Closed Bug 311788 Opened 19 years ago Closed 19 years ago

Firefox crashes [@ nsEventStateManager::PreHandleEvent] on a window.close() when a XMLHttpRequest is in progress

Categories

(Core :: DOM: UI Events & Focus Handling, defect)

x86
Linux
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 267286

People

(Reporter: rameshch, Unassigned)

References

()

Details

(Keywords: crash, testcase)

Crash Data

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1


When a XMLHttpRequest is in progress and a window.close() is executed in the
onload or onerror handler of the XMLHttpRequest, firefox crashes with a segfault. 

Reproducible: Always

Steps to Reproduce:
Here is the minimal html + javascript that triggers the bug:

bug.html
--------
<html>
<head>
    <script src="bug.js"></script>
</head>
<body>

<a href="javascript:new_window()">New Window</a>

</body>
</html>

window.html
-----------
<html>
<head>
    <script src="bug.js"></script>
</head>

<body>
<a href="javascript:trigger_bug()">Trigger Bug</a>
</body>
</html>

bug.js
------

function new_window() {
    var w = window.open('window.html');
    w.focus();
}

function trigger_bug() {
    function load_cb() {
        alert("closing window");
        window.close();
    }
    
    var httpreq = new XMLHttpRequest();
    httpreq.open("GET", "dummy.html", true);
    httpreq.onload = load_cb;
    httpreq.onerror = load_cb;
    httpreq.send(null);
}

dummy.html
----------
Create any dummy html file that would be loaded by the XMLHttpRequest. It could
be even an empty file.

1. Put all these files in the same directory on the webserver
2. Browse to bug.html in firefox
3. Click on "New Window". This opens a new browser window
4. Click on "Trigger Bug". This pops a javascript message about closing the 
   window. Click Ok. This would crash firefox.


Actual Results:  
firefox crashes with a segmentation fault (Unix signal 11).

Expected Results:  
It should have closed the browser window.
I'm seeing this too with current trunk build.
Example here: http://wargers.org/mozilla/bug311788/

Talkback ID: TB10442193Y
nsEventStateManager::PreHandleEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/content/events/src/nsEventStateManager.cpp,
line 848]
PresShell::HandleEventInternal 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp,
line 6008]
PresShell::HandleEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp,
line 5850]
nsViewManager::HandleEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp,
line 2504]
nsViewManager::DispatchEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp,
line 2237]
HandleEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/view/src/nsView.cpp, line
174]
nsWindow::DispatchEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1060]
nsWindow::DispatchFocus 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 5979]
nsWindow::ProcessMessage 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 4542]
nsWindow::WindowProc 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1249]
USER32.dll + 0x27b17 (0x77d37b17)
USER32.dll + 0x2cdce (0x77d3cdce)
USER32.dll + 0x459d (0x77d1459d)
USER32.dll + 0x47b4 (0x77d147b4)
ntdll.dll + 0x2589f (0x77f6589f)
nsGlobalWindow::Focus 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/dom/src/base/nsGlobalWindow.cpp,
line 3481]
nsWebShellWindow::HandleEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/xpfe/appshell/src/nsWebShellWindow.cpp,
line 501]
nsWindow::DispatchEvent 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1060]
nsWindow::DispatchFocus 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 5979]
nsWindow::ProcessMessage 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 4539]
nsWindow::WindowProc 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1249]
USER32.dll + 0x27b17 (0x77d37b17)
USER32.dll + 0x2cdce (0x77d3cdce)
USER32.dll + 0x459d (0x77d1459d)
USER32.dll + 0x47b4 (0x77d147b4)
ntdll.dll + 0x2589f (0x77f6589f)
USER32.dll + 0x2b982 (0x77d3b982)
nsWindow::DefaultWindowProc 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1275]
USER32.dll + 0x27b17 (0x77d37b17)
USER32.dll + 0x2cdce (0x77d3cdce)
USER32.dll + 0x5cc9 (0x77d15cc9)
USER32.dll + 0x13382 (0x77d23382)
nsWindow::WindowProc 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1256]
USER32.dll + 0x27b17 (0x77d37b17)
USER32.dll + 0x2cdce (0x77d3cdce)
USER32.dll + 0x4435 (0x77d14435)
USER32.dll + 0x9611 (0x77d19611)
nsAppStartup::Run 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp,
line 162]
main 
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp,
line 61]
kernel32.dll + 0x1eb69 (0x77e5eb69)

This is probably a duplicate of bug 267286.
Assignee: nobody → events
Component: General → Event Handling
Keywords: crash, testcase
Product: Firefox → Core
QA Contact: general → ian
Summary: This is a javascript bug. Firefox crashes on a window.close() when a XMLHttpRequest is in progress → This is a javascript bug. Firefox crashes [@ nsEventStateManager::PreHandleEvent] on a window.close() when a XMLHttpRequest is in progress
Version: unspecified → Trunk
Summary: This is a javascript bug. Firefox crashes [@ nsEventStateManager::PreHandleEvent] on a window.close() when a XMLHttpRequest is in progress → Firefox crashes [@ nsEventStateManager::PreHandleEvent] on a window.close() when a XMLHttpRequest is in progress

*** This bug has been marked as a duplicate of 267286 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Crash Signature: [@ nsEventStateManager::PreHandleEvent]
Component: Event Handling → User events and focus handling
You need to log in before you can comment on or make changes to this bug.