Closed Bug 282709 Opened 20 years ago Closed 20 years ago

Crash entering empty table cell from input (submit) using Caret Browsing

Categories

(Core :: Layout: Text and Fonts, defect)

1.7 Branch
x86
All
defect
Not set
critical

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: djcater+bugzilla, Unassigned)

References

()

Details

(Keywords: crash, testcase)

Attachments

(1 file)

336 bytes, application/xhtml+xml
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050126 Firefox/1.0 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050126 Firefox/1.0 When using Caret Browsing, navigating from a submit button to a completely empty table data cell (not even whitespace,) the browser crashes. Reproducible: Always Steps to Reproduce: 1. Load up the provided testcase. 2. Use Caret Browsing (F7.) 3. Press Tab until the button is highlighted and the caret is at the beginning of the button (should just be one press.) 4. Press the left arrow key. Actual Results: Caret doesn't move, browser crashes. Expected Results: Caret should have moved to the empty cell, and the browser should have continued to run. This occurred using the build specified above on Gentoo Linux, Mozilla 1.7.5 (20050130) on Gentoo Linux, and also Firefox/1.0 on Windows XP. When I boot into Windows I will post a link to the Talkback crash. I have also devised a simplified testcase which shows the crash clearly. I will attach it shortly.
Attached file Testcase
Follow instructions in first post to test the crash using this testcase.
Assignee: aaronleventhal → ginn.chen
(In reply to comment #0) > I will post a link to the Talkback crash http://talkback-public.mozilla.org./talkback/fastfind.jsp?search=2&type=iid&id=TB3778660Q Basics: Stack Signature nsTextFrame::PeekOffset 9a3a2129 Product ID Firefox10 Build ID 2004110711 Platform Win32 Operating System Windows NT 5.1 build 2600 Module firefox.exe + (0022e6cb) URL visited https://bugzilla.mozilla.org./attachment.cgi?id=174681 Trigger Reason Stack overflow Source File, Line No. d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsTextFrame.cpp, line 3870 And after that a whole load of: nsTextFrame::PeekOffset [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsTextFrame.cpp, line 3943]
Assignee: ginn.chen → nobody
Component: Keyboard: Navigation → Layout: Fonts and Text
Keywords: crash
QA Contact: bugzilla → layout.fonts-and-text
IMHO dupe of bug 256835, which was fixed on trunk. Crash with FF1.0.1NB/20050216/WXP -> TB3779554Z WFM M1.8b1NB/2005021614/WXP WFM FF1.0+NB/20050218/WXP
Keywords: testcase
Version: Trunk → 1.7 Branch
Yeah, worksforme on trunk too. Not sure it's a direct dup of bug 256835, but it's definitely not crashing.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: