Closed Bug 388175 Opened 17 years ago Closed 17 years ago

Crash [@ IsBidiLeaf] with contentEditable, tables, dir=rtl

Categories

(Core :: DOM: Editor, defect)

Product:
Core
Component:
DOM: Editor
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jruderman, Assigned: uriber)

References

Details

(Keywords: crash, rtl, testcase)

Crash Data

Attachments

(2 files)

testcase (crashes Firefox when loaded)
439 bytes, text/html
Details
trivial fix
1.74 KB, patch
smontagu
: review+
roc
: superreview+
roc
: approval1.9+
Details | Diff | Splinter Review 
Thread 0 Crashed:
0   IsBidiLeaf(nsIFrame*) + 9 (nsBidiPresUtils.cpp:473)
1   nsBidiPresUtils::GetFrameEmbeddingLevel(nsIFrame*) + 60 (nsBidiPresUtils.cpp:706)
2   nsIFrame::PeekOffset(nsPeekOffsetStruct*) + 2887 (nsFrame.cpp:4991)
3   nsCaret::GetCaretFrameForNodeOffset(nsIContent*, int, nsFrameSelection::HINT, unsigned char, nsIFrame**, int*) + 1186 (nsCaret.cpp:714)
4   nsCaret::DrawAtPositionWithHint(nsIDOMNode*, int, nsFrameSelection::HINT, unsigned char, int) + 169 (nsCaret.cpp:584)
5   nsCaret::DrawCaret(int) + 816 (nsCaret.cpp:980)
6   nsCaret::StartBlinking() + 97 (nsCaret.cpp:553)
7   nsCaret::NotifySelectionChanged(nsIDOMDocument*, nsISelection*, short) + 166 (nsCaret.cpp:494)
8   nsTypedSelection::NotifySelectionListeners() + 407 (nsSelection.cpp:7407)
9   nsFrameSelection::NotifySelectionListeners(short) + 50 (nsSelection.cpp:2845)
10  nsFrameSelection::TakeFocus(nsIContent*, unsigned, unsigned, int, int) + 1823 (nsSelection.cpp:2486)
11  nsFrameSelection::SetAncestorLimiter(nsIContent*) + 179 (nsSelection.cpp:3857)
12  nsTypedSelection::SetAncestorLimiter(nsIContent*) + 27 (nsSelection.cpp:5331)
13  nsTextEditorFocusListener::Focus(nsIDOMEvent*) + 1071 (nsEditorEventListeners.cpp:1151)
14  DispatchToInterface(nsIDOMEvent*, nsIDOMEventListener*, unsigned (nsIDOMEventListener::*)(nsIDOMEvent*), nsID const&) + 189 (nsEventListenerManager.cpp:182)
15  nsEventListenerManager::HandleEvent(nsPresContext*, nsEvent*, nsIDOMEvent**, nsISupports*, unsigned, nsEventStatus*) + 1174 (nsEventListenerManager.cpp:1207)
16  nsEventTargetChainItem::HandleEvent(nsEventChainPostVisitor&, unsigned) + 316 (nsEventDispatcher.cpp:202)
17  nsEventTargetChainItem::HandleEventTargetChain(nsEventChainPostVisitor&, unsigned, nsDispatchingCallback*) + 191 (nsEventDispatcher.cpp:234)
18  nsEventDispatcher::Dispatch(nsISupports*, nsPresContext*, nsEvent*, nsIDOMEvent*, nsEventStatus*, nsDispatchingCallback*) + 1407 (nsEventDispatcher.cpp:473)
19  nsEventStateManager::SendFocusBlur(nsPresContext*, nsIContent*, int) + 3708 (nsEventStateManager.cpp:4366)
20  nsEventStateManager::SetContentState(nsIContent*, int) + 1461 (nsEventStateManager.cpp:3928)
21  nsGenericElement::SetFocus(nsPresContext*) + 178 (nsGenericElement.cpp:2451)
22  nsGenericHTMLElement::SetElementFocus(int) + 154 (nsGenericHTMLElement.cpp:3262)
23  nsGenericHTMLElement::Focus() + 45 (nsGenericHTMLElement.cpp:3289)
24  nsGenericHTMLElementTearoff::Focus() + 36 (nsGenericHTMLElement.cpp:196)
25  NS_InvokeByIndex_P + 98 (xptcinvoke_unixish_x86.cpp:179)
...
This is very similar to Bug 345616. I'll take care of it sometime this week, when I have time.
Assignee: nobody → uriber
Status: NEW → ASSIGNED
Uri, are you going to be able to fix this soon?
Attached patch trivial fixSplinter Review 
This fixes the crash, although it's probably not the best way to do it.  I haven't posted the trivial fix until now because I was hoping to find time to investigate further and come up with a more correct solution (such as actually implementing nsTableRowGroupFrame::CheckLineOrder()). Unfortunately, I can't find time for that.
Attachment #277113 - Flags: superreview?(roc)
Attachment #277113 - Flags: review?(smontagu)
Comment on attachment 277113 [details] [diff] [review]
trivial fix

Can you file a follow-up bug on implementing the more correct solution?
Attachment #277113 - Flags: review?(smontagu) → review+
(In reply to comment #4)
> (From update of attachment 277113 [details] [diff] [review])
> Can you file a follow-up bug on implementing the more correct solution?
> 

Bug 392706.
Attachment #277113 - Flags: superreview?(roc) → superreview+
Sorry, I'm not up to date on the current approval rules. Do I need to ask approval on this?
In any case, I won't be able to check this in myself for the next two weeks or so, so I'd appreciate it if someone can do this for me.
You do need to ask approval at the moment.
Attachment #277113 - Flags: approval1.9?
I guess I should also justify the approval request:
This is a simple, very low risk, fix to a crash (although probably a very rare one).
It's not very rare when I'm trying to test contentEditable ;)
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Crashtest checked in.
Flags: in-testsuite? → in-testsuite+
Mass-assigning the new rtl keyword to RTL-related (see bug 349193).
Keywords: rtl
Crash Signature: [@ IsBidiLeaf]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: