Closed
Bug 282709
Opened 20 years ago
Closed 20 years ago
Crash entering empty table cell from input (submit) using Caret Browsing
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
VERIFIED
WORKSFORME
People
(Reporter: djcater+bugzilla, Unassigned)
References
()
Details
(Keywords: crash, testcase)
Attachments
(1 file)
336 bytes,
application/xhtml+xml
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050126 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050126 Firefox/1.0
When using Caret Browsing, navigating from a submit button to a completely empty
table data cell (not even whitespace,) the browser crashes.
Reproducible: Always
Steps to Reproduce:
1. Load up the provided testcase.
2. Use Caret Browsing (F7.)
3. Press Tab until the button is highlighted and the caret is at the beginning
of the button (should just be one press.)
4. Press the left arrow key.
Actual Results:
Caret doesn't move, browser crashes.
Expected Results:
Caret should have moved to the empty cell, and the browser should have continued
to run.
This occurred using the build specified above on Gentoo Linux, Mozilla 1.7.5
(20050130) on Gentoo Linux, and also Firefox/1.0 on Windows XP. When I boot into
Windows I will post a link to the Talkback crash. I have also devised a
simplified testcase which shows the crash clearly. I will attach it shortly.
Follow instructions in first post to test the crash using this testcase.
Updated•20 years ago
|
Assignee: aaronleventhal → ginn.chen
(In reply to comment #0)
> I will post a link to the Talkback crash
http://talkback-public.mozilla.org./talkback/fastfind.jsp?search=2&type=iid&id=TB3778660Q
Basics:
Stack Signature nsTextFrame::PeekOffset 9a3a2129
Product ID Firefox10
Build ID 2004110711
Platform Win32
Operating System Windows NT 5.1 build 2600
Module firefox.exe + (0022e6cb)
URL visited https://bugzilla.mozilla.org./attachment.cgi?id=174681
Trigger Reason Stack overflow
Source File, Line No.
d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsTextFrame.cpp,
line 3870
And after that a whole load of:
nsTextFrame::PeekOffset
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsTextFrame.cpp,
line 3943]
Assignee: ginn.chen → nobody
Component: Keyboard: Navigation → Layout: Fonts and Text
Keywords: crash
QA Contact: bugzilla → layout.fonts-and-text
Comment 3•20 years ago
|
||
IMHO dupe of bug 256835, which was fixed on trunk.
Crash with FF1.0.1NB/20050216/WXP -> TB3779554Z
WFM M1.8b1NB/2005021614/WXP
WFM FF1.0+NB/20050218/WXP
Keywords: testcase
Version: Trunk → 1.7 Branch
Comment 4•20 years ago
|
||
Yeah, worksforme on trunk too. Not sure it's a direct dup of bug 256835, but
it's definitely not crashing.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•