Closed
Bug 319914
Opened 20 years ago
Closed 19 years ago
Pasting the character 173 (0xAD, ­) into textbox causes crash [@ nsFontMetricsWin::ResolveForwards]
Categories
(Core Graveyard :: GFX: Win32, defect)
Core Graveyard
GFX: Win32
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla1.8.1
People
(Reporter: poolfish666, Unassigned)
References
Details
(4 keywords)
Crash Data
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
By pasting the "Soft Hyphen" character in to a text input box in Firefox, it causes an instant crash. ALT+0173 in Windows will produce this character. In webpages containing the character, Firefox fails to render the character properly, effectively hiding the character. I can still be copied to the clipboard, however.
Reproducible: Always
Steps to Reproduce:
1. Copy ASCII character 173 to the clipboard
2. In Firefox, paste the character in to the Location Bar.
Actual Results:
Firefox immediately crashes.
Expected Results:
A pasted "Soft Hyphen" character should have appeared in the Location Bar.
This bug has been tested on Firefox 1.5 on both Windows XP and Mac OS X.
Group: security
Keywords: stackwanted
|
||
Comment 1•19 years ago
|
||
Stacktrace:
nsFontMetricsWin::ResolveForwards(nsFontMetricsWin * const 0x00000000, HDC__ * 0x1001090e, const unsigned short * 0x00000001, unsigned int 38731848, int (const nsFontSwitch *, const unsigned short *, unsigned int, void *)* 0x01c55f1d do_GetWidth(const nsFontSwitch *, const unsigned short *, unsigned int, void *), void * 0x0012e9b4) line 4090
nsRenderingContextWin::GetWidth(nsRenderingContextWin * const 0x0283a490, const unsigned short * 0x0012ecb0, unsigned int 1240620, int & 0, int * 0x00000000) line 1522
nsTextFrame::GetPointFromOffset(nsTextFrame * const 0x00000000, nsPresContext * 0x00000000, nsIRenderingContext * 0x0283a490, int 107158480, nsPoint * 0x0012eec4) line 4377
nsTypedSelection::GetPointFromOffset(nsTypedSelection * const 0x00000000, nsIFrame * 0x046f1888, int 1, nsPoint * 0x0012eec4) line 6705
nsTypedSelection::GetCachedFrameOffset(nsTypedSelection * const 0x03e53fa4, nsIFrame * 0x046f1888, int 1, nsPoint & {...}) line 5048
nsCaret::GetCaretRectAndInvert(nsCaret * const 0x00000000, nsIFrame * 0x046f1888, int 1) line 1054
nsCaret::DrawAtPositionWithHint(nsCaret * const 0x00000000, nsIDOMNode * 0x046f1888, int 1, nsIFrameSelection::HINT 102413040, unsigned char 96) line 585 + 13 bytes
nsCaret::DrawCaret(nsCaret * const 0x00000000) line 974
nsCaret::StartBlinking(nsCaret * const 0x00000000) line 525
nsCaret::SetCaretVisible(nsCaret * const 0x06cbed98, int 1) line 253
StCaretHider::~StCaretHider(StCaretHider * const 0x00000000) line 157
nsEditor::EndUpdateViewBatch(nsEditor * const 0x00000000) line 4507 + 13 bytes
nsEditor::EndPlaceHolderTransaction(nsEditor * const 0x03e53fa0) line 926
nsAutoPlaceHolderBatch::~nsAutoPlaceHolderBatch(nsAutoPlaceHolderBatch * const 0x00000000) line 66 + 18 bytes
nsPlaintextEditor::InsertTextFromTransferable(nsPlaintextEditor * const 0x03f88480, nsITransferable * 0x07b26b08, nsIDOMNode * 0x00000000, int 0, int 1) line 132 + 11 bytes
nsPlaintextEditor::Paste(nsPlaintextEditor * const 0x03faab08, int 30894656) line 443
nsPasteCommand::DoCommand(nsPasteCommand * const 0x02857270, const char * 0x0012f460, nsISupports * 0x03f88480) line 418 + 11 bytes
nsControllerCommandTable::DoCommand(nsControllerCommandTable * const 0x02831078, const char * 0x0012f460, nsISupports * 0x03f88480) line 191 + 12 bytes
nsBaseCommandController::DoCommand(nsBaseCommandController * const 0x047136a8, const char * 0x0012f460) line 132
nsXBLPrototypeHandler::ExecuteHandler(nsXBLPrototypeHandler * const 0x00000000, nsIDOMEventReceiver * 0x06b162b0, nsIDOMEvent * 0x0773d418) line 359
nsXBLKeyEventHandler::HandleEvent(nsXBLKeyEventHandler * const 0x0460bed0, nsIDOMEvent * 0x00000006) line 151 + 11 bytes
nsEventListenerManager::HandleEventSubType(nsEventListenerManager * const 0x00000000, nsListenerStruct * 0x02d99f88, nsIDOMEventListener * 0x0460bed0, nsIDOMEvent * 0x0773d418, nsIDOMEventTarget * 0x06b162b0, unsigned int 125031456, unsigned int 519) line 1684 + 12 bytes
nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x03be30c8, nsPresContext * 0x00000003, nsEvent * 0x0012f9e4, nsIDOMEvent * * 0x0012f6c4, nsIDOMEventTarget * 0x06b162b0, unsigned int 519, nsEventStatus * 0x0012f930) line 1791
nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x00000000, nsPresContext * 0x031baab8, nsEvent * 0x00000000, nsIDOMEvent * * 0x0012f6c4, unsigned int 519, nsEventStatus * 0x0012f930) line 2196
nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x00000000, nsPresContext * 0x031baab8, nsEvent * 0x0012f9e4, nsIDOMEvent * * 0x00000000, unsigned int 513, nsEventStatus * 0x0012f930) line 1359 + 27 bytes
PresShell::HandleEventInternal(PresShell * const 0x00000000, nsEvent * 0x00000000, nsIView * 0x07303318, unsigned int 1, nsEventStatus * 0x0012f930) line 6062 + 18 bytes
PresShell::HandleEvent(PresShell * const 0x061ab2f0, nsIView * 0x07303318, nsGUIEvent * 0x0012f9e4, nsEventStatus * 0x0012f930, int 1, int & 1) line 5863 + 19 bytes
nsViewManager::HandleEvent(nsViewManager * const 0x00000000, nsView * 0x00000001, nsPoint {...}, nsGUIEvent * 0x00000000, int 0) line 2504
nsViewManager::DispatchEvent(nsViewManager * const 0x06459198, nsGUIEvent * 0x07303318, nsEventStatus * 0x0012f9a4) line 2237 + 41 bytes
HandleEvent(nsGUIEvent * 0x0012f9e4) line 176
nsWindow::DispatchEvent(nsWindow * const 0x047914b4, nsGUIEvent * 0x0012f9e4, nsEventStatus & nsEventStatus_eIgnore) line 1162 + 3 bytes
nsWindow::DispatchWindowEvent(nsWindow * const 0x00000000, nsGUIEvent * 0x00000000) line 1183
nsWindow::DispatchKeyEvent(nsWindow * const 0x00000000, unsigned int 131, unsigned short 118, unsigned int 0, long 0, unsigned int 0) line 3372 + 14 bytes
nsWindow::OnChar(nsWindow * const 0x00000000, unsigned int 22, unsigned int 0) line 3618
nsWindow::OnKeyDown(nsWindow * const 0x00000000, unsigned int 86, unsigned int 47, long 3080193) line 3464 + 13 bytes
nsWindow::ProcessMessage(nsWindow * const 0x00000000, unsigned int 256, unsigned int 86, long 3080193, long * 0x0012fd78) line 4453 + 18 bytes
nsWindow::WindowProc(HWND__ * 0x0014008e, unsigned int 256, unsigned int 86, long 75044020) line 1351 + 16 bytes
USER32! 77e3158f()
USER32! 77e31dc9()
USER32! 77e31e7e()
nsAppStartup::Run(nsAppStartup * const 0x00f78148) line 208
main1(int 0, char * * 0x00242428, nsISupports * 0x00000000) line 1249 + 9 bytes
main(int 1, char * * 0x00242428) line 1739 + 22 bytes
WinMain(HINSTANCE__ * 0x00400000, HINSTANCE__ * 0x00400000, char * 0x0013388e, HINSTANCE__ * 0x00400000) line 1763 + 23 bytes
SEAMONKEY! WinMainCRTStartup + 308 bytes
KERNEL32! 77e98989()
-->GFX: Win32 i think (not sure so, since Reporter says this also occours on Mac OS X)
Assignee: nobody → win32
Component: General → GFX: Win32
Keywords: stackwanted → crash
Product: Firefox → Core
QA Contact: general → ian
Summary: Pasting the ASCII character 173 in to Firefox causes it to crash → Pasting the ASCII character 173 into textbox causes Firefox to crash [@ nsFontMetricsWin::ResolveForwards]
Version: 1.5 Branch → Trunk
|
||
Comment 2•19 years ago
|
||
This crash happens for Mozilla/SeaMonkey also. The Windows version Mozilla 1.8a1 (2004-05-20) is still okay, but the Windows nightly 2004-06-01 already crashes.
|
|
||
Updated•19 years ago
|
Summary: Pasting the ASCII character 173 into textbox causes Firefox to crash [@ nsFontMetricsWin::ResolveForwards] → Pasting the character 173 (0xAD) into textbox causes crash [@ nsFontMetricsWin::ResolveForwards]
|
|
||
Comment 3•19 years ago
|
||
In my debug build, this crashes in nsTextFrame::PeekOffset, so there may be a connection to bug 321487 comment 9!
|
|
||
Updated•19 years ago
|
Summary: Pasting the character 173 (0xAD) into textbox causes crash [@ nsFontMetricsWin::ResolveForwards] → Pasting the character 173 (0xAD, ­) into textbox causes crash [@ nsFontMetricsWin::ResolveForwards]
|
||
Comment 4•19 years ago
|
||
I'm making this depend on bug 321487, although they're almost certainly the same bug.
I can't reproduce this one myself on OS X, so hopefully when 321487 is fixed, someone else would be able to verify that this bug is fixed as well.
Depends on: 321487
|
|
||
Comment 5•19 years ago
|
||
OK, the patch for bug 321487 was checked in yesterday. Can someone please verify that this bug is fixed with the latest trunk nightly?
|
|
||
Comment 6•19 years ago
|
||
I'm marking this FIXED (as well as fixed1.8.1, fixed1.8.0.1) based on bug 321487 comment 13.
If anyone can verify that would be great.
Status: NEW → RESOLVED
Closed: 19 years ago
Keywords: fixed1.8.0.1,
fixed1.8.1
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.8.1
|
||
Comment 7•19 years ago
|
||
v.fixed on 1.8.0.1 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060104 Firefox/1.5.0.1, was able to past soft hyphen'd text into textboxes without crash.
Keywords: verified1.8.0.1
|
||
Updated•19 years ago
|
Keywords: fixed1.8.0.1
|
|
||
Comment 8•19 years ago
|
||
*** Bug 324324 has been marked as a duplicate of this bug. ***
|
||
Comment 9•19 years ago
|
||
*** Bug 325003 has been marked as a duplicate of this bug. ***
|
||
Updated•16 years ago
|
Product: Core → Core Graveyard
|
|
||
Updated•14 years ago
|
Crash Signature: [@ nsFontMetricsWin::ResolveForwards]
You need to log in
before you can comment on or make changes to this bug.
Description
•