Firefox crashes [@ nsEventStateManager::PreHandleEvent] on a window.close() when a XMLHttpRequest is in progress

RESOLVED DUPLICATE of bug 267286

Status

()

Core
Event Handling
--
critical
RESOLVED DUPLICATE of bug 267286
12 years ago
12 years ago

People

(Reporter: rameshch, Unassigned)

Tracking

({crash, testcase})

Trunk
x86
Linux
crash, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1


When a XMLHttpRequest is in progress and a window.close() is executed in the
onload or onerror handler of the XMLHttpRequest, firefox crashes with a segfault. 

Reproducible: Always

Steps to Reproduce:
Here is the minimal html + javascript that triggers the bug:

bug.html
--------
<html>
<head>
    <script src="bug.js"></script>
</head>
<body>

<a href="javascript:new_window()">New Window</a>

</body>
</html>

window.html
-----------
<html>
<head>
    <script src="bug.js"></script>
</head>

<body>
<a href="javascript:trigger_bug()">Trigger Bug</a>
</body>
</html>

bug.js
------

function new_window() {
    var w = window.open('window.html');
    w.focus();
}

function trigger_bug() {
    function load_cb() {
        alert("closing window");
        window.close();
    }
    
    var httpreq = new XMLHttpRequest();
    httpreq.open("GET", "dummy.html", true);
    httpreq.onload = load_cb;
    httpreq.onerror = load_cb;
    httpreq.send(null);
}

dummy.html
----------
Create any dummy html file that would be loaded by the XMLHttpRequest. It could
be even an empty file.

1. Put all these files in the same directory on the webserver
2. Browse to bug.html in firefox
3. Click on "New Window". This opens a new browser window
4. Click on "Trigger Bug". This pops a javascript message about closing the 
   window. Click Ok. This would crash firefox.


Actual Results:  
firefox crashes with a segmentation fault (Unix signal 11).

Expected Results:  
It should have closed the browser window.
I'm seeing this too with current trunk build.
Example here: http://wargers.org/mozilla/bug311788/

Talkback ID: TB10442193Y
nsEventStateManager::PreHandleEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/content/events/src/nsEventStateManager.cpp,
line 848]
PresShell::HandleEventInternal 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp,
line 6008]
PresShell::HandleEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp,
line 5850]
nsViewManager::HandleEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp,
line 2504]
nsViewManager::DispatchEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp,
line 2237]
HandleEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/view/src/nsView.cpp, line
174]
nsWindow::DispatchEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1060]
nsWindow::DispatchFocus 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 5979]
nsWindow::ProcessMessage 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 4542]
nsWindow::WindowProc 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1249]
USER32.dll + 0x27b17 (0x77d37b17)
USER32.dll + 0x2cdce (0x77d3cdce)
USER32.dll + 0x459d (0x77d1459d)
USER32.dll + 0x47b4 (0x77d147b4)
ntdll.dll + 0x2589f (0x77f6589f)
nsGlobalWindow::Focus 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/dom/src/base/nsGlobalWindow.cpp,
line 3481]
nsWebShellWindow::HandleEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/xpfe/appshell/src/nsWebShellWindow.cpp,
line 501]
nsWindow::DispatchEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1060]
nsWindow::DispatchFocus 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 5979]
nsWindow::ProcessMessage 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 4539]
nsWindow::WindowProc 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1249]
USER32.dll + 0x27b17 (0x77d37b17)
USER32.dll + 0x2cdce (0x77d3cdce)
USER32.dll + 0x459d (0x77d1459d)
USER32.dll + 0x47b4 (0x77d147b4)
ntdll.dll + 0x2589f (0x77f6589f)
USER32.dll + 0x2b982 (0x77d3b982)
nsWindow::DefaultWindowProc 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1275]
USER32.dll + 0x27b17 (0x77d37b17)
USER32.dll + 0x2cdce (0x77d3cdce)
USER32.dll + 0x5cc9 (0x77d15cc9)
USER32.dll + 0x13382 (0x77d23382)
nsWindow::WindowProc 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1256]
USER32.dll + 0x27b17 (0x77d37b17)
USER32.dll + 0x2cdce (0x77d3cdce)
USER32.dll + 0x4435 (0x77d14435)
USER32.dll + 0x9611 (0x77d19611)
nsAppStartup::Run 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp,
line 162]
main 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp,
line 61]
kernel32.dll + 0x1eb69 (0x77e5eb69)

This is probably a duplicate of bug 267286.
Assignee: nobody → events
Component: General → Event Handling
Keywords: crash, testcase
Product: Firefox → Core
QA Contact: general → ian
Summary: This is a javascript bug. Firefox crashes on a window.close() when a XMLHttpRequest is in progress → This is a javascript bug. Firefox crashes [@ nsEventStateManager::PreHandleEvent] on a window.close() when a XMLHttpRequest is in progress
Version: unspecified → Trunk
Summary: This is a javascript bug. Firefox crashes [@ nsEventStateManager::PreHandleEvent] on a window.close() when a XMLHttpRequest is in progress → Firefox crashes [@ nsEventStateManager::PreHandleEvent] on a window.close() when a XMLHttpRequest is in progress

Comment 2

12 years ago

*** This bug has been marked as a duplicate of 267286 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
Crash Signature: [@ nsEventStateManager::PreHandleEvent]
You need to log in before you can comment on or make changes to this bug.