Closed Bug 309564 Opened 20 years ago Closed 20 years ago

Firefox 1.5 Beta crash+ on planzo.com [@ nsTextFrame::GetPosition]

Categories

(Core :: Layout: Text and Fonts, defect)

Product:
Core
Component:
Layout: Text and Fonts
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: fehe, Unassigned)

References

(
URL
)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Testcase
508 bytes, text/html
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20050921 Firefox/1.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20050920 Firefox/1.4 The calendar script at demo.planzo.com both bypasses the Firefox JavaScript Advanced setting for "Disable or replace context menus" and crashes Firefox when a certain field in the caldendar script is clicked (1 or 4+ times). Note: This was originally reported by user Leoz on Mozillazine here: http://forums.mozillazine.org/viewtopic.php?t=320500&postdays=0&postorder=asc&postsperpage=15&start=0 Reproducible: Always Steps to Reproduce: PART I: The Crash ----------------- 1. Create a clean profile 2. Visit the linked URL ( http://demo.planzo.com ) 3. Click a box on the calendar and type a comment then press <ENTER> 4. Double-click the event you entered in Step 3. You should now see a popup with "Event Info:" on the left and "Event Options:" on the right. 5. Under "Event Options:" Click the "None" in the "Repeat:" field. 6. If you did not get a crash with a single click in Step 5, click the aformentioned field 3 or 4 additional times. Eventually, you should experience a crash. PART II: The Context Menu ------------------------- 1. Return to the http://demo.planzo.com site 2. Right-click anywhere on the page. Notice that your context menus do not work. 3. Under Firefox Tools --> Options --> Content --> (Enable JavaScript) Advanced..., ensure that "Disable or replace context menus" is not permitted. If you had to modify this, repleat Step 2 and observe that you still cannot get the context menu on a right-click. 4. Right double-click anywhere on the demo.planzo.com - except on the calendar. Notice that the context menu appears. Actual Results: I) Firefox crashed as per the steps outlined above II) Context menu behavior is as per the steps outlined above Expected Results: I) Firefox should not crash when cycling through the "Repeat" options II) The website should not be able to override the Firefox "Disable or replace context menus" preference
Version: unspecified → 1.5 Branch
Confirming with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050921 Firefox/1.6a1 TB9597989M
Status: UNCONFIRMED → NEW
Ever confirmed: true
Fails in seamonkey as well. TB9598057Z Changing product to core. Guessing at component.
Component: General → Layout
Product: Firefox → Core
QA Contact: general → layout
Version: 1.5 Branch → Trunk
Keywords: crash
Summary: Firefox 1.5 Beta crash+ on planzo.com → Firefox 1.5 Beta crash+ on planzo.com [@ nsTextFrame::GetPosition]
I'm seeing a regression between mozilla builds 2004052506 and 2004052601, indicating bug 244651. The page itself is not only heavy DHTML, but also does AJAX, so getting a testcase will be hard.
Component: Layout → Layout: Fonts and Text
Keywords: regression
OS: Windows XP → All
QA Contact: layout → layout.fonts-and-text
Andrew, does the patch in bug 307875 trigger asserts here? I'm not really sure how bug 244651 would have caused this....
Depends on: 307875
Attached file Testcase
This testcase is derived from the planzo site. It crashes every time for me when clicking on the right part of the text (not when I click on the left part of the text).
Tried Martijn's testcase on archive builds and then the regressiondate is 01-Oct-2004 - 02-Oct-2004
My build labelled "2004052605" build actually had build ID 2004060105. My debug build has the audacity to not crash (URL & testcase) and also doesn't assert with the patch from bug 307875
Incident ID: 9598057 Stack Signature nsTextFrame::GetPosition 3d3da10b Product ID MozillaTrunk Build ID 2005091306 Trigger Time 2005-09-21 18:32:31.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module gklayout.dll + (00047b27) URL visited http://demo.planzo.com/ User Comments Bug 309564 Since Last Crash 30599 sec Total Uptime 30599 sec Trigger Reason Access violation Source File, Line No. c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsText Frame.cpp, line 3903 Stack Trace nsTextFrame::GetPosition [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsTex tFrame.cpp, line 3903] nsTextFrame::GetContentAndOffsetsFromPoint [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsTex tFrame.cpp, line 3954] nsFrame::GetNextPrevLineFromeBlockFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsFra me.cpp, line 3307] nsBlockFrame::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/generic/nsBlo ckFrame.cpp, line 6606] PresShell::HandleEventInternal [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsPresSh ell.cpp, line 6223] PresShell::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsPresSh ell.cpp, line 6034] nsViewManager::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsViewManag er.cpp, line 2553] nsViewManager::DispatchEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsViewManag er.cpp, line 2245] HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsView.cpp, line 174] nsWindow::DispatchEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sWindow.cpp, line 1060] nsWindow::DispatchMouseEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sWindow.cpp, line 5803] ChildWindow::DispatchMouseEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sWindow.cpp, line 6054] nsWindow::WindowProc [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sWindow.cpp, line 1249] USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0x89cd (0x77d489cd) USER32.dll + 0x8a10 (0x77d48a10) nsAppShell::Run [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/n sAppShell.cpp, line 159] nsAppStartup::Run [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/components/star tup/src/nsAppStartup.cpp, line 208] main [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsApp Runner.cpp, line 1738] WinMain [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsApp Runner.cpp, line 1762] kernel32.dll + 0x16d4f (0x7c816d4f)
Based on the testcase in comment 5 that definitely looks like bug 307875 should "help" here...
Fixed by the check-in for bug 307875.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Is that check-in for bug 307875 going to land on the Branch soon?
Depends on whether it's caused the regressions we think it caused and on whether they have easy fixes.
Crash Signature: [@ nsTextFrame::GetPosition]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: