Closed
Bug 256835
Opened 20 years ago
Closed 20 years ago
[crash]ctrl+left cause crash in bugzilla [@ nsTextFrame::PeekOffset ][@ ntdll.dll - nsFrame::GetFrameFromDirection ]
Categories
(Core :: DOM: UI Events & Focus Handling, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: ginnchen+exoracle, Assigned: ginnchen+exoracle)
References
Details
(Keywords: access, crash)
Crash Data
Attachments
(2 files)
2.21 KB,
patch
|
aaronlev
:
review+
dbaron
:
superreview+
|
Details | Diff | Splinter Review |
3.14 KB,
patch
|
dbaron
:
superreview+
|
Details | Diff | Splinter Review |
go to any bug report. e.g. http://bugzilla.mozilla.org/show_bug.cgi?id=241023 use F7 to turn on caret browsing. put caret in "Requestee:" of "Flags: (Help!) Requestee: " press ctrl+left, caret goes to "^Requestee:" press ctrl+left again, caret goes to "^(Help!)" press ctrl+left again, caret goes to "^Flags:" press ctrl+left again, mozilla crash.
I'm testing my patch. I will post it tommorrow.
Status: NEW → ASSIGNED
1. change "do ... while(isBidiGhostFrame || !selectable)" to "for(;;)" because before isBidiGhostFrame's value is set, there's "continue;" 2. we should get out earlier, if we get (!isBidiGhostFrame && selectable) our "newFrame" may get changed by following code, we should just break out of the loop now.
Attachment #157021 -
Flags: review?(aaronleventhal)
This patch also fixed bug 256268, bug 241034, and bug 130889 (the second testcase of bug 130889 has a <hr> issue filed as bug 256833)
Updated•20 years ago
|
Attachment #157021 -
Flags: review?(aaronleventhal) → review+
Attachment #157021 -
Flags: superreview?(dbaron)
Comment 4•20 years ago
|
||
Bug 242835 should be also related. Adding crash signatures from Trunk (TB664701E) and FF093 (TB664717W, TB664692G).
Summary: [crash]ctrl+left cause crash in bugzilla → [crash]ctrl+left cause crash in bugzilla [@ nsTextFrame::PeekOffset ][@ ntdll.dll - nsFrame::GetFrameFromDirection ]
confirmed, this patch will also fix bug 144610, bug 242835
*** Bug 144610 has been marked as a duplicate of this bug. ***
*** Bug 242835 has been marked as a duplicate of this bug. ***
Attachment #157021 -
Flags: superreview?(dbaron) → superreview?(jst)
Comment 8•20 years ago
|
||
Comment on attachment 157021 [details] [diff] [review] patch This changes this loop to not break out of the loop if we're at a bidi ghost frame, and I'm not sure that's the right thing to do... As this isn't code I normally work with I'm pushing this sr request over to dbaron.
Attachment #157021 -
Flags: superreview?(jst) → superreview?(dbaron)
The change brings "while condition" ahead. Origin code uses "continue;", but "isBidiGhostFrame" isn't set yet. So we can't get loop as we need. 4027 if (nsLayoutAtoms::textFrame != newFrame->GetType()) 4028 continue; //we should NOT be getting stuck on the same piece of content on the same line. skip to next line. 4029 } 4030 isBidiGhostFrame = (newFrame->GetRect().IsEmpty() && 4031 (newFrame->GetStateBits() & NS_FRAME_IS_BIDI));
Comment 10•20 years ago
|
||
similar problem win xp home, firefox 0.97 - (sp 1 installed) using the yahoo mail web portal. create a message, select attachment, in the window (OS) select a file, prest ctrl c (copy) - mozila crashes. - neb radivojevic - QA Analyst
Assignee | ||
Comment 11•20 years ago
|
||
Neb, I can't reproduce your crash with Firefox 1.0PR 0.10.1. And I don't think it relates to this bug.
Comment on attachment 157021 [details] [diff] [review] patch sr=dbaron, although this code is a mystery to me (I'm assuming it's not a mystery to you), if you make the following changes: * move the declaration of isBidiGhostFrame to where it's first assigned (inside the loop) * move the declaration of selectable to the line before it's first used (inside the loop)
Attachment #157021 -
Flags: superreview?(dbaron) → superreview+
Assignee | ||
Comment 13•20 years ago
|
||
Attachment #167088 -
Flags: superreview?(dbaron)
Attachment #167088 -
Flags: superreview?(dbaron) → superreview+
Assignee | ||
Comment 14•20 years ago
|
||
Checking in nsFrame.cpp; /cvsroot/mozilla/layout/html/base/src/nsFrame.cpp,v <-- nsFrame.cpp new revision: 3.529; previous revision: 3.528 done
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 15•20 years ago
|
||
*** Bug 256268 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 16•20 years ago
|
||
*** Bug 241034 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 17•20 years ago
|
||
*** Bug 130889 has been marked as a duplicate of this bug. ***
Comment 18•19 years ago
|
||
The patch for this bug caused bug 288789.
Comment 19•19 years ago
|
||
*** Bug 298316 has been marked as a duplicate of this bug. ***
Updated•13 years ago
|
Crash Signature: [@ nsTextFrame::PeekOffset ]
[@ ntdll.dll - nsFrame::GetFrameFromDirection ]
Updated•5 years ago
|
Component: Keyboard: Navigation → User events and focus handling
Comment 20•5 years ago
|
||
Keywords: sec508
You need to log in
before you can comment on or make changes to this bug.
Description
•