Closed
Bug 478245
Opened 16 years ago
Closed 16 years ago
Crash [@ nsEventStateManager::PreHandleEvent] with onfocus removing window and contenteditable
Categories
(Core :: DOM: UI Events & Focus Handling, defect)
Tracking
()
VERIFIED
FIXED
Tracking | Status | |
---|---|---|
status1.9.2 | --- | beta1-fixed |
People
(Reporter: martijn.martijn, Assigned: smaug)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(3 files, 1 obsolete file)
649 bytes,
text/html
|
Details | |
21.04 KB,
patch
|
dbaron
:
review+
dbaron
:
superreview+
|
Details | Diff | Splinter Review |
21.88 KB,
patch
|
Details | Diff | Splinter Review |
See testcase, which crashes current trunk build.
This seems to have regressed between 2009-02-09 and 2009-02-10:
http://hg.mozilla.org/mozilla-central/pushloghtml?startdate=2009-02-10+04%3A00%3A00&enddate=2009-02-11+06%3A00%3A00
http://crash-stats.mozilla.com/report/index/d79afdbb-2ae9-456f-ada1-e24e82090212?p=1
Frame Module Signature [Expand] Source
0 xul.dll xul.dll@0x330e6a
1 xul.dll nsEventStateManager::PreHandleEvent content/events/src/nsEventStateManager.cpp:1083
2 xul.dll PresShell::HandleEventInternal layout/base/nsPresShell.cpp:5917
3 xul.dll PresShell::HandleEvent layout/base/nsPresShell.cpp:5721
4 xul.dll nsViewManager::DispatchEvent view/src/nsViewManager.cpp:1338
5 xul.dll HandleEvent view/src/nsView.cpp:167
6 xul.dll nsWindow::DispatchEvent widget/src/windows/nsWindow.cpp:1019
7 xul.dll nsWindow::DispatchWindowEvent widget/src/windows/nsWindow.cpp:1039
8 xul.dll nsWindow::DispatchFocus widget/src/windows/nsWindow.cpp:6498
9 xul.dll nsWindow::ProcessMessage widget/src/windows/nsWindow.cpp:4790
10 xul.dll nsWindow::WindowProc widget/src/windows/nsWindow.cpp:1235
11 user32.dll InternalCallWinProc
12 user32.dll UserCallWinProcCheckWow
13 user32.dll DispatchClientMessage
14 user32.dll __fnDWORD
15 ntdll.dll KiUserCallbackDispatcher
16 xul.dll nsAString_internal::Replace
17 xul.dll nsEventStateManager::SendFocusBlur content/events/src/nsEventStateManager.cpp:5251
18 xul.dll nsEventStateManager::SetContentState content/events/src/nsEventStateManager.cpp:4828
19 xul.dll nsGenericElement::SetFocus content/base/src/nsGenericElement.cpp:3069
20 xul.dll nsGenericHTMLElement::SetElementFocus content/html/content/src/nsGenericHTMLElement.cpp:2935
21 xul.dll nsHTMLTextAreaElement::Focus content/html/content/src/nsHTMLInputElement.cpp:1348
22 xul.dll nsGenericHTMLElementTearoff::Focus content/html/content/src/nsGenericHTMLElement.cpp:189
23 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101
24 xul.dll XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2424
Iframe content is:
<html>
<head>
</head>
<body>
<span id="a" contenteditable="true" onfocus="window.frameElement.parentNode.removeChild(window.frameElement)" href="#"></span>
<script>
function mousedown(){
document.getElementById('a').focus();
}
setTimeout(mousedown,100);
</script>
</body>
</html>
Reporter | ||
Comment 1•16 years ago
|
||
Still happening in today's trunk build.
Updated•16 years ago
|
Flags: blocking1.9.1?
Assignee | ||
Comment 2•16 years ago
|
||
This is a null pointer crash. Regression from bug 88831.
Blocks: 88831
Comment 3•16 years ago
|
||
Well that hasn't landed in 1.9.1 and presumably will not (afaict).
Updated•16 years ago
|
Flags: blocking1.9.2?
Assignee | ||
Updated•16 years ago
|
Assignee: nobody → Olli.Pettay
Comment 4•16 years ago
|
||
The crash is from nsIMEStateManager::OnTextStateFocus calling nsPresContext::GetViewManager when the PresShell is null
I'm working on a patch.
Assignee | ||
Comment 5•16 years ago
|
||
I already assigned this to me and I'm working on a patch too ;)
Assignee | ||
Comment 6•16 years ago
|
||
This is sort of regression from bug 208190, which added inlined getter methods to
PresContext.
Assignee | ||
Comment 7•16 years ago
|
||
Calling nsPresContext::GetViewManager() at random times may crash, since
the relevant nsIPresShell may be null.
When nsPresContext and nsIPresShell merge, we can drop "GetPresShell()".
But before that happens, the broken API should be just removed, IMO.
Similar thing should be done for FrameManager() and StyleSet(), but since
those are pretty layout/ related, bad usage is less likely.
Attachment #363949 -
Flags: superreview?(roc)
Attachment #363949 -
Flags: review?(roc)
Assignee | ||
Comment 8•16 years ago
|
||
Comment on attachment 363949 [details] [diff] [review]
remove nsPresContext::GetViewManager();
Actually, since David fixed bug 208190.
Attachment #363949 -
Flags: superreview?(roc)
Attachment #363949 -
Flags: superreview?(dbaron)
Attachment #363949 -
Flags: review?(roc)
Attachment #363949 -
Flags: review?(dbaron)
Comment on attachment 363949 [details] [diff] [review]
remove nsPresContext::GetViewManager();
Probably better not to change the NS_ASSERTION in nsSelection.cpp to NS_ENSURE_STATE.
With that, r+sr=dbaron.
Attachment #363949 -
Flags: superreview?(dbaron)
Attachment #363949 -
Flags: superreview+
Attachment #363949 -
Flags: review?(dbaron)
Attachment #363949 -
Flags: review+
Assignee | ||
Comment 11•16 years ago
|
||
(In reply to comment #10)
> (From update of attachment 363949 [details] [diff] [review])
> Probably better not to change the NS_ASSERTION in nsSelection.cpp to
> NS_ENSURE_STATE.
NS_ENSURE_STATE is there to prevent possible (though perhaps not even possible) crash. GetPresShell() may return null, so there should be the null check
unless it is otherwise guaranteed that it can't return null.
Assignee | ||
Comment 12•16 years ago
|
||
Assignee | ||
Comment 13•16 years ago
|
||
Assignee | ||
Updated•16 years ago
|
Attachment #366800 -
Attachment is obsolete: true
Assignee | ||
Comment 14•16 years ago
|
||
Assignee | ||
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 15•16 years ago
|
||
Comment 16•16 years ago
|
||
Verified fixed using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090312 Minefield/3.2a1pre and Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090312 Minefield/3.2a1pre. No crash with the testcase.
Status: RESOLVED → VERIFIED
Updated•15 years ago
|
Flags: blocking1.9.2? → blocking1.9.2+
Comment 17•15 years ago
|
||
Mass change: adding fixed1.9.2 keyword
(This bug was identified as a mozilla1.9.2 blocker which was fixed before the mozilla-1.9.2 repository was branched (August 13th, 2009) as per this query: http://is.gd/2ydcb - if this bug is not actually fixed on mozilla1.9.2, please remove the keyword. Apologies for the bugspam)
Keywords: fixed1.9.2
Updated•15 years ago
|
status1.9.2:
--- → beta1-fixed
Keywords: fixed1.9.2
Updated•13 years ago
|
Crash Signature: [@ nsEventStateManager::PreHandleEvent]
Updated•6 years ago
|
Component: Event Handling → User events and focus handling
You need to log in
before you can comment on or make changes to this bug.
Description
•