Closed
Bug 309564
Opened 19 years ago
Closed 19 years ago
Firefox 1.5 Beta crash+ on planzo.com [@ nsTextFrame::GetPosition]
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: fehe, Unassigned)
References
()
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
508 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20050921 Firefox/1.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20050920 Firefox/1.4 The calendar script at demo.planzo.com both bypasses the Firefox JavaScript Advanced setting for "Disable or replace context menus" and crashes Firefox when a certain field in the caldendar script is clicked (1 or 4+ times). Note: This was originally reported by user Leoz on Mozillazine here: http://forums.mozillazine.org/viewtopic.php?t=320500&postdays=0&postorder=asc&postsperpage=15&start=0 Reproducible: Always Steps to Reproduce: PART I: The Crash ----------------- 1. Create a clean profile 2. Visit the linked URL ( http://demo.planzo.com ) 3. Click a box on the calendar and type a comment then press <ENTER> 4. Double-click the event you entered in Step 3. You should now see a popup with "Event Info:" on the left and "Event Options:" on the right. 5. Under "Event Options:" Click the "None" in the "Repeat:" field. 6. If you did not get a crash with a single click in Step 5, click the aformentioned field 3 or 4 additional times. Eventually, you should experience a crash. PART II: The Context Menu ------------------------- 1. Return to the http://demo.planzo.com site 2. Right-click anywhere on the page. Notice that your context menus do not work. 3. Under Firefox Tools --> Options --> Content --> (Enable JavaScript) Advanced..., ensure that "Disable or replace context menus" is not permitted. If you had to modify this, repleat Step 2 and observe that you still cannot get the context menu on a right-click. 4. Right double-click anywhere on the demo.planzo.com - except on the calendar. Notice that the context menu appears. Actual Results: I) Firefox crashed as per the steps outlined above II) Context menu behavior is as per the steps outlined above Expected Results: I) Firefox should not crash when cycling through the "Repeat" options II) The website should not be able to override the Firefox "Disable or replace context menus" preference
|
||
Comment 1•19 years ago
|
||
Confirming with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050921 Firefox/1.6a1 TB9597989M
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
||
Comment 2•19 years ago
|
||
Fails in seamonkey as well. TB9598057Z Changing product to core. Guessing at component.
Component: General → Layout
Product: Firefox → Core
QA Contact: general → layout
Version: 1.5 Branch → Trunk
|
|
||
Updated•19 years ago
|
Keywords: crash
Summary: Firefox 1.5 Beta crash+ on planzo.com → Firefox 1.5 Beta crash+ on planzo.com [@ nsTextFrame::GetPosition]
|
||
Comment 3•19 years ago
|
||
I'm seeing a regression between mozilla builds 2004052506 and 2004052601, indicating bug 244651. The page itself is not only heavy DHTML, but also does AJAX, so getting a testcase will be hard.
Component: Layout → Layout: Fonts and Text
Keywords: regression
OS: Windows XP → All
QA Contact: layout → layout.fonts-and-text
|
||
Comment 4•19 years ago
|
||
Andrew, does the patch in bug 307875 trigger asserts here? I'm not really sure how bug 244651 would have caused this....
Depends on: 307875
|
||
Comment 5•19 years ago
|
||
This testcase is derived from the planzo site. It crashes every time for me when clicking on the right part of the text (not when I click on the left part of the text).
|
||
Comment 6•19 years ago
|
||
Tried Martijn's testcase on archive builds and then the regressiondate is 01-Oct-2004 - 02-Oct-2004
|
|
||
Comment 7•19 years ago
|
||
My build labelled "2004052605" build actually had build ID 2004060105. My debug build has the audacity to not crash (URL & testcase) and also doesn't assert with the patch from bug 307875
Incident ID: 9598057 Stack Signature nsTextFrame::GetPosition 3d3da10b Product ID MozillaTrunk Build ID 2005091306 Trigger Time 2005-09-21 18:32:31.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module gklayout.dll + (00047b27) URL visited http://demo.planzo.com/ User Comments Bug 309564 Since Last Crash 30599 sec Total Uptime 30599 sec Trigger Reason Access violation Source File, Line No. c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsText Frame.cpp, line 3903 Stack Trace nsTextFrame::GetPosition [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsTex tFrame.cpp, line 3903] nsTextFrame::GetContentAndOffsetsFromPoint [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsTex tFrame.cpp, line 3954] nsFrame::GetNextPrevLineFromeBlockFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsFra me.cpp, line 3307] nsBlockFrame::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsBlo ckFrame.cpp, line 6606] PresShell::HandleEventInternal [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsPresSh ell.cpp, line 6223] PresShell::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsPresSh ell.cpp, line 6034] nsViewManager::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsViewManag er.cpp, line 2553] nsViewManager::DispatchEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsViewManag er.cpp, line 2245] HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsView.cpp, line 174] nsWindow::DispatchEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sWindow.cpp, line 1060] nsWindow::DispatchMouseEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sWindow.cpp, line 5803] ChildWindow::DispatchMouseEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sWindow.cpp, line 6054] nsWindow::WindowProc [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sWindow.cpp, line 1249] USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0x89cd (0x77d489cd) USER32.dll + 0x8a10 (0x77d48a10) nsAppShell::Run [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sAppShell.cpp, line 159] nsAppStartup::Run [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/components/star tup/src/nsAppStartup.cpp, line 208] main [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsApp Runner.cpp, line 1738] WinMain [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsApp Runner.cpp, line 1762] kernel32.dll + 0x16d4f (0x7c816d4f)
|
|
||
Comment 9•19 years ago
|
||
Based on the testcase in comment 5 that definitely looks like bug 307875 should "help" here...
|
||
Comment 10•19 years ago
|
||
Fixed by the check-in for bug 307875.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
Reporter | |
Comment 11•19 years ago
|
||
Is that check-in for bug 307875 going to land on the Branch soon?
|
|
||
Comment 12•19 years ago
|
||
Depends on whether it's caused the regressions we think it caused and on whether they have easy fixes.
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@ nsTextFrame::GetPosition]
You need to log in
before you can comment on or make changes to this bug.
Description
•