The default bug view has changed. See this FAQ.

Browser crashes after copying javascript containing document.write from iframe to main window [@ nsGenericElement::InsertChildAt]

VERIFIED DUPLICATE of bug 240592

Status

()

Core
DOM: Core & HTML
--
critical
VERIFIED DUPLICATE of bug 240592
12 years ago
9 years ago

People

(Reporter: AJS, Unassigned)

Tracking

1.7 Branch
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

Firefox crashes when copying a script containing document.write() from an 
iframe to the main window.  If the script does not contain document.write(), 
then it works fine.

Reproducible: Always

Steps to Reproduce:
1. Download frames4.zip from the URL above, to your local machine.
2. Open START.htm
3. Click the link in the browser

Actual Results:  
Firefox crashes (the process ends)

Expected Results:  
Content should be written to the DIV, as it does in IE

I would actually prefer to use cloneNode() to copy the script, but this has 
its own problems, specifically bug 283389 (see the two testcases in my latest 
comments there).
Can you provide a talkback ID for the crash?
Maybe related to bug 293388?
(Reporter)

Comment 2

12 years ago
This works fine on Safari (Mac) and IE (WinXP)
(Reporter)

Comment 3

12 years ago
TalkBack IDs...

TB5722463W
TB5721232W

Comment 4

12 years ago
Incident ID: 5722463 
Stack Signature nsGenericElement::InsertChildAt 10ad08d8 
Product ID Firefox10 
Build ID 2005041417 
Trigger Time 2005-05-10 09:05:06.0 
Platform Win32 
Operating System Windows NT 5.1 build 2600 
Module FIREFOX.EXE + (00163f3d) 
URL visited  
User Comments  
Since Last Crash 3 sec 
Total Uptime 185816 sec 
Trigger Reason Access violation 
Source File, Line No. d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/base/src/nsGenericElement.cpp, 
line 2521 
Stack Trace  

nsGenericElement::InsertChildAt  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/base/src/nsGenericElement.cpp, 
line 2521]
nsGenericElement::doInsertBefore  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/base/src/nsGenericElement.cpp, 
line 2888]
nsHTMLBodyElement::AppendChild  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/html/content/src/nsHTMLBodyElement.
cpp, line 103]
XPCWrappedNative::CallMethod  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, 
line 2034]
XPC_WN_CallMethod  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.
cpp, line 1781]
js_Invoke  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsinterp.c, line 949]
js_Interpret  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsinterp.c, line 2993]
js_Invoke  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsinterp.c, line 966]
js_InternalInvoke  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsinterp.c, line 1043]
JS_CallFunctionValue  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsapi.c, line 3698]
nsJSContext::CallEventHandler  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp, line 
1297]
nsJSEventListener::HandleEvent  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/dom/src/events/nsJSEventListener.cpp, line 
184]
nsEventListenerManager::HandleEventSubType  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/events/src/nsEventListenerManager.c
pp, line 1436]
nsEventListenerManager::HandleEvent  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/events/src/nsEventListenerManager.c
pp, line 1516]
GlobalWindowImpl::HandleDOMEvent  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/dom/src/base/nsGlobalWindow.cpp, line 927]
DocumentViewerImpl::LoadComplete  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/base/src/nsDocumentViewer.cpp, 
line 917]
nsDocShell::EndPageLoad  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/docshell/base/nsDocShell.cpp, line 4602]
nsWebShell::EndPageLoad  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/docshell/base/nsWebShell.cpp, line 760]
nsDocShell::OnStateChange  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/docshell/base/nsDocShell.cpp, line 4536]
nsDocLoaderImpl::FireOnStateChange  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/uriloader/base/nsDocLoader.cpp, line 1252]
nsDocLoaderImpl::doStopDocumentLoad  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/uriloader/base/nsDocLoader.cpp, line 873]
nsDocLoaderImpl::OnStopRequest  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/uriloader/base/nsDocLoader.cpp, line 701]
nsLoadGroup::RemoveRequest  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/netwerk/base/src/nsLoadGroup.cpp, line 695]
PresShell::RemoveDummyLayoutRequest  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/layout/html/base/src/nsPresShell.cpp, line 
6581]
PresShell::ProcessReflowCommands  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/layout/html/base/src/nsPresShell.cpp, line 
6454]
ReflowEvent::HandleEvent  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/layout/html/base/src/nsPresShell.cpp, line 
6226]
PL_HandleEvent  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/xpcom/threads/plevent.c, line 674]
0x778b0c24
nsMathMLmsubFrame::PlaceSubScript  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/layout/mathml/base/src/nsMathMLmsubFrame.cp
p, line 126]
0x458d563d
Assignee: nobody → general
Component: General → DOM: Core
Product: Firefox → Core
QA Contact: general → ian
Summary: Browser crashes after copying javascript containing document.write from iframe to main window → Browser crashes after copying javascript containing document.write from iframe to main window [@ nsGenericElement::InsertChildAt]
Version: unspecified → 1.7 Branch

Comment 5

12 years ago

*** This bug has been marked as a duplicate of 240592 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED

Updated

9 years ago
Component: DOM: Core → DOM: Core & HTML
QA Contact: ian → general
You need to log in before you can comment on or make changes to this bug.