Closed
Bug 387033
Opened 17 years ago
Closed 17 years ago
Script may run when initializing nsTextBoxFrame
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
RESOLVED
FIXED
People
(Reporter: smaug, Assigned: smaug)
References
Details
(4 keywords, Whiteboard: [sg:critical?])
Attachments
(4 files)
|
929 bytes,
application/xhtml+xml
|
Details | |
|
5.31 KB,
text/plain
|
Details | |
|
6.33 KB,
patch
|
roc
:
review+
roc
:
superreview+
|
Details | Diff | Splinter Review |
|
7.24 KB,
patch
|
roc
:
review+
roc
:
superreview+
dveditz
:
approval1.8.1.8+
asac
:
approval1.8.0.next+
|
Details | Diff | Splinter Review |
During Init() nsTextBoxFrame gets nsIDOMXULLabelElement::accessKey, which is implemented as an XBL property. The stack I get with the testcase is always corrupted.
Flags: blocking1.9?
Blocks: 334450
|
||
Updated•17 years ago
|
|
|
||
Comment 1•17 years ago
|
||
This stack doesn't look corrupted to me.
Is fixing bug 372769 here sufficient, or is getting the accesskey inherently bad because we can't guarantee that we're running only our own code to get it?
|
||
Comment 3•17 years ago
|
||
The latter. This is running in-page code... Same thing for any other cases when frame code makes calls out to XBL-implemented interfaces. :(
Flags: blocking1.9? → blocking1.9+
|
Assignee | |
Comment 4•17 years ago
|
||
Taking. The fix will probably change accesskey handling to happen in a reflowcallback or event.
Assignee: nobody → Olli.Pettay
|
|
Assignee | |
Comment 5•17 years ago
|
||
Make accesskey update happen on reflow callback. I tried not to increase the sizeof nsTextBoxFrame, so using a helper class. The patch is a bit ugly, but simple.
Attachment #275407 -
Flags: review?(roc)
|
|
Assignee | |
Updated•17 years ago
|
Status: NEW → ASSIGNED
Attachment #275407 -
Flags: superreview+
Attachment #275407 -
Flags: review?(roc)
Attachment #275407 -
Flags: review+
|
|
Assignee | |
Updated•17 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
||
Comment 6•17 years ago
|
||
Crashes on 1.8 branch as well (tested FF1.5.0.12 and FF2.0.0.6)
Flags: wanted1.8.1.x+
Flags: wanted1.8.0.x+
Flags: blocking1.8.1.7?
Flags: blocking1.8.0.14?
|
|
||
Updated•17 years ago
|
Flags: blocking1.8.1.7? → blocking1.8.1.7+
|
|
Assignee | |
Comment 8•17 years ago
|
||
Because of trunk changes the patch isn't exactly the same. Marking frame dirty is done differently and reflow callback handling is a bit different.
Attachment #280581 -
Flags: superreview?(roc)
Attachment #280581 -
Flags: review?(roc)
Attachment #280581 -
Flags: superreview?(roc)
Attachment #280581 -
Flags: superreview+
Attachment #280581 -
Flags: review?(roc)
Attachment #280581 -
Flags: review+
|
|
Assignee | |
Comment 9•17 years ago
|
||
Comment on attachment 280581 [details] [diff] [review] for 1.8, contains regression fixes Do we want this also for 1.8.0.x?
Attachment #280581 -
Flags: approval1.8.1.7?
|
|
||
Comment 10•17 years ago
|
||
Comment on attachment 280581 [details] [diff] [review] for 1.8, contains regression fixes approved for 1.8.1.7, a=dveditz for release-drivers
Attachment #280581 -
Flags: approval1.8.1.8? → approval1.8.1.8+
|
|
||
Comment 11•17 years ago
|
||
Meant 1.8.1.8, of course. when checked in please also mark the regressions bug 391708 and bug 394120 as "fixed1.8.1.8" so QA can verify them on the branch.
|
|
Assignee | |
Updated•17 years ago
|
Keywords: fixed1.8.1.8
|
||
Comment 12•17 years ago
|
||
Patch was checked in for 1.8.1.8 http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=MOZILLA_1_8_BRANCH&branchtype=match&dir=&file=nsTextBoxFrame.cpp&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=week&mindate=2007-09-25+00%3A00&maxdate=2007-09-25+01%3A00&cvsroot=%2Fcvsroot and verified fixed 1.8.1.8 using the testcase from this bug and Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.8pre) Gecko/20070929 BonEcho/2.0.0.8pre ID:2007092904 and Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8pre)Gecko/2007092903 BonEcho/2.0.0.8pre on Fedora F7 - adding verified keyword
Keywords: fixed1.8.1.8 → verified1.8.1.8
|
|
||
Updated•17 years ago
|
Group: security
|
||
Updated•17 years ago
|
Flags: in-testsuite?
|
|
||
Updated•17 years ago
|
Flags: blocking1.8.0.14? → blocking1.8.0.15?
|
||
Updated•16 years ago
|
Flags: blocking1.8.0.15? → blocking1.8.0.15+
|
||
Comment 13•16 years ago
|
||
Comment on attachment 280581 [details] [diff] [review] for 1.8, contains regression fixes a=asac for 1.8.0.15 (same patch shipped by distros for some time)
Attachment #280581 -
Flags: approval1.8.0.15+
|
||
Comment 15•15 years ago
|
||
crash test landed http://hg.mozilla.org/mozilla-central/rev/c3900155298a
Flags: in-testsuite? → in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•