Firefox crashes in certain usage involving iframe and javascript

RESOLVED WORKSFORME

Status

()

--
critical
RESOLVED WORKSFORME
13 years ago
11 years ago

People

(Reporter: vvv, Unassigned)

Tracking

({crash, testcase})

1.5.0.x Branch
x86
Linux
crash, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060406 Firefox/1.5.0.4 (Debian-1.5.dfsg+1.5.0.4-1)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060406 Firefox/1.5.0.4 (Debian-1.5.dfsg+1.5.0.4-1)

firefox crashes in certain usage involving iframe and javascript - see below


Reproducible: Always

Steps to Reproduce:
1. create a file crashme.html (copy the content between the lines with the "=" signs):
===========================================
<html>
<head>
<title>This is a test</title>
<script>
	function openWin(){
		var edit_win = document.getElementById("edit_iframe");
		edit_win.style.display = "block";
		edit_win.style.left = 20;
		edit_win.style.top = document.body.scrollTop + 20;
		edit_win.width = 800;
		edit_win.height = 400;
	}
	function closeWin(){
		var edit_win = document.getElementById("edit_iframe");
		edit_win.style.display = "none";
	}
</script>
</head>
<body>
<iframe name="edit_iframe" id="edit_iframe" style="display: none; position: absolute;" src="crashme-iframe.html"></iframe>
<BR>
<BR>
<a href="javascript:openWin()">Click this</a><BR>
<a href="javascript:openWin()">Click this</a><BR>
<a href="javascript:openWin()">Click this</a><BR>
<BR>
<BR>
Some text<BR>
Some text<BR>
Some text<BR>
</body>
</html>
===========================================

2. create a file crashme-iframe.html (copy the content between the lines with the "=" signs):
===========================================
<html>
<head>
<title>This is a test</title>
<script>
function crashme() {
	if ( confirm("Do you want to continue?") ) {
		if (window.opener && !window.opener.closed)
			window.opener.closeWin();
		else
			parent.top.closeWin();
	}
}
</script>
</head>
<body bgcolor="#FFFFFF">
<div align="right">
<a href="javascript:crashme()">CRASH ME</a>
</div>
Some text<BR>
Some text<BR>
</body>
</html>
===========================================

3. put these files into the same directory, and start "firefox /path/to/crashme.html", where "/path/to/" is the avove-mentioned directory;
or put both files into a web server, and open the URL with crashme.html

4. click any of the "Click this" links (there are 3 of them); an iframe will become visible; click the "CRASH ME" link; a javascript confirm box will appear;
click "OK" in that javascript confirm box

Actual Results:  
at this point, firefox crashes with "Segmentation fault". (in some cases i had to repeat the step 4 2-3 times before this happens)

Expected Results:  
firefox should not crash
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9a1) Gecko/20060610 Minefield/3.0a1 - Build ID: 0000000000
WFM.

Can you reproduce this with an official Mozilla build of Firefox? If so, can you provide a Talkback ID please?
Keywords: crash
Summary: firefox crashes in certain usage involving iframe and javascript → Firefox crashes in certain usage involving iframe and javascript
Version: unspecified → 1.5.0.x Branch
(Reporter)

Comment 2

13 years ago
yes, i've reproduced the crash in the official build - see the
Talkback ID TB19812118Y:
http://talkback-public.mozilla.org/search/start.jsp?search=2&type=iid&id=TB19812118Y

Comment 3

12 years ago
Workaround: If display="none" is set in a timeout then the crash doesn't happen.

I guess the reason is that in this case the iframe gets a chance to loose its focus before.

Comment 4

12 years ago
Created attachment 241261 [details]
frame document for the testcase

Comment 5

12 years ago
Created attachment 241262 [details]
testcase

Comment 6

12 years ago
Thanks for the clean report. The testcase works fine for me on Windows: trunk, 2.0, and 1.5.0.7. Is the testcase I attached correct? Can you still reproduce the bug?
If yes, would you mind posting a new talkback ID, since Philip was unable to process the one you posted. If you have time, testing with a recent trunk nightly build will be appreciated.
Keywords: testcase

Comment 7

11 years ago
I can't reproduce this on Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b2) Gecko/2007121016 Firefox/3.0b2
(Reporter)

Comment 8

11 years ago
I can't reproduce on Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071128 Iceweasel/2.0.0.11 (Debian-2.0.0.11-1), so it was probably fixed between 1.5 and 2.0

Comment 9

11 years ago
Thanks for following up.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.