487601 - Crash [@ nsTextStateManager::Init] contenteditable and onfocus removing window

Status: RESOLVED FIXED

(Core :: DOM: UI Events & Focus Handling, defect)

Description

[Martijn Wargers (dead)]

Attachment: testcase

See testcase, which crashes current trunk build on load.

To see this crash, you need to have the intl.enable_tsf_support pref set to true.

It doesn't crash in a 2009-02-09 build, it does crash in a 2009-02-11 build. I think a regression from bug 88831.

The iframe content consists of this:
<html xmlns="http://www.w3.org/1999/xhtml">
<embed id="a"/>
<script>
document.getElementById('a').focus();
</script>
</html>

http://crash-stats.mozilla.com/report/index/40e52958-f61c-40e8-a3aa-0c3bd2090409?p=1
0  	xul.dll  	nsTextStateManager::Init  	 content/events/src/nsIMEStateManager.cpp:369
1 	xul.dll 	xul.dll@0x3553f3 	
2 	xul.dll 	nsEventStateManager::PreHandleEvent 	content/events/src/nsEventStateManager.cpp:1252
3 	xul.dll 	PresShell::HandleEventInternal 	layout/base/nsPresShell.cpp:6127
4 	xul.dll 	PresShell::HandleEvent 	layout/base/nsPresShell.cpp:5931
5 	xul.dll 	nsViewManager::DispatchEvent 	view/src/nsViewManager.cpp:1325
6 	xul.dll 	HandleEvent 	view/src/nsView.cpp:167
7 	xul.dll 	nsWindow::DispatchEvent 	widget/src/windows/nsWindow.cpp:919
8 	xul.dll 	nsWindow::DispatchWindowEvent 	widget/src/windows/nsWindow.cpp:939
9 	xul.dll 	nsWindow::DispatchFocus 	widget/src/windows/nsWindow.cpp:6601
10 	xul.dll 	nsWindow::ProcessMessage 	widget/src/windows/nsWindow.cpp:4767
11 	xul.dll 	nsWindow::WindowProc 	widget/src/windows/nsWindow.cpp:1135
12 	user32.dll 	InternalCallWinProc 	
13 	user32.dll 	UserCallWinProcCheckWow 	
14 	user32.dll 	DispatchClientMessage 	
15 	user32.dll 	__fnDWORD 	
16 	ntdll.dll 	KiUserCallbackDispatcher 	
17 	xul.dll 	nsGenericHTMLElement::UpdateEditableState 	
18 	xul.dll 	nsEventStateManager::SendFocusBlur 	content/events/src/nsEventStateManager.cpp:5510
19 	xul.dll 	nsEventStateManager::SetContentState 	content/events/src/nsEventStateManager.cpp:5091
20 	xul.dll 	nsGenericElement::SetFocus 	content/base/src/nsGenericElement.cpp:3068
21 	xul.dll 	nsGenericHTMLElement::SetElementFocus 	content/html/content/src/nsGenericHTMLElement.cpp:2961
22 	xul.dll 	nsHTMLInputElement::Focus 	content/html/content/src/nsGenericHTMLElement.cpp:2987
23 	xul.dll 	nsGenericHTMLElementTearoff::Focus 	content/html/content/src/nsGenericHTMLElement.cpp:189
24 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101
25 	xul.dll 	XPCWrappedNative::CallMethod 	js/src/xpconnect/src/xpcwrappednative.cpp:2480

Comment 1

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

Attachment: Patch v1.0

This patch is separated from bug 460059.

The crash was happened by accessing to a method of the null nsCOMPtr<nsIContent>.

And also I fixes wrong NS_ENSURE_SUCCESS using point in OnTextStateFocus. We should not return NS_OK when the rv value is not expected error code. And also we should not output very many warning messages at returning NS_OK.

Comment 2

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

http://hg.mozilla.org/mozilla-central/rev/a3cc8dd89cdb

Comment 3

[Mike Beltzner [:beltzner, not reading bugmail]]

Mass change: adding fixed1.9.2 keyword

(This bug was identified as a mozilla1.9.2 blocker which was fixed before the mozilla-1.9.2 repository was branched (August 13th, 2009) as per this query: http://is.gd/2ydcb - if this bug is not actually fixed on mozilla1.9.2, please remove the keyword. Apologies for the bugspam)