Closed Bug 473284 Opened 16 years ago Closed 16 years ago

Crash when calling advanceFocusIntoSubtree({})

Categories

(Core :: DOM: UI Events & Focus Handling, defect)

Product:
Core
Component:
DOM: UI Events & Focus Handling
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: jruderman, Assigned: smaug)

Details

(4 keywords)

Attachments

(5 files, 2 obsolete files)

testcase (crashes Firefox when loaded)
145 bytes, application/vnd.mozilla.xul+xml
Details
and more
994 bytes, application/vnd.mozilla.xul+xml
Details
patch
1.62 KB, patch
MatsPalmgren_bugz
: review+
MatsPalmgren_bugz
: superreview+
Details | Diff | Splinter Review
and even more
1.49 KB, application/vnd.mozilla.xul+xml
Details
patch with test
3.87 KB, patch
ted
: approval1.9.1+
dveditz
: approval1.9.0.9+
Details | Diff | Splinter Review 
Null deref

Thread 0 Crashed:
0   nsINode::IsInDoc() const + 9 (nsINode.h:282)
1   nsINode::GetCurrentDoc() const + 17 (nsINode.h:293)
2   nsIContent::GetDocument() const + 17 (nsIContent.h:142)
3   nsFocusController::MoveFocus(int, nsIDOMElement*) + 81 (nsFocusController.cpp:297)
4   nsXULCommandDispatcher::AdvanceFocusIntoSubtree(nsIDOMElement*) + 59 (nsXULCommandDispatcher.cpp:234)
5   NS_InvokeByIndex_P + 99 (xptcinvoke_unixish_x86.cpp:179)
6   XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) + 6227 (xpcwrappednative.cpp:2424)
7   XPC_WN_CallMethod(JSContext*, JSObject*, unsigned int, long*, long*) + 399 (xpcwrappednativejsops.cpp:1477)
8   js_Invoke + 2283 (jsinterp.cpp:1318)
...
Attached file some more tests (obsolete) — 

  

  



    
    

    
  

      
      
      
      

        Attached file
          
        some more tests (obsolete)
        — 
      

    


  

  

  



        Attachment #356691 -
        Attachment is obsolete: true

    
    

    
  

      
      
      
      

        Attached file
          
        and more
      

    


  

  

  



        Attachment #356692 -
        Attachment is obsolete: true

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patchSplinter Review
      

    


  
I decided to not to change the nsIFocusController interface to use nsINode/nsIContent so that the patch can be taken to branch.
(Applies cleanly to 1.9.0, 1.9.1, trunk, and with some fuzz to 1.8.1 too)

And because Enn is fixing focus handling, I didn't want to change the internals
of focuscontroller too much.

  

  


Assignee: nobody → Olli.Pettay
Status: NEW → ASSIGNED

        Attachment #356695 -
        Flags: superreview?(mats.palmgren)

        Attachment #356695 -
        Flags: review?(mats.palmgren)

    
    

    
  
It's hard to tell from looking at the test which statements are supposed to throw and which aren't.  I think the ones that aren't supposed to throw shouldn't be in try..catch.

  

  



    
    

    
  
Whenever using {} should throw in the testcases.

  

  



    
    

    
  

      
      
      
      

        Attached file
          
        and even more
      

    


  
Added tests for document.commandDispatcher.focusedWindow and made
the PASS condition exact.

  

  



    
    

    
  
Comment on attachment 356695 [details] [diff] [review]
patch

r+sr=mats

  

  



        Attachment #356695 -
        Flags: superreview?(mats.palmgren)

        Attachment #356695 -
        Flags: superreview+

        Attachment #356695 -
        Flags: review?(mats.palmgren)

        Attachment #356695 -
        Flags: review+
Whiteboard: checkin-needed

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch with testSplinter Review
      

    


  

  

  


Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Whiteboard: checkin-needed

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/b4b8272ac9da included tests.

  

  


Flags: in-testsuite? → in-testsuite+

        Attachment #362695 -
        Flags: approval1.9.1?

        Attachment #362695 -
        Flags: approval1.9.0.8?

    
    

    
  
Comment on attachment 362695 [details] [diff] [review]
patch with test

Approved for 1.9.0.8, a=dveditz for release-drivers

  

  



        Attachment #362695 -
        Flags: approval1.9.0.8? → approval1.9.0.8+
Keywords: fixed1.9.0.8

    
    

    
  
Verified for 1.9.0.8 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8pre) Gecko/2009031905 GranParadiso/3.0.8pre (.NET CLR 3.5.30729). Verified crash with 1.9.0.7.

I note that it crashes 1.9.1 though with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b4pre) Gecko/20090317 Shiretoko/3.1b4pre.

  

  


Keywords: fixed1.9.0.8verified1.9.0.8

    
    

    
  
Comment on attachment 362695 [details] [diff] [review]
patch with test

a191=drivers

  

  



        Attachment #362695 -
        Flags: approval1.9.1? → approval1.9.1+

    
    

    
  
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/8a3631b43eeb

  

  


Keywords: fixed1.9.1

    
    

    
  
verified FIXED on builds: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090416 Minefield/3.6a1pre ID:20090416030845

and

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b4pre) Gecko/20090417 Shiretoko/3.5b4pre ID:20090417030722

  

  


Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1verified1.9.1
Component: Event Handling → User events and focus handling

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: