Closed
Bug 245572
Opened 20 years ago
Closed 20 years ago
Crash displaying www.thewebtier.com/template.jsp?selected=4 [@ nsCSSValue::Reset ]
Categories
(Core :: DOM: CSS Object Model, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: rontilby, Assigned: dbaron)
References
()
Details
(Keywords: crash, verified1.7, Whiteboard: fixed-aviary1.0)
Crash Data
Attachments
(2 files, 1 obsolete file)
7.74 KB,
text/plain
|
Details | |
1.15 KB,
patch
|
bryner
:
review+
bryner
:
superreview+
chofmann
:
approval1.7+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a2) Gecko/20040603 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a2) Gecko/20040603 Linked to URL from google search results. Page displayed, then Mozilla crashed. Talkback IDs: TB74569Q, TB74559W using Mozilla nightly 2004060208 Talkback ID: TB74619Y using Mozilla nightly 2004060308 Reproducible: Always Steps to Reproduce: 1.load http://www.thewebtier.com/template.jsp?selected=4 2.wait a few seconds 3.crash Actual Results: crash Expected Results: not crash
Comment 1•20 years ago
|
||
Confirming with build 2004-06-04-07, Windows XP.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 2•20 years ago
|
||
apologies for my broken Linux box (GDB returns some variable not being available), hope this is useful anyway: (gdb) frame 2 #2 0x4137a3bc in nsCSSDeclaration::RemoveProperty(nsCSSProperty) (this=Variable "this" is not available. ) at nsCSSDeclaration.cpp:139 139 data.ClearProperty(aProperty); (gdb) p aProperty $2 = eCSSProperty_UNKNOWN
Updated•20 years ago
|
Keywords: crash
OS: Windows 2000 → All
Summary: Crash displaying www.thewebtier.com/template.jsp?selected=4 → Crash displaying www.thewebtier.com/template.jsp?selected=4 [@ nsCSSValue::Reset ]
Comment 3•20 years ago
|
||
TB74783H Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a2) Gecko/20040603 Error message from Opera´s Javascript console: Event thread: onload Error: name: TypeError message: Statement on line 180: Expression evaluated to null or undefined and is not convertible to Object: iframeSourceDocument.body Backtrace: Line 180 of linked script http://www.thewebtier.com/tooltip.js children = iframeSourceDocument.body.childNodes; Line 215 of linked script http://www.thewebtier.com/tooltip.js var numbertooltips = findNumberOfTooltips(); In unknown script parent.addContent(); At unknown location
Comment 4•20 years ago
|
||
I think I know what is going on here. In Javascript the CSS property CounterIncrement is set which according is defined as CSS_PROP_NOTIMPLEMENTED(counter-increment, counter_increment, CounterIncrement) Because Mozilla hasn't implemented this, this results in nsresult nsCSSDeclaration::RemoveProperty(nsCSSProperty aProperty) being called with aProperty == eCSSProperty_UNKNOWN which fails miserably. I've added a check for this in nsCSSDeclaration::RemoveProperty and that seems to work. Patch coming up.
OS: All → Windows 2000
Comment 5•20 years ago
|
||
Oops, changing back OS. And assigning to me.
Status: NEW → ASSIGNED
OS: Windows 2000 → All
Comment 6•20 years ago
|
||
Updated•20 years ago
|
Attachment #150028 -
Flags: review?(bzbarsky)
Comment 7•20 years ago
|
||
also crashes 1.7rc2: TB75056H requesting blocking1.7 (bug has a patch)
Flags: blocking1.7?
Updated•20 years ago
|
Assignee: general → r.pronk
Status: ASSIGNED → NEW
Assignee | ||
Updated•20 years ago
|
Flags: blocking1.7? → blocking1.7+
Updated•20 years ago
|
Whiteboard: dbaron reviewing
Assignee | ||
Comment 8•20 years ago
|
||
I think a better solution would be to take a tiny piece of the patch in bug 243728 and just define CSS_PROP_NOTIMPLEMENTED differently.
Assignee | ||
Comment 9•20 years ago
|
||
Actually, never mind that, we should tolerate bad strings passed to setProperty / removeProperty, and bzbarsky can land that later. However, I think the check should be in the caller.
Assignee | ||
Comment 10•20 years ago
|
||
I prefer checking in the caller.
Attachment #150028 -
Attachment is obsolete: true
Assignee | ||
Updated•20 years ago
|
Attachment #150092 -
Flags: superreview?(bzbarsky)
Attachment #150092 -
Flags: review?(bzbarsky)
Assignee | ||
Comment 11•20 years ago
|
||
(The reason I prefer the check in the caller is that I think when we're passing nsCSSProperty enums around, they should already be known to be good. There's only one that isn't, but that should just be like a special return value from LookupProperty.)
Comment 12•20 years ago
|
||
Yeah, I was having doubts myself whether it should be in the caller or not, but since I didn't know how many callers there are to the callee I thought I'd just play it safe and put it in the callee and thereby protect all callers. To me it doesn't really matter.
Assignee | ||
Comment 13•20 years ago
|
||
There's only one caller. :-)
Comment 14•20 years ago
|
||
Confirming with build Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7) Gecko/20040607
Updated•20 years ago
|
Attachment #150092 -
Flags: superreview?(bzbarsky)
Attachment #150092 -
Flags: superreview+
Attachment #150092 -
Flags: review?(bzbarsky)
Attachment #150092 -
Flags: review+
Assignee | ||
Updated•20 years ago
|
Attachment #150028 -
Flags: review?(bzbarsky)
Assignee | ||
Comment 15•20 years ago
|
||
Taking bug (although thanks for your work in finding the problem).
Assignee: r.pronk → dbaron
Assignee | ||
Comment 16•20 years ago
|
||
Fix checked in to trunk, 2004-06-07 12:30 -0700.
Status: NEW → RESOLVED
Closed: 20 years ago
Component: Browser-General → DOM: CSSOM
QA Contact: general → ian
Resolution: --- → FIXED
Assignee | ||
Updated•20 years ago
|
Attachment #150092 -
Flags: approval1.7?
Comment 17•20 years ago
|
||
Comment on attachment 150092 [details] [diff] [review] patch a=chofmann for 1.7
Attachment #150092 -
Flags: approval1.7? → approval1.7+
Assignee | ||
Comment 18•20 years ago
|
||
Fix checked in to MOZILLA_1_7_BRANCH, 2004-06-07 14:18 -0700.
Keywords: fixed1.7
Updated•20 years ago
|
Whiteboard: dbaron reviewing → needed-aviary1.0
Comment 19•20 years ago
|
||
*** Bug 245895 has been marked as a duplicate of this bug. ***
Updated•20 years ago
|
Whiteboard: needed-aviary1.0 → fixed-aviary1.0
Comment 20•20 years ago
|
||
Verified as fix on latest 1.7 branch 06-24 build. Changing keywords from fixed1.7 to verified1.7. Leave this bug status "as is" until this bug be verified on trunk again...
Keywords: fixed1.7 → verified1.7
Updated•13 years ago
|
Crash Signature: [@ nsCSSValue::Reset ]
You need to log in
before you can comment on or make changes to this bug.
Description
•