Open Bug 293094 Opened 20 years ago Updated 2 years ago

window.sizeToContent() on an unloaded window does bad things

Categories

(Core :: DOM: Core & HTML, defect, P5)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Linux
Type:
defect

Tracking

()

People

(Reporter: ted, Unassigned)

References

Details

I wrote some bad javascript that does this:

xwin.document.location = "data:application/vnd.mozilla.xul+xml," +
encodeURIComponent(old);
xwin.sizeToContent();

Since the document isn't done loading, sizeToContent() decides to make the
window incredibly large (something like 20k x 20k pixels).  This crashes my XFT
Firefox, and just creates an annoyingly large window in Seamonkey.
Stack Trace of a Firefox crash:

#0  0x40b450a6 in exit () from /lib/tls/libc.so.6
#1  0x405f4ab1 in _gdk_windowing_exit () from /usr/lib/libgdk-x11-2.0.so.0
#2  0x40799614 in _XError () from /usr/X11R6/lib/libX11.so.6
#3  0x40797b73 in _XReply () from /usr/X11R6/lib/libX11.so.6
#4  0x4079443e in XTranslateCoordinates () from /usr/X11R6/lib/libX11.so.6
#5  0x405fe2c9 in gdk_window_get_origin () from /usr/lib/libgdk-x11-2.0.so.0
#6  0x0832ec11 in nsWindow::WidgetToScreen (this=0x979e470, 
    aOldRect=@0xbfffecc0, aNewRect=@0xbfffecc0)
    at /home/luser/build/firefoxbuild/mozilla/widget/src/gtk2/nsWindow.cpp:1142
#7  0x086a071e in nsView::ResetWidgetBounds (this=0x97dff68, aRecurse=0, 
    aMoveOnly=0, aInvalidateChangedSize=1)
    at /home/luser/build/firefoxbuild/mozilla/view/src/nsView.cpp:396
#8  0x086a6b6a in nsViewManager::ProcessPendingUpdates (this=0x979e380, 
    aView=0x97dff68, aDoInvalidate=1)
    at /home/luser/build/firefoxbuild/mozilla/view/src/nsViewManager.cpp:1606
#9  0x086a6b99 in nsViewManager::ProcessPendingUpdates (this=0x979e380, 
    aView=0x979e400, aDoInvalidate=1)
    at /home/luser/build/firefoxbuild/mozilla/view/src/nsViewManager.cpp:1612
#10 0x086acf27 in nsViewManager::FlushPendingInvalidates (this=0x979e380)
    at /home/luser/build/firefoxbuild/mozilla/view/src/nsViewManager.cpp:4323
#11 0x086aadd9 in nsViewManager::EnableRefresh (this=0x979e380, aUpdateFlags=0)
    at /home/luser/build/firefoxbuild/mozilla/view/src/nsViewManager.cpp:3374
#12 0x086aaf31 in nsViewManager::EndUpdateViewBatch (this=0x979e380, 
    aUpdateFlags=0)
    at /home/luser/build/firefoxbuild/mozilla/view/src/nsViewManager.cpp:3419
#13 0x08362540 in nsCSSFrameConstructor::RestyleEvent::HandleEvent (
    this=0x982f348)
    at
/home/luser/build/firefoxbuild/mozilla/layout/base/nsCSSFrameConstructor.cpp:13647
#14 0x08362559 in HandleRestyleEvent (aEvent=0x982f348)
    at
/home/luser/build/firefoxbuild/mozilla/layout/base/nsCSSFrameConstructor.cpp:13655
#15 0x401f2a8b in PL_HandleEvent (self=0x982f348)
    at /home/luser/build/firefoxbuild/mozilla/xpcom/threads/plevent.c:698
#16 0x401f2940 in PL_ProcessPendingEvents (self=0x90ad1c0)
    at /home/luser/build/firefoxbuild/mozilla/xpcom/threads/plevent.c:633
#17 0x401f5d9e in nsEventQueueImpl::ProcessPendingEvents (this=0x90cfdb8)
    at /home/luser/build/firefoxbuild/mozilla/xpcom/threads/nsEventQueue.cpp:417
#18 0x0833811c in event_processor_callback (source=0x9342bc0, 
    condition=G_IO_IN, data=0x90cfdb8)
    at /home/luser/build/firefoxbuild/mozilla/widget/src/gtk2/nsAppShell.cpp:67
#19 0x4072bf5f in g_vasprintf () from /usr/lib/libglib-2.0.so.0
#20 0x407066c2 in g_main_depth () from /usr/lib/libglib-2.0.so.0
#21 0x40707748 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#22 0x40707a80 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#23 0x40708023 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#24 0x403ecc13 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#25 0x0833868c in nsAppShell::Run (this=0x91a09b0)
    at /home/luser/build/firefoxbuild/mozilla/widget/src/gtk2/nsAppShell.cpp:139
#26 0x08a77f9c in nsAppStartup::Run (this=0x91a0968)
    at
/home/luser/build/firefoxbuild/mozilla/toolkit/components/startup/src/nsAppStartup.cpp:144
#27 0x08ca8a25 in XRE_main (argc=1, argv=0xbffff7c4, aAppData=0x8cd6f40)
    at /home/luser/build/firefoxbuild/mozilla/toolkit/xre/nsAppRunner.cpp:1976
#28 0x0808cfae in main (argc=1, argv=0xbffff7c4)
    at /home/luser/build/firefoxbuild/mozilla/browser/app/nsBrowserApp.cpp:60

about:buildconfig

Build platform
target
i686-pc-linux-gnu

Build tools
Compiler 	Version 	Compiler flags
gcc 	gcc version 3.3.5 (Debian 1:3.3.5-3) 	-Wall -W -Wno-unused -Wpointer-arith
-Wcast-align -Wno-long-long -pedantic -pthread -pipe
c++ 	gcc version 3.3.5 (Debian 1:3.3.5-3) 	-fno-rtti -fno-exceptions -Wall
-Wconversion -Wpointer-arith -Wcast-align -Woverloaded-virtual -Wsynth
-Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -Wno-long-long -pedantic
-fshort-wchar -pthread -pipe -I/usr/X11R6/include

Configure arguments
--enable-application=browser --enable-optimize --disable-debug
--enable-default-toolkit=gtk2 --enable-xft --enable-static --disable-shared
--disable-tests --disable-freetype2 

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b2) Gecko/20050412 Firefox/1.0+
Could you attach a testcase?  Should be pretty small, I bet, esp. if it uses
enablePrivilege() right...
Is this still an issue now that bug 293781 is fixed?
Depends on: 293781
Assignee: general → nobody
QA Contact: ian → general
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven't been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.