Closed Bug 487601 Opened 11 years ago Closed 11 years ago

Crash [@ nsTextStateManager::Init] contenteditable and onfocus removing window

Categories

(Core :: DOM: UI Events & Focus Handling, defect, critical)

x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla1.9.2a1
Tracking Status
status1.9.2 --- beta1-fixed

People

(Reporter: martijn.martijn, Assigned: masayuki)

References

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(2 files)

Attached file testcase
See testcase, which crashes current trunk build on load.

To see this crash, you need to have the intl.enable_tsf_support pref set to true.

It doesn't crash in a 2009-02-09 build, it does crash in a 2009-02-11 build. I think a regression from bug 88831.

The iframe content consists of this:
<html xmlns="http://www.w3.org/1999/xhtml">
<embed id="a"/>
<script>
document.getElementById('a').focus();
</script>
</html>

http://crash-stats.mozilla.com/report/index/40e52958-f61c-40e8-a3aa-0c3bd2090409?p=1
0  	xul.dll  	nsTextStateManager::Init  	 content/events/src/nsIMEStateManager.cpp:369
1 	xul.dll 	xul.dll@0x3553f3 	
2 	xul.dll 	nsEventStateManager::PreHandleEvent 	content/events/src/nsEventStateManager.cpp:1252
3 	xul.dll 	PresShell::HandleEventInternal 	layout/base/nsPresShell.cpp:6127
4 	xul.dll 	PresShell::HandleEvent 	layout/base/nsPresShell.cpp:5931
5 	xul.dll 	nsViewManager::DispatchEvent 	view/src/nsViewManager.cpp:1325
6 	xul.dll 	HandleEvent 	view/src/nsView.cpp:167
7 	xul.dll 	nsWindow::DispatchEvent 	widget/src/windows/nsWindow.cpp:919
8 	xul.dll 	nsWindow::DispatchWindowEvent 	widget/src/windows/nsWindow.cpp:939
9 	xul.dll 	nsWindow::DispatchFocus 	widget/src/windows/nsWindow.cpp:6601
10 	xul.dll 	nsWindow::ProcessMessage 	widget/src/windows/nsWindow.cpp:4767
11 	xul.dll 	nsWindow::WindowProc 	widget/src/windows/nsWindow.cpp:1135
12 	user32.dll 	InternalCallWinProc 	
13 	user32.dll 	UserCallWinProcCheckWow 	
14 	user32.dll 	DispatchClientMessage 	
15 	user32.dll 	__fnDWORD 	
16 	ntdll.dll 	KiUserCallbackDispatcher 	
17 	xul.dll 	nsGenericHTMLElement::UpdateEditableState 	
18 	xul.dll 	nsEventStateManager::SendFocusBlur 	content/events/src/nsEventStateManager.cpp:5510
19 	xul.dll 	nsEventStateManager::SetContentState 	content/events/src/nsEventStateManager.cpp:5091
20 	xul.dll 	nsGenericElement::SetFocus 	content/base/src/nsGenericElement.cpp:3068
21 	xul.dll 	nsGenericHTMLElement::SetElementFocus 	content/html/content/src/nsGenericHTMLElement.cpp:2961
22 	xul.dll 	nsHTMLInputElement::Focus 	content/html/content/src/nsGenericHTMLElement.cpp:2987
23 	xul.dll 	nsGenericHTMLElementTearoff::Focus 	content/html/content/src/nsGenericHTMLElement.cpp:189
24 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101
25 	xul.dll 	XPCWrappedNative::CallMethod 	js/src/xpconnect/src/xpcwrappednative.cpp:2480
Flags: blocking1.9.2?
Attached patch Patch v1.0Splinter Review
This patch is separated from bug 460059.

The crash was happened by accessing to a method of the null nsCOMPtr<nsIContent>.

And also I fixes wrong NS_ENSURE_SUCCESS using point in OnTextStateFocus. We should not return NS_OK when the rv value is not expected error code. And also we should not output very many warning messages at returning NS_OK.
Assignee: nobody → masayuki
Status: NEW → ASSIGNED
Attachment #373251 - Flags: superreview?(roc)
Attachment #373251 - Flags: review?(roc)
Attachment #373251 - Flags: superreview?(roc)
Attachment #373251 - Flags: superreview+
Attachment #373251 - Flags: review?(roc)
Attachment #373251 - Flags: review+
http://hg.mozilla.org/mozilla-central/rev/a3cc8dd89cdb
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.2a1
Flags: blocking1.9.2? → blocking1.9.2+
Mass change: adding fixed1.9.2 keyword

(This bug was identified as a mozilla1.9.2 blocker which was fixed before the mozilla-1.9.2 repository was branched (August 13th, 2009) as per this query: http://is.gd/2ydcb - if this bug is not actually fixed on mozilla1.9.2, please remove the keyword. Apologies for the bugspam)
Keywords: fixed1.9.2
Crash Signature: [@ nsTextStateManager::Init]
Component: Event Handling → User events and focus handling
You need to log in before you can comment on or make changes to this bug.