.......Firebird WILL NOT crash!

Appears to crash because of navigation away from the page with the cursor in the
box.

Reproducible: Always

Steps to Reproduce:
1.See above
2.
3.



Expected Results:  
Navigate away whether cursor is in box or not in box...

Comment 1

15 years ago
Steps to reproduce:
1. Go to https://internetbanking.suntrust.com/
2. Type a numerical username of length 9 (e.g. 123456789).
3. Type a numerical password of length 6 (e.g. 123456).
4. Submit and have password manager save your password.
5. Go to https://internetbanking.suntrust.com/ again and wait for password
manager to fill your password.
6. Click the Home button.

Result: Crash.

Btw, the frame is https://internetbanking.suntrust.com/default.asp, but the
crash doesn't happen if you load the frame by itself.
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 2

15 years ago
I'm using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b)
Gecko/20031116 Firebird/0.7+ and I do see the crash.

Comment 3

15 years ago
>	tkitcmps.dll!nsCOMPtr<nsIURI>::get()  Line 652 + 0x3	C++
 	tkitcmps.dll!nsCOMPtr<nsIURI>::operator nsDerivedSafe<nsIURI> *()  Line 665	C++
 	tkitcmps.dll!nsIDocument::GetDocumentURL()  Line 135 + 0x12	C++
 	tkitcmps.dll!nsPasswordManager::FillPassword(nsIDOMEvent * aEvent=0x030e5ae0)
 Line 1647 + 0x1d	C++
 	tkitcmps.dll!nsPasswordManager::Blur(nsIDOMEvent * aEvent=0x030e5ae0)  Line
1027	C++
 	gklayout.dll!DispatchToInterface(nsIDOMEvent * aEvent=0x030e5ae0,
nsIDOMEventListener * aListener=0x03742e84, unsigned int (nsIDOMEvent *)*
aMethod=0x015400c0, const nsID & aIID={...}, int * aHasInterface=0x0012dcbc) 
Line 128 + 0xb	C++
 	gklayout.dll!nsEventListenerManager::HandleEvent(nsIPresContext *
aPresContext=0x03803258, nsEvent * aEvent=0x0012e588, nsIDOMEvent * *
aDOMEvent=0x0012decc, nsIDOMEventTarget * aCurrentTarget=0x043b4418, unsigned
int aFlags=7, nsEventStatus * aEventStatus=0x0012e5b0)  Line 1506 + 0x23	C++
 	gklayout.dll!nsGenericElement::HandleDOMEvent(nsIPresContext *
aPresContext=0x03803258, nsEvent * aEvent=0x0012e588, nsIDOMEvent * *
aDOMEvent=0x0012decc, unsigned int aFlags=7, nsEventStatus *
aEventStatus=0x0012e5b0)  Line 1943	C++
 	gklayout.dll!nsHTMLInputElement::HandleDOMEvent(nsIPresContext *
aPresContext=0x03803258, nsEvent * aEvent=0x0012e588, nsIDOMEvent * *
aDOMEvent=0x00000000, unsigned int aFlags=1, nsEventStatus *
aEventStatus=0x0012e5b0)  Line 1483 + 0x1d	C++
 	gklayout.dll!nsEventStateManager::PreHandleEvent(nsIPresContext *
aPresContext=0x0239fb88, nsEvent * aEvent=0x0012e968, nsIFrame *
aTargetFrame=0x02d26b48, nsEventStatus * aStatus=0x0012e790, nsIView *
aView=0x02d54fd0)  Line 485	C++
 	gklayout.dll!PresShell::HandleEventInternal(nsEvent * aEvent=0x0012e968,
nsIView * aView=0x02d54fd0, unsigned int aFlags=1, nsEventStatus *
aStatus=0x0012e790)  Line 6174 + 0x31	C++
 	gklayout.dll!PresShell::HandleEvent(nsIView * aView=0x02d54fd0, nsGUIEvent *
aEvent=0x0012e968, nsEventStatus * aEventStatus=0x0012e790, int aForceHandle=1,
int & aHandled=1)  Line 6075 + 0x19	C++
 	gklayout.dll!nsViewManager::HandleEvent(nsView * aView=0x02d54fd0, nsGUIEvent
* aEvent=0x0012e968, int aCaptured=0)  Line 2250	C++
 	gklayout.dll!nsView::HandleEvent(nsViewManager * aVM=0x023a04f0, nsGUIEvent *
aEvent=0x0012e968, int aCaptured=0)  Line 298	C++
 	gklayout.dll!nsViewManager::DispatchEvent(nsGUIEvent * aEvent=0x0012e968,
nsEventStatus * aStatus=0x0012e8d0)  Line 2033 + 0x17	C++
 	gklayout.dll!HandleEvent(nsGUIEvent * aEvent=0x0012e968)  Line 79	C++
 	gkwidget.dll!nsWindow::DispatchEvent(nsGUIEvent * event=0x0012e968,
nsEventStatus & aStatus=nsEventStatus_eIgnore)  Line 1050 + 0xa	C++
 	gkwidget.dll!nsWindow::DispatchWindowEvent(nsGUIEvent * event=0x0012e968) 
Line 1071	C++
 	gkwidget.dll!nsWindow::DispatchFocus(unsigned int aEventType=105, int
isMozWindowTakingFocus=1)  Line 5404 + 0xf	C++
 	gkwidget.dll!nsWindow::ProcessMessage(unsigned int msg=7, unsigned int
wParam=655816, long lParam=0, long * aRetValue=0x0012edb4)  Line 4145 + 0x17	C++
 	gkwidget.dll!nsWindow::WindowProc(HWND__ * hWnd=0x002d0214, unsigned int
msg=7, unsigned int wParam=655816, long lParam=0)  Line 1333 + 0x1b	C++
 	user32.dll!77d43a50() 	
 	user32.dll!77d43b1f() 	
 	user32.dll!77d444f5() 	
 	user32.dll!77d44525() 	
 	ntdll.dll!77f75da3() 	
 	gklayout.dll!nsView::~nsView()  Line 167	C++
 	gklayout.dll!nsView::`scalar deleting destructor'()  + 0xf	C++
 	gklayout.dll!nsView::Destroy()  Line 259 + 0x1f	C++
 	gklayout.dll!nsFrame::Destroy(nsIPresContext * aPresContext=0x04421c30) 
Line 649	C++
 	gklayout.dll!nsSplittableFrame::Destroy(nsIPresContext *
aPresContext=0x04421c30)  Line 72	C++
 	gklayout.dll!nsContainerFrame::Destroy(nsIPresContext *
aPresContext=0x04421c30)  Line 141 + 0xd	C++
 	gklayout.dll!ViewportFrame::Destroy(nsIPresContext * aPresContext=0x04421c30)
 Line 68	C++
 	gklayout.dll!FrameManager::Destroy()  Line 485	C++
 	gklayout.dll!PresShell::Destroy()  Line 1828	C++
 	gklayout.dll!DocumentViewerImpl::Destroy()  Line 1112	C++
 	gklayout.dll!DocumentViewerImpl::Show()  Line 1348	C++
 	gklayout.dll!PresShell::UnsuppressAndInvalidate()  Line 4893	C++
 	gklayout.dll!PresShell::UnsuppressPainting()  Line 4938	C++
 	gklayout.dll!DocumentViewerImpl::LoadComplete(unsigned int aStatus=0)  Line
941	C++
 	docshell.dll!nsDocShell::EndPageLoad(nsIWebProgress * aProgress=0x02d54a8c,
nsIChannel * aChannel=0x0431cf30, unsigned int aStatus=0)  Line 4319	C++
 	docshell.dll!nsWebShell::EndPageLoad(nsIWebProgress * aProgress=0x02d54a8c,
nsIChannel * channel=0x0431cf30, unsigned int aStatus=0)  Line 797	C++
 	docshell.dll!nsDocShell::OnStateChange(nsIWebProgress * aProgress=0x02d54a8c,
nsIRequest * aRequest=0x0431cf30, unsigned int aStateFlags=131088, unsigned int
aStatus=0)  Line 4251	C++
 	docshell.dll!nsDocLoaderImpl::FireOnStateChange(nsIWebProgress *
aProgress=0x02d54a8c, nsIRequest * aRequest=0x0431cf30, int aStateFlags=131088,
unsigned int aStatus=0)  Line 1226	C++
 	docshell.dll!nsDocLoaderImpl::doStopDocumentLoad(nsIRequest *
request=0x0431cf30, unsigned int aStatus=0)  Line 864	C++
 	docshell.dll!nsDocLoaderImpl::DocLoaderIsEmpty()  Line 762	C++
 	docshell.dll!nsDocLoaderImpl::OnStopRequest(nsIRequest * aRequest=0x04440028,
nsISupports * aCtxt=0x00000000, unsigned int aStatus=0)  Line 692	C++
 	necko.dll!nsLoadGroup::RemoveRequest(nsIRequest * request=0x04440028,
nsISupports * ctxt=0x00000000, unsigned int aStatus=0)  Line 695 + 0x23	C++
 	gklayout.dll!PresShell::RemoveDummyLayoutRequest()  Line 6702 + 0x2a	C++
 	gklayout.dll!PresShell::DoneRemovingReflowCommands()  Line 6663	C++
 	gklayout.dll!PresShell::ProcessReflowCommands(int aInterruptible=1)  Line 6523	C++
 	gklayout.dll!ReflowEvent::HandleEvent()  Line 6303	C++
 	gklayout.dll!HandlePLEvent(ReflowEvent * aEvent=0x04440248)  Line 6317	C++
 	xpcom.dll!PL_HandleEvent(PLEvent * self=0x04440248)  Line 671 + 0xa	C
 	xpcom.dll!PL_ProcessPendingEvents(PLEventQueue * self=0x009b56b0)  Line 606
+ 0x9	C
 	xpcom.dll!_md_EventReceiverProc(HWND__ * hwnd=0x002801aa, unsigned int
uMsg=49383, unsigned int wParam=0, long lParam=10180272)  Line 1412 + 0x9	C
 	user32.dll!77d43a50() 	
 	user32.dll!77d43b1f() 	
 	user32.dll!77d43d79() 	
 	user32.dll!77d43ddf() 	
 	appshell.dll!nsAppShellService::Run()  Line 484	C++
 	MozillaFirebird.exe!main1(int argc=2, char * * argv=0x002b7d00, nsISupports *
nativeApp=0x0099e398, const nsXREAppData & aAppData={...})  Line 1282 + 0x20	C++
 	MozillaFirebird.exe!xre_main(int argc=2, char * * argv=0x002b7d00, const
nsXREAppData & aAppData={...})  Line 1716 + 0x29	C++
 	MozillaFirebird.exe!main(int argc=2, char * * argv=0x002b7d00)  Line 51 + 0x11	C++
 	MozillaFirebird.exe!mainCRTStartup()  Line 400 + 0x11	C
 	kernel32.dll!77e814c7() 	

Why is FillPassword on the stack when I navigate *away* from this page?
Keywords: crash
Summary: Going to a website that you have stored a UserID & Password and then exiting before logging in will crash Firebird because cursor is in the box → crash [@ nsIDocument::GetDocumentURL ] navigating away from suntrust

Comment 4

15 years ago
Jesse:

Do you think this is a dupe of bug 222829? They both involve an issue with frames.

Comment 5

15 years ago
No, because that bug WFM.  That bug doesn't have a stack trace.  That bug also
doesn't have comments about whether it also crashes if you do "Show Only This
Frame" first.
(Assignee)

Updated

14 years ago
Target Milestone: --- → Firefox0.9
(Assignee)

Comment 6

14 years ago
Created attachment 141565 [details] [diff] [review]
null-check the document

It looks like Windows wants to send a blur event for the focused inner window
when we start to tear down the widgets from the previous document.  For now,
I'm going to null check the document here.
(Assignee)

Comment 7

14 years ago
checked in.
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED
Product: Firefox → Toolkit
Crash Signature: [@ nsIDocument::GetDocumentURL ]
You need to log in before you can comment on or make changes to this bug.