Closed
Bug 338122
Opened 18 years ago
Closed 18 years ago
Crash [@ nsIMEStateManager::IsActive] when window gets removed on mousedown at button
Categories
(Core :: DOM: UI Events & Focus Handling, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: martijn.martijn, Assigned: smaug)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(4 files, 3 obsolete files)
962 bytes,
text/html
|
Details | |
957 bytes,
patch
|
Details | Diff | Splinter Review | |
27.12 KB,
patch
|
roc
:
review+
roc
:
superreview+
|
Details | Diff | Splinter Review |
27.62 KB,
patch
|
Details | Diff | Splinter Review |
See upcoming testcase, which crashes Mozilla within 1 second. It also crashes Mozilla1.7, so no recent regression.
Reporter | ||
Comment 1•18 years ago
|
||
Reporter | ||
Comment 2•18 years ago
|
||
Talkback ID: TB18745342Y nsIMEStateManager::IsActive nsIMEStateManager::OnChangeFocus nsEventStateManager::SetContentState nsHTMLButtonElement::PostHandleEvent nsEventTargetChainItem::PostHandleEvent nsEventTargetChainItem::HandleEventTargetChain nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventTargetChainItem::CreateChainAndHandleEvent nsEventDispatcher::Dispatch nsEventDispatcher::DispatchDOMEvent nsEventListenerManager::DispatchEvent nsDOMEventRTTearoff::DispatchEvent XPTC_InvokeByIndex XPCWrappedNative::CallMethod
Reporter | ||
Comment 3•18 years ago
|
||
Sorry, previous testcase didn't crash, because the iframe can take a while to load. This testcase uses the data uri. Setting designMode on data uri documents didn't work in older builds, so this testcase doesn't crash in older builds because of that.
Attachment #222161 -
Attachment is obsolete: true
Attachment #222162 -
Attachment is obsolete: true
Reporter | ||
Comment 4•18 years ago
|
||
Argh! The designMode part isn't even necessary, removing from summary.
Summary: Crash [@ nsIMEStateManager::IsActive] when window gets removed on mousedown and designMode is turned on → Crash [@ nsIMEStateManager::IsActive] when window gets removed on mousedown at button
Reporter | ||
Comment 5•18 years ago
|
||
Testcase with designMode removed.
Attachment #222163 -
Attachment is obsolete: true
Assignee | ||
Comment 6•18 years ago
|
||
presshell is possibly dead when trying to access the document.
Assignee: events → Olli.Pettay
Status: NEW → ASSIGNED
Attachment #222183 -
Flags: superreview?
Attachment #222183 -
Flags: review?
Assignee | ||
Updated•18 years ago
|
Attachment #222183 -
Flags: superreview?(roc)
Attachment #222183 -
Flags: superreview?
Attachment #222183 -
Flags: review?(roc)
Attachment #222183 -
Flags: review?
I think it would make more sense for the prescontext to keep its own strong reference to nsIDocument. Then we could ensure that GetDocument never returns null.
Assignee | ||
Comment 8•18 years ago
|
||
Hmm, would then have to make sure that there isn't any ref-loop.
I think any long-lived references are to the presshell, not to the prescontext.
Assignee | ||
Comment 10•18 years ago
|
||
Comment on attachment 222183 [details] [diff] [review] proposed patch I'll write a patch for nsIDocument member soonish
Attachment #222183 -
Flags: superreview?(roc)
Attachment #222183 -
Flags: review?(roc)
Assignee | ||
Comment 11•18 years ago
|
||
Like this? Changed also few PresShell() calls to GetPresShell() to remove useless assertions. With a quick test I didn't see any new leaks. There are many cases where presShell->GetDocument() could be changed to presContext->Document(), but that would be a separate clean up bug.
Attachment #222494 -
Flags: superreview?(roc)
Attachment #222494 -
Flags: review?(roc)
Assignee | ||
Comment 12•18 years ago
|
||
Comment on attachment 222494 [details] [diff] [review] Ensure that PresContext has always a document > > void > nsEventStateManager::EnsureDocument(nsPresContext* aPresContext) > { > if (!mDocument) >- EnsureDocument(aPresContext->PresShell()); >+ EnsureDocument(aPresContext->GetPresShell()); > } Make that mDocument = aPresContext->Document();
Comment on attachment 222494 [details] [diff] [review] Ensure that PresContext has always a document +nsIDocument* +nsPresContext::Document() const +{ + NS_ASSERTION(!mShell || !mShell->GetDocument() || + mShell->GetDocument() == mDocument, + "nsPresContext doesn't have the same document as nsPresShell!"); + return mDocument; +} Make this inline.
Attachment #222494 -
Flags: superreview?(roc)
Attachment #222494 -
Flags: superreview+
Attachment #222494 -
Flags: review?(roc)
Attachment #222494 -
Flags: review+
Assignee | ||
Comment 14•18 years ago
|
||
Assignee | ||
Updated•18 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Verified FIXED with build 2006-05-20-13 of SeaMonkey trunk using the testcase at https://bugzilla.mozilla.org/attachment.cgi?id=222164&action=view under Windows XP; no crash.
Status: RESOLVED → VERIFIED
Updated•13 years ago
|
Crash Signature: [@ nsIMEStateManager::IsActive]
Updated•5 years ago
|
Component: Event Handling → User events and focus handling
You need to log in
before you can comment on or make changes to this bug.
Description
•