Closed
Bug 478245
Opened 15 years ago
Closed 15 years ago
Crash [@ nsEventStateManager::PreHandleEvent] with onfocus removing window and contenteditable
Categories
(Core :: DOM: UI Events & Focus Handling, defect)
Tracking
()
VERIFIED
FIXED
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | beta1-fixed |
People
(Reporter: martijn.martijn, Assigned: smaug)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(3 files, 1 obsolete file)
|
649 bytes,
text/html
|
Details | |
|
21.04 KB,
patch
|
dbaron
:
review+
dbaron
:
superreview+
|
Details | Diff | Splinter Review |
|
21.88 KB,
patch
|
Details | Diff | Splinter Review |
See testcase, which crashes current trunk build. This seems to have regressed between 2009-02-09 and 2009-02-10: http://hg.mozilla.org/mozilla-central/pushloghtml?startdate=2009-02-10+04%3A00%3A00&enddate=2009-02-11+06%3A00%3A00 http://crash-stats.mozilla.com/report/index/d79afdbb-2ae9-456f-ada1-e24e82090212?p=1 Frame Module Signature [Expand] Source 0 xul.dll xul.dll@0x330e6a 1 xul.dll nsEventStateManager::PreHandleEvent content/events/src/nsEventStateManager.cpp:1083 2 xul.dll PresShell::HandleEventInternal layout/base/nsPresShell.cpp:5917 3 xul.dll PresShell::HandleEvent layout/base/nsPresShell.cpp:5721 4 xul.dll nsViewManager::DispatchEvent view/src/nsViewManager.cpp:1338 5 xul.dll HandleEvent view/src/nsView.cpp:167 6 xul.dll nsWindow::DispatchEvent widget/src/windows/nsWindow.cpp:1019 7 xul.dll nsWindow::DispatchWindowEvent widget/src/windows/nsWindow.cpp:1039 8 xul.dll nsWindow::DispatchFocus widget/src/windows/nsWindow.cpp:6498 9 xul.dll nsWindow::ProcessMessage widget/src/windows/nsWindow.cpp:4790 10 xul.dll nsWindow::WindowProc widget/src/windows/nsWindow.cpp:1235 11 user32.dll InternalCallWinProc 12 user32.dll UserCallWinProcCheckWow 13 user32.dll DispatchClientMessage 14 user32.dll __fnDWORD 15 ntdll.dll KiUserCallbackDispatcher 16 xul.dll nsAString_internal::Replace 17 xul.dll nsEventStateManager::SendFocusBlur content/events/src/nsEventStateManager.cpp:5251 18 xul.dll nsEventStateManager::SetContentState content/events/src/nsEventStateManager.cpp:4828 19 xul.dll nsGenericElement::SetFocus content/base/src/nsGenericElement.cpp:3069 20 xul.dll nsGenericHTMLElement::SetElementFocus content/html/content/src/nsGenericHTMLElement.cpp:2935 21 xul.dll nsHTMLTextAreaElement::Focus content/html/content/src/nsHTMLInputElement.cpp:1348 22 xul.dll nsGenericHTMLElementTearoff::Focus content/html/content/src/nsGenericHTMLElement.cpp:189 23 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101 24 xul.dll XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2424 Iframe content is: <html> <head> </head> <body> <span id="a" contenteditable="true" onfocus="window.frameElement.parentNode.removeChild(window.frameElement)" href="#"></span> <script> function mousedown(){ document.getElementById('a').focus(); } setTimeout(mousedown,100); </script> </body> </html>
|
Reporter | |
Comment 1•15 years ago
|
||
Still happening in today's trunk build.
|
||
Updated•15 years ago
|
Flags: blocking1.9.1?
|
Assignee | |
Comment 2•15 years ago
|
||
This is a null pointer crash. Regression from bug 88831.
Blocks: 88831
|
||
Comment 3•15 years ago
|
||
Well that hasn't landed in 1.9.1 and presumably will not (afaict).
|
|
||
Updated•15 years ago
|
Flags: blocking1.9.2?
|
|
Assignee | |
Updated•15 years ago
|
Assignee: nobody → Olli.Pettay
|
||
Comment 4•15 years ago
|
||
The crash is from nsIMEStateManager::OnTextStateFocus calling nsPresContext::GetViewManager when the PresShell is null I'm working on a patch.
|
|
Assignee | |
Comment 5•15 years ago
|
||
I already assigned this to me and I'm working on a patch too ;)
|
|
Assignee | |
Comment 6•15 years ago
|
||
This is sort of regression from bug 208190, which added inlined getter methods to PresContext.
|
|
Assignee | |
Comment 7•15 years ago
|
||
Calling nsPresContext::GetViewManager() at random times may crash, since the relevant nsIPresShell may be null. When nsPresContext and nsIPresShell merge, we can drop "GetPresShell()". But before that happens, the broken API should be just removed, IMO. Similar thing should be done for FrameManager() and StyleSet(), but since those are pretty layout/ related, bad usage is less likely.
Attachment #363949 -
Flags: superreview?(roc)
Attachment #363949 -
Flags: review?(roc)
|
|
Assignee | |
Comment 8•15 years ago
|
||
Comment on attachment 363949 [details] [diff] [review] remove nsPresContext::GetViewManager(); Actually, since David fixed bug 208190.
Attachment #363949 -
Flags: superreview?(roc)
Attachment #363949 -
Flags: superreview?(dbaron)
Attachment #363949 -
Flags: review?(roc)
Attachment #363949 -
Flags: review?(dbaron)
Comment on attachment 363949 [details] [diff] [review] remove nsPresContext::GetViewManager(); Probably better not to change the NS_ASSERTION in nsSelection.cpp to NS_ENSURE_STATE. With that, r+sr=dbaron.
Attachment #363949 -
Flags: superreview?(dbaron)
Attachment #363949 -
Flags: superreview+
Attachment #363949 -
Flags: review?(dbaron)
Attachment #363949 -
Flags: review+
|
|
Assignee | |
Comment 11•15 years ago
|
||
(In reply to comment #10) > (From update of attachment 363949 [details] [diff] [review]) > Probably better not to change the NS_ASSERTION in nsSelection.cpp to > NS_ENSURE_STATE. NS_ENSURE_STATE is there to prevent possible (though perhaps not even possible) crash. GetPresShell() may return null, so there should be the null check unless it is otherwise guaranteed that it can't return null.
|
|
Assignee | |
Comment 12•15 years ago
|
||
|
|
Assignee | |
Comment 13•15 years ago
|
||
|
|
Assignee | |
Updated•15 years ago
|
Attachment #366800 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 14•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/9088b4cee030
|
|
Assignee | |
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 15•15 years ago
|
||
Bustage fix http://hg.mozilla.org/mozilla-central/rev/a6842669ee0a
|
||
Comment 16•15 years ago
|
||
Verified fixed using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090312 Minefield/3.2a1pre and Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090312 Minefield/3.2a1pre. No crash with the testcase.
Status: RESOLVED → VERIFIED
|
||
Updated•15 years ago
|
Flags: blocking1.9.2? → blocking1.9.2+
|
||
Comment 17•15 years ago
|
||
Mass change: adding fixed1.9.2 keyword (This bug was identified as a mozilla1.9.2 blocker which was fixed before the mozilla-1.9.2 repository was branched (August 13th, 2009) as per this query: http://is.gd/2ydcb - if this bug is not actually fixed on mozilla1.9.2, please remove the keyword. Apologies for the bugspam)
Keywords: fixed1.9.2
|
||
Updated•15 years ago
|
status1.9.2:
--- → beta1-fixed
Keywords: fixed1.9.2
|
||
Updated•13 years ago
|
Crash Signature: [@ nsEventStateManager::PreHandleEvent]
|
|
||
Updated•5 years ago
|
Component: Event Handling → User events and focus handling
You need to log in
before you can comment on or make changes to this bug.
Description
•