Closed
Bug 403148
Opened 17 years ago
Closed 15 years ago
Crash [@ nsTextControlFrame::SetValue] with <input type=file> and contentEditable
Categories
(Core :: DOM: Core & HTML, defect, P2)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jruderman, Assigned: peterv)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(1 file)
329 bytes,
text/html
|
Details |
Loading the testcase crashes Firefox. Setting contentEditable on the span causes the file upload control to disappear (!). Then, turning the file upload control into a normal input crashes: Thread 0 Crashed: 0 nsTextControlFrame::SetValue (nsTextControlFrame.cpp:2675) 1 nsFileControlFrame::SetFormProperty (nsFileControlFrame.cpp:546) 2 nsHTMLInputElement::SetFileName (nsHTMLInputElement.cpp:849) 3 nsHTMLInputElement::ParseAttribute (nsHTMLInputElement.cpp:2009) 4 nsGenericElement::SetAttr (nsGenericElement.cpp:3569) 5 nsGenericHTMLElement::SetAttr (nsGenericHTMLElement.cpp:1400) 6 nsGenericHTMLElement::SetAttribute (nsGenericHTMLElement.cpp:330) 7 nsHTMLInputElement::SetAttribute (nsHTMLInputElement.cpp:167) 8 NS_InvokeByIndex_P + 98 (xptcinvoke_unixish_x86.cpp:179) ...
Comment 1•17 years ago
|
||
So the problem here is that setting that contentEditable=true loads contenteditable.css, and one of the rules in there changes the style on the anonymous inputs inside the file input from "-moz-user-modify: disabled" to "-moz-user-modify: none". Which triggers a reframe, so we try to reframe anonymous content. Not only does that fail miserably, but we end up with a dangling pointer to the (now dead) text control frame in the file control frame, so we crash when we try to use that pointer (as here). Is contenteditable.css really supposed to apply to native anonymous content?
Flags: blocking1.9?
Updated•17 years ago
|
Keywords: regression
Comment 2•17 years ago
|
||
Marking blocking and setting p2 (since it is a crash). Bz if you think differently please adjust...
Assignee: nobody → peterv
Flags: blocking1.9? → blocking1.9+
Priority: -- → P2
Comment 3•17 years ago
|
||
My patch for Bug 389324 – "[contenteditable="true"] does a bad job in contenteditable.css" prevents this crash, so I'm marking Bug 389324 as blocking this one, and raising it to P2.
Depends on: 389324
Reporter | ||
Comment 4•17 years ago
|
||
We should not be relying on !important rules in "extra" UA stylesheets such as contenteditable.css to prevent crashes. See bug 347355 comment 15 for some reasons.
Comment 5•17 years ago
|
||
(In reply to comment #3) > My patch for Bug 389324 – "[contenteditable="true"] does a bad job in > contenteditable.css" prevents this crash, so I'm marking Bug 389324 as blocking > this one, and raising it to P2. > Ok, removing dependency and returning priority of bug 389324 to its previous P4 value.
No longer depends on: 389324
Comment 6•17 years ago
|
||
The patch in bug 389324 still affects the testcase in this bug, so I think the dependancy is justified, fwiw.
Updated•16 years ago
|
Flags: tracking1.9+ → blocking1.9+
Comment 7•16 years ago
|
||
Not going to block on this, but we're likely to take a fix if one shows up (before or after release).
Flags: wanted1.9.0.x+
Flags: blocking1.9-
Flags: blocking1.9+
Reporter | ||
Comment 8•16 years ago
|
||
The testcase no longer causes a crash for me. Boris, do the problems you explained in comment 1 still exist?
Comment 9•16 years ago
|
||
I would think so, yes. I don't have time to dig to make sure right now.
Reporter | ||
Comment 10•15 years ago
|
||
ok, well, i filed bug 505619 for that. *this* bug is WFM and will soon be in-testsuite+
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Updated•15 years ago
|
Flags: in-testsuite?
Reporter | ||
Comment 11•15 years ago
|
||
Test added: http://hg.mozilla.org/mozilla-central/rev/91cb26be77bc
Flags: in-testsuite? → in-testsuite+
Updated•13 years ago
|
Crash Signature: [@ nsTextControlFrame::SetValue]
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•