Closed Bug 427163 Opened 16 years ago Closed 16 years ago

Crash [@ nsContentUtils::ContentIsDescendantOf] with contenteditable, right-clicking and document.write

Categories

(Core :: DOM: Selection, defect)

Product:
Core
Component:
DOM: Selection
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.9

People

(Reporter: martijn.martijn, Assigned: cpearce)

References

Details

(Keywords: crash, regression, testcase)

Crash Data

Attachments

(2 files, 1 obsolete file)

testcase
140 bytes, text/html
Details
Patch v1.1 - add null check
1.17 KB, patch
cpearce
: review+
cpearce
: superreview+
damons
: approval1.9+
Details | Diff | Splinter Review
Attached file testcase 
See testcase which crashes current trunk build when right-clicking in the document.
This regressed between 2008-03-30 and 2008-04-02, I think a regression from bug 420499.

http://crash-stats.mozilla.com/report/index/600728d7-02a7-11dd-98fc-0013211cbf8a
0  	xul.dll  	nsContentUtils::ContentIsDescendantOf  	 mozilla/extensions/spellcheck/src/mozInlineSpellChecker.cpp:1634
1 	xul.dll 	nsCaret::IsMenuPopupHidingCaret 	mozilla/layout/base/nsCaret.cpp:1015
2 	xul.dll 	nsCaret::MustDrawCaret 	mozilla/layout/base/nsCaret.cpp:983
3 	xul.dll 	nsCaret::CheckCaretDrawingState 	mozilla/layout/base/nsCaret.cpp:942
4 	xul.dll 	CheckCaretDrawingState 	mozilla/layout/xul/base/src/nsXULPopupManager.cpp:533
5 	xul.dll 	nsXULPopupManager::ShowPopupCallback 	mozilla/layout/xul/base/src/nsXULPopupManager.cpp:606
6 	xul.dll 	nsXULPopupManager::FirePopupShowingEvent 	mozilla/layout/xul/base/src/nsXULPopupManager.cpp:1043
7 	xul.dll 	nsXULPopupManager::ShowPopupAtScreen 	mozilla/layout/xul/base/src/nsXULPopupManager.cpp:471
8 	xul.dll 	nsXULPopupListener::LaunchPopup 	mozilla/content/xul/content/src/nsXULPopupListener.cpp:480
9 	xul.dll 	nsXULPopupListener::PreLaunchPopup 	mozilla/content/xul/content/src/nsXULPopupListener.cpp:243
Assignee: nobody → chris
Attached patch Patch - add null checks (obsolete) — Splinter Review 
Looks like the QI from nsIDOMNode (type nsIDOMXMLDocument) to nsIContent is failing. Adding some null checks stops the crash.
Attachment #314196 - Flags: review?(roc)
Comment on attachment 314196 [details] [diff] [review]
Patch - add null checks

The first one makes sense.

The one for the popupframe doesn't make sense. Frames must have content. Just leave that one out.
Attachment #314196 - Flags: superreview+
Attachment #314196 - Flags: review?(roc)
Attachment #314196 - Flags: review+
V1 with Roc's requested change. r+/sr+ roc.
Attachment #314196 - Attachment is obsolete: true
Attachment #314413 - Flags: superreview+
Attachment #314413 - Flags: review+
Comment on attachment 314413 [details] [diff] [review]
Patch v1.1 - add null check

Requesting approval1.9 for this. It's a very low risk change that fixes a crash.
Attachment #314413 - Flags: approval1.9?
Comment on attachment 314413 [details] [diff] [review]
Patch v1.1 - add null check

Thanks, Chris.  a1.9+=damons.
Attachment #314413 - Flags: approval1.9? → approval1.9+
Checking in layout/base/nsCaret.cpp;
/cvsroot/mozilla/layout/base/nsCaret.cpp,v  <--  nsCaret.cpp
new revision: 1.190; previous revision: 1.189
done
Status: NEW → RESOLVED
Closed: 16 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9
Verified fixed, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008041005 Minefield/3.0pre
Status: RESOLVED → VERIFIED
Crash Signature: [@ nsContentUtils::ContentIsDescendantOf]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: