Closed Bug 298250 Opened 20 years ago Closed 20 years ago

crash after alert within a function called by a onBlur event of a textarea with minimum one following form element [@ nsEventStateManager::ShiftFocusInternal]

Categories

(Core :: DOM: UI Events & Focus Handling, defect)

Product:
Core
Component:
DOM: UI Events & Focus Handling
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: lorenz.kahlert, Assigned: MatsPalmgren_bugz)

Details

(Keywords: testcase)

Attachments

(2 files)

testcase
528 bytes, text/html
Details
Patch rev. 1
2.53 KB, patch
bryner
: review+
bryner
: superreview+
chofmann
: approval1.8b3+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 This crash happens when a within the javascript function 'makeAlert()'. If the document.location.href comes before the alert call, the crash will happen. If the alert comes first no crash happens. If no other form element comes after textarea no crash happens. I don't know if this happens with other elements or events. <html> <head> <title>Testalert</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script type="text/javascript"> function makeAlert() { document.location.href = "anyLink.html"; alert("ABC"); return true; } </script> </head> <body> <h1>Test</h1> <form action="TestOne" name="testone"> <textarea cols="25" rows="2" name="textareaFirst" onBlur="makeAlert();"></textarea> <input type="text" size="4" maxlength="4" name="textLater" value=""/> </form> </body> </html> Reproducible: Always Steps to Reproduce: 1. click within textarea 2. leave textarea by using tab 3. click okay on alert Actual Results: error message appears, firefox disappears after click on okay or cancel german message: Die Anweisung in 0+006810a1 verweist auf Speicher 0x00000000. Der Vorgang "read" konnte nicht ausgeführt werden. .... Expected Results: simply display the alert message and continue maybe a connection to bug 267675
Attached file testcase
open testcase tab through the the page Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b2) Gecko/20050620 Firefox/1.0+ ID:2005062008 WFM
I see this crash too. Talkback ID: TB6830713G Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050619 Firefox/1.0+
crashes on linux, too: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b2) Gecko/20050618 Firefox/1.0+
Summary: crash after alert within a function called by a onBlur event of a textarea with minimum one following form element → crash after alert within a function called by a onBlur event of a textarea with minimum one following form element [@ nsEventStateManager::ShiftFocusInternal]
(In reply to comment #1) > Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b2) Gecko/20050620 > Firefox/1.0+ ID:2005062008 There's more to it: It doesn't crash when opened local, but no alert either It crashes when the testcase is opened
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050620 Firefox/1.0+ ID:2005062013 Confirming Tabbing through the test case and then clearing the prompt results in a crash TB6838842E Stack look very different to bug 267675 (mentioned in comment 0)
Assignee: nobody → general
Status: UNCONFIRMED → NEW
Component: General → JavaScript Engine
Ever confirmed: true
Product: Firefox → Core
QA Contact: general → general
Version: unspecified → Trunk
Incident ID: 6830713 Stack Signature nsEventStateManager::ShiftFocusInternal f74a7e2b Product ID FirefoxTrunk Build ID 2005061906 Trigger Time 2005-06-20 09:33:12.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module firefox.exe + (0029ded2) URL visited User Comments Since Last Crash 30612 sec Total Uptime 30612 sec Trigger Reason Access violation Source File, Line No. c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/content/events/src/nsEventStateManager.cpp, line 3117 Stack Trace nsEventStateManager::ShiftFocusInternal [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/content/events/src/nsEventStateManager.cpp, line 3117] nsEventStateManager::ShiftFocusInternal [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/content/events/src/nsEventStateManager.cpp, line 3263] nsEventStateManager::ShiftFocus [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/content/events/src/nsEventStateManager.cpp, line 3069] nsEventStateManager::PostHandleEvent [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/content/events/src/nsEventStateManager.cpp, line 2099] PresShell::HandleEventInternal [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6417] PresShell::HandleEvent [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6189] nsViewManager::HandleEvent [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp, line 2457] nsViewManager::DispatchEvent [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp, line 2224] HandleEvent [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/view/src/nsView.cpp, line 174] nsWindow::DispatchEvent [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1173] nsWindow::DispatchKeyEvent [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 3377] nsWindow::OnChar [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 3623] nsWindow::OnKeyDown [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 3469] nsWindow::ProcessMessage [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 4381] nsWindow::WindowProc [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1351] USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0x89cd (0x77d489cd) USER32.dll + 0x8a10 (0x77d48a10) nsAppShell::Run [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsAppShell.cpp, line 159] nsAppStartup::Run [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 145] main [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 61] kernel32.dll + 0x16d4f (0x7c816d4f)
Assignee: general → events
Component: JavaScript Engine → Event Handling
QA Contact: general → ian
Severity: normal → critical
Keywords: testcase
Assignee: events → mats.palmgren
Flags: blocking1.8b3?
OS: Windows 2000 → All
Attached patch Patch rev. 1Splinter Review
A simple null check fixes it. (cleaned up DEBUG_DOCSHELL_FOCUS code a bit too). Tested this against bug 118685, bug 232368, bug 232368 etc. for regressions. I can't reproduce bug 267675 so I can't say if it fixes that...
Attachment #186886 - Flags: superreview?(bryner)
Attachment #186886 - Flags: review?(bryner)
Attachment #186886 - Flags: superreview?(bryner)
Attachment #186886 - Flags: superreview+
Attachment #186886 - Flags: review?(bryner)
Attachment #186886 - Flags: review+
Attachment #186886 - Flags: approval1.8b3?
Comment on attachment 186886 [details] [diff] [review] Patch rev. 1 a=chofmann
Attachment #186886 - Flags: approval1.8b3? → approval1.8b3+
Checked in to trunk at 2005-06-21 15:55 PDT -> FIXED
Status: NEW → RESOLVED
Closed: 20 years ago
Flags: blocking1.8b3?
Resolution: --- → FIXED
Component: Event Handling → User events and focus handling
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: