Closed
Bug 280928
Opened 20 years ago
Closed 20 years ago
crash when right-clicking a popup window with onmousedown=window.close
Categories
(Core :: Widget: Gtk, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: chpe, Assigned: blizzard)
References
()
Details
(Keywords: crash, fixed-aviary1.0.1, fixed1.7.6)
Attachments
(1 file, 1 obsolete file)
1.08 KB,
patch
|
caillon
:
review+
blizzard
:
superreview+
dbaron
:
approval-aviary1.0.1+
dbaron
:
approval1.7.6+
asa
:
approval1.8b+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050106 Galeon/1.3.19 (Debian package 1.3.19-1ubuntu1) Build Identifier: Mozilla 1.8b Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b) Gecko/20050125 (Forwarded from http://bugzilla.gnome.org/show_bug.cgi?id=166157). Reproducible: Always Steps to Reproduce: 1. Load the url 2. Click on the first image 3. In the popup, right-click the image Actual Results: Crash. Expected Results: Context menu should appear. This crashes in my trunk debug build: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b) Gecko/20050125 and also firefox Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050128 Firefox/1.0 (Ubuntu) (Ubuntu package 1.0+dfsg.1-2ubuntu5) and Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050106 Debian/1.7.5-1ubuntu1 as well as in Epiphany (v 1.5.5.90). Here's a trace (from Epiphany, using the mozilla debug build): #0 0xffffe410 in __kernel_vsyscall () #1 0xb74ac135 in raise () from /lib/tls/i686/cmov/libc.so.6 #2 0xb74ad798 in abort () from /lib/tls/i686/cmov/libc.so.6 #3 0xb766df47 in __cxa_call_unexpected () from /usr/lib/libstdc++.so.5 #4 0xb766df84 in std::terminate () from /usr/lib/libstdc++.so.5 #5 0xb766e4a8 in __cxa_pure_virtual () from /usr/lib/libstdc++.so.5 #6 0xb54aaba9 in nsWindow::OnButtonPressEvent (this=0x859d7e8, aWidget=0x8581da0, aEvent=0x840a9a0) at nsWindow.cpp:1423 #7 0xb54afe07 in button_press_event_cb (widget=0x8581da0, event=0x840a9a0) at nsWindow.cpp:3536 #8 0xb7bbd4f2 in _gtk_marshal_BOOLEAN__BOXED () from /usr/lib/libgtk-x11-2.0.so.0 #9 0xb7876351 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #10 0xb78867e2 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0 #11 0xb78856ef in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #12 0xb7885b75 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #13 0xb7c9f0fc in gtk_widget_send_expose () from /usr/lib/libgtk-x11-2.0.so.0 #14 0xb7bbc106 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0 #15 0xb7bbb0e3 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0 #16 0xb795696b in _gdk_events_queue () from /usr/lib/libgdk-x11-2.0.so.0 #17 0xb76b8c8b in g_main_depth () from /usr/lib/libglib-2.0.so.0 #18 0xb76b9c31 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #19 0xb76b9f53 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #20 0xb76ba49a in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #21 0xb7bbaa37 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #22 0x08074d54 in main (argc=6, argv=0x6) at ../../src/ephy-main.c:217 Trace from mozilla debug build itself: #0 0x00000000 in ?? () #1 0xb5a81ba9 in nsWindow::OnButtonPressEvent (this=0x8991528, aWidget=0x87f5640, aEvent=0x8246590) at nsWindow.cpp:1423 #2 0xb5a86e07 in button_press_event_cb (widget=0x87f5640, event=0x8246590) at nsWindow.cpp:3536 [then same as above] 1419 // right menu click on linux should also pop up a context menu 1420 if (eventType == NS_MOUSE_RIGHT_BUTTON_DOWN) { 1421 nsMouseEvent contextMenuEvent(NS_CONTEXTMENU, this); 1422 InitButtonEvent(contextMenuEvent, aEvent); 1423 DispatchEvent(&contextMenuEvent, status); 1424 } I think what happens is that first the right-click is dispatched, onmousedown closes the window, and then nsWindow tries to dispatch the context menu event, but the widget is gone. The trace is similar to the one from attachment 145421 [details] from bug 239563, but also sufficiently different that I think these bugs are unrelated.
Comment 2•20 years ago
|
||
This is reproducable in Firefox too, likely a widget bug.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Updated•20 years ago
|
Assignee: marco → blizzard
Comment 3•20 years ago
|
||
Updated•20 years ago
|
Attachment #173852 -
Flags: review?(caillon)
Updated•20 years ago
|
Attachment #173852 -
Flags: review?(caillon) → review+
Updated•20 years ago
|
Attachment #173852 -
Flags: superreview?(blizzard)
Assignee | ||
Comment 4•20 years ago
|
||
Comment on attachment 173852 [details] [diff] [review] possible fix from gtk1 sr=blizzard, with a caveat. Do we need to do this for all events? If so, this is a one-off that should be done in the function that dispatches all events, not just this one event.
Attachment #173852 -
Flags: superreview?(blizzard) → superreview+
Comment 5•20 years ago
|
||
The code that can cause a segfault is like: 1 DispatchEvent(...) -> Destroy the window 2 try to access nsWindow methods -> Segfault So, even if it would be nicer, I dont think we can solve the problem in the event dispatcher method. We need to keep a reference until after 2. I had a look to all the DispatchEvent calls in nsWindow/nsCommonWidget. There are 2 other cases like this: nsWindow::OnKeyPressEvent (onkeydown=window.close effectively cause a crash) and nsWindow::ThemeChanged. I guess we can assume NS_THEMECHANGED event will not destroy the window.
Comment 6•20 years ago
|
||
Attachment #173852 -
Attachment is obsolete: true
Attachment #174036 -
Flags: review?(caillon)
Updated•20 years ago
|
Attachment #174036 -
Flags: review?(caillon) → review+
Updated•20 years ago
|
Attachment #174036 -
Flags: superreview?(blizzard)
Assignee | ||
Updated•20 years ago
|
Attachment #174036 -
Flags: superreview?(blizzard) → superreview+
Updated•20 years ago
|
Attachment #174036 -
Flags: approval1.8b?
Attachment #174036 -
Flags: approval1.7.6?
Attachment #174036 -
Flags: approval-aviary1.0.1?
Comment 7•20 years ago
|
||
Comment on attachment 174036 [details] [diff] [review] fix both onmousedown and onkeydown a=asa for 1.8b checkin
Attachment #174036 -
Flags: approval1.8b? → approval1.8b+
Comment 8•20 years ago
|
||
Checking in nsWindow.cpp; /cvsroot/mozilla/widget/src/gtk2/nsWindow.cpp,v <-- nsWindow.cpp new revision: 1.131; previous revision: 1.130 done
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Comment 9•20 years ago
|
||
Comment on attachment 174036 [details] [diff] [review] fix both onmousedown and onkeydown please use the -p diff option in the future. a=dveditz for the branches if landed asap. Please add fixed-aviary1.0.1 and fixed1.7.6 keywords when landed
Attachment #174036 -
Flags: approval1.7.6?
Attachment #174036 -
Flags: approval1.7.6+
Attachment #174036 -
Flags: approval-aviary1.0.1?
Attachment #174036 -
Flags: approval-aviary1.0.1+
Checked in to AVIARY_1_0_1_20050124_BRANCH, 2005-02-18 17:12 -0800. Checked in to MOZILLA_1_7_BRANCH, 2005-02-18 17:13 -0800.
Keywords: fixed-aviary1.0.1,
fixed1.7.6
Comment 11•19 years ago
|
||
using 2005022207-1.0.1 firefox build on fedora core 3, when I go through the test case in comment 0 right-clicking the image closes the window --no context menu appears, but it doesn't crash. is this expected (fixed) behavior?
You need to log in
before you can comment on or make changes to this bug.
Description
•