Closed Bug 380716 Opened 13 years ago Closed 13 years ago

Crash [@ nsContentUtils::ContentIsDescendantOf] with document.activeElement setting to display: none on event with input

Categories

(Core :: DOM: UI Events & Focus Handling, defect, critical)

x86
Windows XP
defect
Not set
critical

Tracking

()

VERIFIED FIXED

People

(Reporter: martijn.martijn, Assigned: smaug)

References

Details

(Keywords: crash, regression, testcase)

Crash Data

Attachments

(2 files)

Attached file testcase
See testcase, when clicking on the input, current trunk Mozilla builds crash.
Branch builds don't crash (probably because they don't have document.activeElement implemented).
If wanted, I can look for a regression range.

Talkback ID: TB32152681W
nsContentUtils::ContentIsDescendantOf  [mozilla/content/base/src/nscontentutils.cpp, line 1149]
nsGenericDOMDataNode::PreHandleEvent  [mozilla/content/base/src/nsgenericdomdatanode.cpp, line 694]
nsEventStateManager::DispatchMouseEvent  [mozilla/content/events/src/nseventstatemanager.cpp, line 2701]
nsEventStateManager::NotifyMouseOver  [mozilla/content/events/src/nseventstatemanager.cpp, line 2822]
nsEventStateManager::GenerateMouseEnterExit  [mozilla/content/events/src/nseventstatemanager.cpp, line 2855]
nsEventStateManager::PreHandleEvent  [mozilla/content/events/src/nseventstatemanager.cpp, line 718]

A different talkback ID, I got was: TB32098835Q (I just saw it once thus far)
0x05aff698
XPTC_InvokeByIndex  [mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 102]
XPCWrappedNative::CallMethod  [mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2169]
XPC_WN_GetterSetter  [mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1487]
js_Invoke  [mozilla/js/src/jsinterp.c, line 1375]
js_InternalInvoke  [mozilla/js/src/jsinterp.c, line 1469]
js_InternalGetOrSet  [mozilla/js/src/jsinterp.c, line 1540]
js_NativeGet  [mozilla/js/src/jsobj.c, line 3409]
js_GetProperty  [mozilla/js/src/jsobj.c, line 3556]
js_Interpret  [mozilla/js/src/jsinterp.c, line 3690]
js_Invoke  [mozilla/js/src/jsinterp.c, line 1394]
js_InternalInvoke  [mozilla/js/src/jsinterp.c, line 1469]
JS_CallFunctionValue  [mozilla/js/src/jsapi.c, line 4351]
nsJSContext::CallEventHandler  [mozilla/dom/src/base/nsJSEnvironment.cpp, line 1493]
nsGlobalWindow::RunTimeout  [mozilla/dom/src/base/nsGlobalWindow.cpp, line 6790]
nsGlobalWindow::TimerCallback  [mozilla/dom/src/base/nsGlobalWindow.cpp, line 7162]
nsAppStartup::Run  [mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 152]
main  [mozilla/browser/app/nsBrowserApp.cpp, line 61]
kernel32.dll + 0x16d4f (0x7c816d4f)
Assignee: events → Olli.Pettay
I think this might be a regression from Sunday
Yeah, seems to have regressed between 2007-05-12 and 2007-05-14, so I guess a regression from bug 363089.
Blocks: 363089
No longer blocks: 363089
Blocks: 369644
Attachment #264866 - Flags: superreview?(jst)
Attachment #264866 - Flags: review?(jst)
Duplicate of this bug: 380734
Duplicate of this bug: 380980
Comment on attachment 264866 [details] [diff] [review]
add null checks, -w patch

         nsIContent* nonAnon = FindFirstNonAnonContent(aContent);
+        if (nonAnon) {
         nsIContent* nonAnonRelated = FindFirstNonAnonContent(relatedTarget);
+          if (nonAnonRelated) {

Could both those calls be done before checking the results, and then checking both results in a single if check?

r+sr=jst either way.
Attachment #264866 - Flags: superreview?(jst)
Attachment #264866 - Flags: superreview+
Attachment #264866 - Flags: review?(jst)
Attachment #264866 - Flags: review+
That could be done, but it would be slower. So I prefer using 2 ifs
Checked in. Sorry about this topcrasher.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Verified fixed, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a5pre) Gecko/20070518 Minefield/3.0a5pre
Status: RESOLVED → VERIFIED
Flags: in-testsuite?
Crash Signature: [@ nsContentUtils::ContentIsDescendantOf]
Component: Event Handling → User events and focus handling
You need to log in before you can comment on or make changes to this bug.