Closed
Bug 309564
Opened 19 years ago
Closed 19 years ago
Firefox 1.5 Beta crash+ on planzo.com [@ nsTextFrame::GetPosition]
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: fehe, Unassigned)
References
()
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
508 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20050921 Firefox/1.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20050920 Firefox/1.4 The calendar script at demo.planzo.com both bypasses the Firefox JavaScript Advanced setting for "Disable or replace context menus" and crashes Firefox when a certain field in the caldendar script is clicked (1 or 4+ times). Note: This was originally reported by user Leoz on Mozillazine here: http://forums.mozillazine.org/viewtopic.php?t=320500&postdays=0&postorder=asc&postsperpage=15&start=0 Reproducible: Always Steps to Reproduce: PART I: The Crash ----------------- 1. Create a clean profile 2. Visit the linked URL ( http://demo.planzo.com ) 3. Click a box on the calendar and type a comment then press <ENTER> 4. Double-click the event you entered in Step 3. You should now see a popup with "Event Info:" on the left and "Event Options:" on the right. 5. Under "Event Options:" Click the "None" in the "Repeat:" field. 6. If you did not get a crash with a single click in Step 5, click the aformentioned field 3 or 4 additional times. Eventually, you should experience a crash. PART II: The Context Menu ------------------------- 1. Return to the http://demo.planzo.com site 2. Right-click anywhere on the page. Notice that your context menus do not work. 3. Under Firefox Tools --> Options --> Content --> (Enable JavaScript) Advanced..., ensure that "Disable or replace context menus" is not permitted. If you had to modify this, repleat Step 2 and observe that you still cannot get the context menu on a right-click. 4. Right double-click anywhere on the demo.planzo.com - except on the calendar. Notice that the context menu appears. Actual Results: I) Firefox crashed as per the steps outlined above II) Context menu behavior is as per the steps outlined above Expected Results: I) Firefox should not crash when cycling through the "Repeat" options II) The website should not be able to override the Firefox "Disable or replace context menus" preference
Comment 1•19 years ago
|
||
Confirming with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050921 Firefox/1.6a1 TB9597989M
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 2•19 years ago
|
||
Fails in seamonkey as well. TB9598057Z Changing product to core. Guessing at component.
Component: General → Layout
Product: Firefox → Core
QA Contact: general → layout
Version: 1.5 Branch → Trunk
Updated•19 years ago
|
Keywords: crash
Summary: Firefox 1.5 Beta crash+ on planzo.com → Firefox 1.5 Beta crash+ on planzo.com [@ nsTextFrame::GetPosition]
Comment 3•19 years ago
|
||
I'm seeing a regression between mozilla builds 2004052506 and 2004052601, indicating bug 244651. The page itself is not only heavy DHTML, but also does AJAX, so getting a testcase will be hard.
Component: Layout → Layout: Fonts and Text
Keywords: regression
OS: Windows XP → All
QA Contact: layout → layout.fonts-and-text
Comment 4•19 years ago
|
||
Andrew, does the patch in bug 307875 trigger asserts here? I'm not really sure how bug 244651 would have caused this....
Depends on: 307875
Comment 5•19 years ago
|
||
This testcase is derived from the planzo site. It crashes every time for me when clicking on the right part of the text (not when I click on the left part of the text).
Comment 6•19 years ago
|
||
Tried Martijn's testcase on archive builds and then the regressiondate is 01-Oct-2004 - 02-Oct-2004
Comment 7•19 years ago
|
||
My build labelled "2004052605" build actually had build ID 2004060105. My debug build has the audacity to not crash (URL & testcase) and also doesn't assert with the patch from bug 307875
Incident ID: 9598057 Stack Signature nsTextFrame::GetPosition 3d3da10b Product ID MozillaTrunk Build ID 2005091306 Trigger Time 2005-09-21 18:32:31.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module gklayout.dll + (00047b27) URL visited http://demo.planzo.com/ User Comments Bug 309564 Since Last Crash 30599 sec Total Uptime 30599 sec Trigger Reason Access violation Source File, Line No. c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsText Frame.cpp, line 3903 Stack Trace nsTextFrame::GetPosition [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsTex tFrame.cpp, line 3903] nsTextFrame::GetContentAndOffsetsFromPoint [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsTex tFrame.cpp, line 3954] nsFrame::GetNextPrevLineFromeBlockFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsFra me.cpp, line 3307] nsBlockFrame::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsBlo ckFrame.cpp, line 6606] PresShell::HandleEventInternal [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsPresSh ell.cpp, line 6223] PresShell::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsPresSh ell.cpp, line 6034] nsViewManager::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsViewManag er.cpp, line 2553] nsViewManager::DispatchEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsViewManag er.cpp, line 2245] HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsView.cpp, line 174] nsWindow::DispatchEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sWindow.cpp, line 1060] nsWindow::DispatchMouseEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sWindow.cpp, line 5803] ChildWindow::DispatchMouseEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sWindow.cpp, line 6054] nsWindow::WindowProc [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sWindow.cpp, line 1249] USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0x89cd (0x77d489cd) USER32.dll + 0x8a10 (0x77d48a10) nsAppShell::Run [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sAppShell.cpp, line 159] nsAppStartup::Run [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/components/star tup/src/nsAppStartup.cpp, line 208] main [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsApp Runner.cpp, line 1738] WinMain [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsApp Runner.cpp, line 1762] kernel32.dll + 0x16d4f (0x7c816d4f)
Comment 9•19 years ago
|
||
Based on the testcase in comment 5 that definitely looks like bug 307875 should "help" here...
Comment 10•19 years ago
|
||
Fixed by the check-in for bug 307875.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 11•19 years ago
|
||
Is that check-in for bug 307875 going to land on the Branch soon?
Comment 12•19 years ago
|
||
Depends on whether it's caused the regressions we think it caused and on whether they have easy fixes.
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ nsTextFrame::GetPosition]
You need to log in
before you can comment on or make changes to this bug.
Description
•