Closed
Bug 456273
Opened 17 years ago
Closed 17 years ago
Some key events in contenteditable element crashes [@ nsNativeKeyBindings::KeyPress]
Categories
(Core :: DOM: UI Events & Focus Handling, defect, P1)
Core
DOM: UI Events & Focus Handling
Tracking
()
RESOLVED
FIXED
mozilla1.9.1b2
People
(Reporter: MatsPalmgren_bugz, Assigned: MatsPalmgren_bugz)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(3 files)
|
221 bytes,
text/html
|
Details | |
|
7.38 KB,
text/plain
|
Details | |
|
9.90 KB,
patch
|
smaug
:
review+
sicking
:
superreview+
|
Details | Diff | Splinter Review |
Some key events in contenteditable element crashes.
STEPS TO REPRODUCE
1. load the attached testcase
2. click on "text"
3. press CTRL+Z
ACTUAL RESULT
Crash in nightly trunk, Firefox 3 does not crash.
Patch coming up...
Flags: blocking1.9.1?
|
Assignee | |
Comment 1•17 years ago
|
||
|
|
Assignee | |
Comment 2•17 years ago
|
||
|
|
Assignee | |
Comment 3•17 years ago
|
||
The bug is in nsXBLWindowKeyHandler::WalkHandlers() which doesn't
test the return value from nsContentUtils::DOMEventToNativeKeyEvent()
before calling the KeyPress/Up/Down methods, so 'nativeEvent' isn't
initialized properly ('nativeEvent' field has random stack value).
I took the liberty of changing the param type from nsIDOMEvent to
nsIDOMKeyEvent for DOMEventToNativeKeyEvent() since I don't think
it should be called for other types of events.
The mochitest is really a crash test but needs privileges (we can
make it a crash test when bug 448676 is fixed).
Attachment #339674 -
Flags: review?(Olli.Pettay)
|
|
Assignee | |
Comment 4•17 years ago
|
||
Hmm, it looks like Firefox 3 should have the same bug:
http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/content/xbl/src/nsXBLWindowKeyHandler.cpp&rev=1.47&root=/cvsroot&mark=377-379#375
http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/content/base/src/nsContentUtils.cpp&rev=1.309&root=/cvsroot&mark=4020#3990
|
||
Comment 5•17 years ago
|
||
Comment on attachment 339674 [details] [diff] [review]
Patch rev. 1
>+nsTextInputListener::KeyDown(nsIDOMEvent *aDOMEvent)
> {
>+ nsCOMPtr<nsIDOMKeyEvent> keyEvent(do_QueryInterface(aDOMEvent));
>+ NS_ENSURE_TRUE(keyEvent, NS_ERROR_INVALID_ARG);
>+nsTextInputListener::KeyPress(nsIDOMEvent *aDOMEvent)
> {
>+ nsCOMPtr<nsIDOMKeyEvent> keyEvent(do_QueryInterface(aDOMEvent));
>+ NS_ENSURE_TRUE(keyEvent, NS_ERROR_INVALID_ARG);
>+nsTextInputListener::KeyUp(nsIDOMEvent *aDOMEvent)
> {
>+ nsCOMPtr<nsIDOMKeyEvent> keyEvent(do_QueryInterface(aDOMEvent));
>+ NS_ENSURE_TRUE(keyEvent, NS_ERROR_INVALID_ARG);
Because this is using specialized nsIDOMKeyListener, aDOMEvent should be always
nsIDOMKeyEvent, but I think it is still better to have those checks.
Attachment #339674 -
Flags: review?(Olli.Pettay) → review+
|
||
Updated•17 years ago
|
Attachment #339674 -
Flags: superreview?(jonas)
|
|
||
Comment 6•17 years ago
|
||
Not blocking on this, but we really want this patch reviewed and landed asap!
Flags: wanted1.9.1+
Flags: blocking1.9.1?
Flags: blocking1.9.1-
Priority: -- → P1
|
|
Assignee | |
Updated•17 years ago
|
Flags: wanted1.9.0.x?
|
||
Updated•17 years ago
|
Flags: wanted1.9.0.x? → wanted1.9.0.x+
|
|
Assignee | |
Comment 7•17 years ago
|
||
Jonas, ping?
Attachment #339674 -
Flags: superreview?(jonas) → superreview+
|
|
Assignee | |
Comment 8•17 years ago
|
||
Status: NEW → RESOLVED
Closed: 17 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.1b2
|
||
Updated•16 years ago
|
Flags: wanted1.9.0.x+ → wanted1.9.0.x?
|
||
Updated•14 years ago
|
Crash Signature: [@ nsNativeKeyBindings::KeyPress]
|
|
||
Updated•6 years ago
|
Component: Event Handling → User events and focus handling
You need to log in
before you can comment on or make changes to this bug.
Description
•