Closed Bug 356007 Opened 18 years ago Closed 18 years ago

Crashes [@ nsFormFillController::OnTextEntered]

Categories

(Toolkit :: Form Manager, defect)

Product:
Toolkit
Component:
Form Manager
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: smaug, Assigned: smaug)

References

Details

(4 keywords)

Crash Data

Attachments

(1 file)

possible patch
2.17 KB, patch
bryner
: first-review+
dveditz
: approval1.8.1.4+
Details | Diff | Splinter Review 
According to TB there are few crashes @  	 nsFormFillController::OnTextEntered.
Possible patch coming.
Component: Form Manager → Satchel
Product: Firefox → Toolkit
QA Contact: form.manager → satchel
Attached patch possible patchSplinter Review 
Bryner, since ::OnTextEntered is mainly you code, could you review.
This should fix the possible crash when ownerDocument is null or when mFocusedInput is null (if that is possible).

Other change is to set the return value to something.
That is based on this comment: 
http://lxr.mozilla.org/seamonkey/source/toolkit/components/autocomplete/public/nsIAutoCompleteInput.idl#149
but it shouldn't actually change the functionality because the return value isn't actually handled: http://lxr.mozilla.org/seamonkey/source/toolkit/components/autocomplete/src/nsAutoCompleteController.cpp#1123
Attachment #241703 - Flags: first-review?(bryner)
Comment on attachment 241703 [details] [diff] [review]
possible patch

Should not be possible for mFocusedInput to be null, but better not to crash.  Similarly, I don't know how a text input could be without an ownerDocument, but bulletproofing is fine.
Attachment #241703 - Flags: first-review?(bryner) → first-review+
ownerDocument is *not* guaranteed to be non-null.
Basically if something keeps a reference to a node, but document is deleted, then ownerDocument is null.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Is this something worth of the branch?
Apparently yes. There are some crashes also on 1.8.
Attachment #241703 - Flags: approval1.8.1.3?
Smaug, is there a reason you requested approval for 1.8.1.4 and not 1.8.1.3?
(In reply to comment #8)
> Smaug, is there a reason you requested approval for 1.8.1.4 and not 1.8.1.3?

He did ask for approval1.8.1.3, see bug activity. The flag was renamed to approval1.8.1.4 in preparation for a quicker than usual 1.8.1.3 release.
Flags: blocking1.8.1.4?
This became the run-away top crash in FF2.0.0.2 (more crashes than old stand-by 0x00000000 even), and don't appear on the lists for prior versions (with admitedly small populations remaining on older versions). Was this crash tickled by the password manager changes? Seems unlikely, but I don't think 2.0.0.2 made any other form-related changes.
Severity: normal → critical
Flags: blocking1.8.1.4? → blocking1.8.1.4+
Keywords: crash, topcrash
Comment on attachment 241703 [details] [diff] [review]
possible patch

approved for 1.8.1.4, a=dveditz for release-drivers
Attachment #241703 - Flags: approval1.8.1.4? → approval1.8.1.4+
Keywords: fixed1.8.1.4
Keywords: regression
(In reply to comment #11)
> Was this crash tickled by the password manager changes? Seems unlikely,
> but I don't think 2.0.0.2 made any other form-related changes.

bug 286933 was fixed in 1.8.1.2 and seems more directly relevant


I have those annoying crashs almost every day in forums....  when will it be fixed in firefox2 ?


Andreas, in the next security update, you can test it yourself, see:
http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2.0.0.4-candidates/rc1/
v.fixed on 1.8 branch and Trunk based on the latest Talkback data.  Let's keep a close eye on topcrash reports for 2.0.0.4 after the release to make sure this is gone with no regressions.
Status: RESOLVED → VERIFIED
Keywords: fixed1.8.1.4verified1.8.1.4
Component: Satchel → Form Manager
See Also: → https://launchpad.net/bugs/93517
Crash Signature: [@ nsFormFillController::OnTextEntered]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: