Closed Bug 337586 Opened 18 years ago Closed 18 years ago

Crash [@ PresShell::InitialReflow] when window gets destroyed duren beforeunload event handler, pressing reload

Categories

(Core :: DOM: UI Events & Focus Handling, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: martijn.martijn, Assigned: smaug)

References

(Depends on 1 open bug)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(3 files, 1 obsolete file)

See upcoming testcase, which crashes Mozilla when pressing the reload button in a popup window.

Talkback ID: TB18548174M
PresShell::InitialReflow   nsContentSink::StartLayout  

I haven't figured out the regression range, yet.
Attached file testcase
Flags: blocking1.9a1?
Attached patch proposed patch (obsolete) — Splinter Review
I think this should be enough.
Assignee: events → Olli.Pettay
Status: NEW → ASSIGNED
Attachment #221789 - Flags: superreview?(bzbarsky)
Attachment #221789 - Flags: review?(bzbarsky)
Comment on attachment 221789 [details] [diff] [review]
proposed patch

bah, no. The PresShell gets deleted during InitialReflow. :(
Will do a better patch
Attachment #221789 - Attachment is obsolete: true
Attachment #221789 - Flags: superreview?(bzbarsky)
Attachment #221789 - Flags: review?(bzbarsky)
Attached patch better patchSplinter Review
Keeping the presshell alive for a bit longer.
Attachment #221798 - Flags: superreview?(bzbarsky)
Attachment #221798 - Flags: review?(bzbarsky)
Comment on attachment 221798 [details] [diff] [review]
better patch

>Index: layout/base/nsPresShell.cpp

>+  nsCOMPtr<nsIPresShell> kungFuDeathGrip(this);

File a followup bug on undoing this and make it dependent on roc's bug about running script at safe times, please?
>+    // Something in the mFrameConstructor->ContentInserted 

s/the//

>@@ -2802,16 +2807,17 @@ PresShell::InitialReflow(nscoord 
> #endif
>+
>     nsRect                bounds = 

Please undo that change?

r+sr=bzbarsky with that.
Attachment #221798 - Flags: superreview?(bzbarsky)
Attachment #221798 - Flags: superreview+
Attachment #221798 - Flags: review?(bzbarsky)
Attachment #221798 - Flags: review+
Depends on: 338025
Checking in content/base/src/nsContentSink.cpp;
/cvsroot/mozilla/content/base/src/nsContentSink.cpp,v  <--  nsContentSink.cpp
new revision: 1.53; previous revision: 1.52
done
Checking in content/html/document/src/nsMediaDocument.cpp;
/cvsroot/mozilla/content/html/document/src/nsMediaDocument.cpp,v  <--  nsMediaDocument.cpp
new revision: 1.34; previous revision: 1.33
done
Checking in content/xul/document/src/nsXULDocument.cpp;
/cvsroot/mozilla/content/xul/document/src/nsXULDocument.cpp,v  <--  nsXULDocument.cpp
new revision: 1.715; previous revision: 1.714
done
Checking in layout/base/nsPresShell.cpp;
/cvsroot/mozilla/layout/base/nsPresShell.cpp,v  <--  nsPresShell.cpp
new revision: 3.917; previous revision: 3.916
done
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Flags: blocking1.9a1?
Smaug: I'm trying to reproduce this, do you remember how ContentInserted could end up firing beforeunload?

Trying to figure out what types of protections I need to add in bug 401155
(In reply to comment #8)
> Smaug: I'm trying to reproduce this, do you remember how ContentInserted could
> end up firing beforeunload?
I don't remember that now. And this was fixed long time ago. So many other
things have changed since then. 
Crash Signature: [@ PresShell::InitialReflow]
Component: Event Handling → User events and focus handling
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: