Closed Bug 337586 Opened 19 years ago Closed 19 years ago

Crash [@ PresShell::InitialReflow] when window gets destroyed duren beforeunload event handler, pressing reload

Categories

(Core :: DOM: UI Events & Focus Handling, defect)

Product:
Core
Component:
DOM: UI Events & Focus Handling
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: martijn.martijn, Assigned: smaug)

References

(Depends on 1 open bug)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(3 files, 1 obsolete file)

popup window needed for testcase
223 bytes, text/html
Details
testcase
326 bytes, text/html
Details
better patch
7.44 KB, patch
bzbarsky
: review+
bzbarsky
: superreview+
Details | Diff | Splinter Review
See upcoming testcase, which crashes Mozilla when pressing the reload button in a popup window. Talkback ID: TB18548174M PresShell::InitialReflow nsContentSink::StartLayout I haven't figured out the regression range, yet.
Attached file testcase
Flags: blocking1.9a1?
Attached patch proposed patch (obsolete) — Splinter Review
I think this should be enough.
Assignee: events → Olli.Pettay
Status: NEW → ASSIGNED
Attachment #221789 - Flags: superreview?(bzbarsky)
Attachment #221789 - Flags: review?(bzbarsky)
Comment on attachment 221789 [details] [diff] [review] proposed patch bah, no. The PresShell gets deleted during InitialReflow. :( Will do a better patch
Attachment #221789 - Attachment is obsolete: true
Attachment #221789 - Flags: superreview?(bzbarsky)
Attachment #221789 - Flags: review?(bzbarsky)
Attached patch better patchSplinter Review
Keeping the presshell alive for a bit longer.
Attachment #221798 - Flags: superreview?(bzbarsky)
Attachment #221798 - Flags: review?(bzbarsky)
Comment on attachment 221798 [details] [diff] [review] better patch >Index: layout/base/nsPresShell.cpp >+ nsCOMPtr<nsIPresShell> kungFuDeathGrip(this); File a followup bug on undoing this and make it dependent on roc's bug about running script at safe times, please? >+ // Something in the mFrameConstructor->ContentInserted s/the// >@@ -2802,16 +2807,17 @@ PresShell::InitialReflow(nscoord > #endif >+ > nsRect bounds = Please undo that change? r+sr=bzbarsky with that.
Attachment #221798 - Flags: superreview?(bzbarsky)
Attachment #221798 - Flags: superreview+
Attachment #221798 - Flags: review?(bzbarsky)
Attachment #221798 - Flags: review+
Depends on: 338025
Checking in content/base/src/nsContentSink.cpp; /cvsroot/mozilla/content/base/src/nsContentSink.cpp,v <-- nsContentSink.cpp new revision: 1.53; previous revision: 1.52 done Checking in content/html/document/src/nsMediaDocument.cpp; /cvsroot/mozilla/content/html/document/src/nsMediaDocument.cpp,v <-- nsMediaDocument.cpp new revision: 1.34; previous revision: 1.33 done Checking in content/xul/document/src/nsXULDocument.cpp; /cvsroot/mozilla/content/xul/document/src/nsXULDocument.cpp,v <-- nsXULDocument.cpp new revision: 1.715; previous revision: 1.714 done Checking in layout/base/nsPresShell.cpp; /cvsroot/mozilla/layout/base/nsPresShell.cpp,v <-- nsPresShell.cpp new revision: 3.917; previous revision: 3.916 done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Flags: blocking1.9a1?
Smaug: I'm trying to reproduce this, do you remember how ContentInserted could end up firing beforeunload? Trying to figure out what types of protections I need to add in bug 401155
(In reply to comment #8) > Smaug: I'm trying to reproduce this, do you remember how ContentInserted could > end up firing beforeunload? I don't remember that now. And this was fixed long time ago. So many other things have changed since then.
Crash Signature: [@ PresShell::InitialReflow]
Component: Event Handling → User events and focus handling
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: