Closed
Bug 49122
Opened 24 years ago
Closed 24 years ago
Crash on page with MAP, AREA
Categories
(Core :: Layout, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: termite, Assigned: waterson)
References
()
Details
(Keywords: crash, testcase, Whiteboard: [nsbeta3+] FIX IN HAND)
Attachments
(3 files)
|
378 bytes,
text/html
|
Details | |
|
24.27 KB,
text/plain
|
Details | |
|
6.87 KB,
patch
|
Details | Diff | Splinter Review |
the above url crashes before it loads completely. Nothing much else to say ;).
|
||
Comment 1•24 years ago
|
||
Confirmed on Linux 2000-08-15-05. Backtrace:
#0 0x0 in ?? ()
#1 0x4012510a in nsQueryInterface::operator() (this=0xbfffe1f0,
aIID=@0x41ad12d0, answer=0xbfffe0f0) at nsCOMPtr.cpp:32
#2 0x419c4cbc in nsCOMPtr<nsIAnonymousContentCreator>::assign_from_helper
(this=0xbfffe220, helper=@0xbfffe1f0, aIID=@0x41ad12d0) at
../../../dist/include/nsCOMPtr.h:856
#3 0x419c5319 in nsCOMPtr<nsIAnonymousContentCreator>::nsCOMPtr
(this=0xbfffe220, helper=@0xbfffe1f0) at ../../../dist/include/nsCOMPtr.h:564
#4 0x41916b14 in nsGenericElement::SetDocument (this=0x86ed02c, aDocument=0x0,
aDeep=1, aCompileEventHandlers=1) at nsGenericElement.cpp:1295
#5 0x4168437c in nsGenericHTMLElement::SetDocument (this=0x86ed02c,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1) at nsGenericHTMLElement.cpp:965
#6 0x416961ca in nsHTMLAreaElement::SetDocument (this=0x86ed010, aDocument=0x0,
aDeep=1, aCompileEventHandlers=1) at nsHTMLAreaElement.cpp:100
#7 0x41916563 in nsGenericElement::SetDocumentInChildrenOf (aContent=0x8727ce8,
aDocument=0x0, aCompileEventHandlers=1) at nsGenericElement.cpp:1236
#8 0x41916da5 in nsGenericElement::SetDocument (this=0x8727cf4, aDocument=0x0,
aDeep=1, aCompileEventHandlers=1) at nsGenericElement.cpp:1325
#9 0x4168437c in nsGenericHTMLElement::SetDocument (this=0x8727cf4,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1) at nsGenericHTMLElement.cpp:965
#10 0x416ef817 in nsHTMLMapElement::SetDocument (this=0x8727ce0, aDocument=0x0,
aDeep=1, aCompileEventHandlers=1) at nsHTMLMapElement.cpp:282
#11 0x41916563 in nsGenericElement::SetDocumentInChildrenOf (aContent=0x871a680,
aDocument=0x0, aCompileEventHandlers=1) at nsGenericElement.cpp:1236
#12 0x41916da5 in nsGenericElement::SetDocument (this=0x871a68c, aDocument=0x0,
aDeep=1, aCompileEventHandlers=1) at nsGenericElement.cpp:1325
#13 0x4168437c in nsGenericHTMLElement::SetDocument (this=0x871a68c,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1) at nsGenericHTMLElement.cpp:965
#14 0x41705846 in nsHTMLParagraphElement::SetDocument (this=0x871a678,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1) at
nsHTMLParagraphElement.cpp:67
#15 0x41916563 in nsGenericElement::SetDocumentInChildrenOf (aContent=0x86156d4,
aDocument=0x0, aCompileEventHandlers=1) at nsGenericElement.cpp:1236
#16 0x41916da5 in nsGenericElement::SetDocument (this=0x86156e0, aDocument=0x0,
aDeep=1, aCompileEventHandlers=1) at nsGenericElement.cpp:1325
#17 0x4168437c in nsGenericHTMLElement::SetDocument (this=0x86156e0,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1) at nsGenericHTMLElement.cpp:965
#18 0x41729e5a in nsHTMLTableCellElement::SetDocument (this=0x86156c8,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1) at
nsHTMLTableCellElement.cpp:108
#19 0x41916563 in nsGenericElement::SetDocumentInChildrenOf (aContent=0x8615690,
aDocument=0x0, aCompileEventHandlers=1) at nsGenericElement.cpp:1236
#20 0x41916da5 in nsGenericElement::SetDocument (this=0x861569c, aDocument=0x0,
aDeep=1, aCompileEventHandlers=1) at nsGenericElement.cpp:1325
#21 0x4168437c in nsGenericHTMLElement::SetDocument (this=0x861569c,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1) at nsGenericHTMLElement.cpp:965
#22 0x41733462 in nsHTMLTableRowElement::SetDocument (this=0x8615688,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1) at
nsHTMLTableRowElement.cpp:184
#23 0x41916563 in nsGenericElement::SetDocumentInChildrenOf (aContent=0x86141f0,
aDocument=0x0, aCompileEventHandlers=1) at nsGenericElement.cpp:1236
#24 0x41916da5 in nsGenericElement::SetDocument (this=0x86141fc, aDocument=0x0,
aDeep=1, aCompileEventHandlers=1) at nsGenericElement.cpp:1325
#25 0x4168437c in nsGenericHTMLElement::SetDocument (this=0x86141fc,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1) at nsGenericHTMLElement.cpp:965
#26 0x4173630a in nsHTMLTableSectionElement::SetDocument (this=0x86141e8,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1) at
nsHTMLTableSectionElement.cpp:79
#27 0x41916563 in nsGenericElement::SetDocumentInChildrenOf (aContent=0x8613fe0,
aDocument=0x0, aCompileEventHandlers=1) at nsGenericElement.cpp:1236
#28 0x41916da5 in nsGenericElement::SetDocument (this=0x8613fec, aDocument=0x0,
aDeep=1, aCompileEventHandlers=1) at nsGenericElement.cpp:1325
#29 0x4168437c in nsGenericHTMLElement::SetDocument (this=0x8613fec,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1) at nsGenericHTMLElement.cpp:965
#30 0x41723dc2 in nsHTMLTableElement::SetDocument (this=0x8613fd8,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1) at nsHTMLTableElement.cpp:114
#31 0x41916563 in nsGenericElement::SetDocumentInChildrenOf (aContent=0x8613f00,
aDocument=0x0, aCompileEventHandlers=1) at nsGenericElement.cpp:1236
#32 0x41916da5 in nsGenericElement::SetDocument (this=0x8613f0c, aDocument=0x0,
aDeep=1, aCompileEventHandlers=1) at nsGenericElement.cpp:1325
#33 0x4168437c in nsGenericHTMLElement::SetDocument (this=0x8613f0c,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1) at nsGenericHTMLElement.cpp:965
#34 0x4171b152 in nsHTMLSpanElement::SetDocument (this=0x8613ef8, aDocument=0x0,
aDeep=1, aCompileEventHandlers=1) at nsHTMLSpanElement.cpp:58
#35 0x4168b469 in nsGenericHTMLContainerElement::RemoveChildAt (this=0x8617138,
aIndex=0, aNotify=1) at nsGenericHTMLElement.cpp:3537
#36 0x416bd98a in nsHTMLFormElement::RemoveChildAt (this=0x8617118, aIndex=0,
aNotify=1) at nsHTMLFormElement.cpp:94
#37 0x417491d6 in SinkContext::DemoteContainer (this=0x871c208,
aNode=@0xbfffef34) at nsHTMLContentSink.cpp:1634
#38 0x4174d517 in HTMLContentSink::CloseForm (this=0x870e720, aNode=@0xbfffef34)
at nsHTMLContentSink.cpp:2895
#39 0x4122b502 in CNavDTD::CloseForm (this=0x870e138, aNode=0xbfffef34) at
CNavDTD.cpp:2971
#40 0x4122bc02 in CNavDTD::CloseContainer (this=0x870e138, aNode=0xbfffef34,
aTarget=eHTMLTag_form, aClosedByStartTag=0) at CNavDTD.cpp:3240
#41 0x412293ec in CNavDTD::HandleEndToken (this=0x870e138, aToken=0x8472628) at
CNavDTD.cpp:1746
#42 0x412271aa in CNavDTD::HandleToken (this=0x870e138, aToken=0x8472628,
aParser=0x871acf8) at CNavDTD.cpp:773
#43 0x41226877 in CNavDTD::BuildModel (this=0x870e138, aParser=0x871acf8,
aTokenizer=0x86ed7a0, anObserver=0x0, aSink=0x870e720) at CNavDTD.cpp:499
#44 0x4123c8c7 in nsParser::BuildModel (this=0x871acf8) at nsParser.cpp:1983
#45 0x4123c65d in nsParser::ResumeParse (this=0x871acf8, allowIteration=1,
aIsFinalChunk=0) at nsParser.cpp:1864
#46 0x4123d422 in nsParser::OnDataAvailable (this=0x871acf8, channel=0x870f6f0,
aContext=0x0, pIStream=0x8715ff4, sourceOffset=0, aLength=2680) at
nsParser.cpp:2314
#47 0x40f6dc0e in nsDocumentOpenInfo::OnDataAvailable (this=0x86edf18,
aChannel=0x870f6f0, aCtxt=0x0, inStr=0x8715ff4, sourceOffset=0, count=2680) at
nsURILoader.cpp:251
#48 0x40e1f89f in nsHTTPFinalListener::OnDataAvailable (this=0x8503418,
aChannel=0x870f6f0, aContext=0x0, aStream=0x8715ff4, aSourceOffset=0,
aCount=2680) at nsHTTPResponseListener.cpp:1223
#49 0x40e1ddf5 in nsHTTPServerListener::OnDataAvailable (this=0x870f8a0,
channel=0x871691c, context=0x870f6f0, i_pStream=0x8715ff4, i_SourceOffset=24576,
i_Length=2680) at nsHTTPResponseListener.cpp:551
#50 0x40db60a4 in nsOnDataAvailableEvent::HandleEvent (this=0x41f01450) at
nsAsyncStreamListener.cpp:400
#51 0x40db5317 in nsStreamListenerEvent::HandlePLEvent (aEvent=0x41f01478) at
nsAsyncStreamListener.cpp:97
#52 0x4011730f in PL_HandleEvent (self=0x41f01478) at plevent.c:587
#53 0x401171b1 in PL_ProcessPendingEvents (self=0x80d3078) at plevent.c:528
#54 0x40118f31 in nsEventQueueImpl::ProcessPendingEvents (this=0x80d3050) at
nsEventQueue.cpp:356
#55 0x409deec8 in event_processor_callback (data=0x80d3050, source=8,
condition=GDK_INPUT_READ) at nsAppShell.cpp:158
#56 0x409deb07 in our_gdk_io_invoke (source=0x81d4fa8, condition=G_IO_IN,
data=0x81d4f98) at nsAppShell.cpp:58
#57 0x40b9920e in g_io_unix_dispatch (source_data=0x81d4fc0,
current_time=0xbffff65c, user_data=0x81d4f98) at giounix.c:135
#58 0x40b9a717 in g_main_dispatch (dispatch_time=0xbffff65c) at gmain.c:656
#59 0x40b9acdb in g_main_iterate (block=1, dispatch=1) at gmain.c:877
#60 0x40b9ae59 in g_main_run (loop=0x81d5008) at gmain.c:935
#61 0x40acc069 in gtk_main () at gtkmain.c:476
#62 0x409df5b1 in nsAppShell::Run (this=0x810afe8) at nsAppShell.cpp:335
#63 0x40510388 in nsAppShellService::Run (this=0x810f738) at
nsAppShellService.cpp:378
#64 0x805558c in main1 (argc=1, argv=0xbffff964, nativeApp=0x0) at
nsAppRunner.cpp:943
#65 0x8055c70 in main (argc=1, argv=0xbffff964) at nsAppRunner.cpp:1123
#66 0x4035e2e7 in __libc_start_main () from /lib/libc.so.6
Keywords: crash
|
||
Comment 2•24 years ago
|
||
I don't get quite as far
nsGenericElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1296]
nsGenericHTMLElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsGenericHTMLElement.cpp,li
ne966]
nsHTMLSpanElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLSpanElement.cpp]
nsGenericElement::SetDocumentInChildrenOf
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1237]
nsGenericElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1328]
nsGenericHTMLElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsGenericHTMLElement.cpp,li
ne966]
nsHTMLMapElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLMapElement.cpp,line28
4]
nsGenericElement::SetDocumentInChildrenOf
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1237]
nsGenericElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1328]
nsGenericHTMLElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsGenericHTMLElement.cpp,li
ne966]
nsHTMLSpanElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLSpanElement.cpp]
nsGenericElement::SetDocumentInChildrenOf
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1237]
nsGenericElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1328]
nsGenericHTMLElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsGenericHTMLElement.cpp,li
ne966]
nsHTMLSpanElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLSpanElement.cpp]
nsGenericElement::SetDocumentInChildrenOf
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1237]
nsGenericElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1328]
nsGenericHTMLElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsGenericHTMLElement.cpp,li
ne966]
nsHTMLSpanElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLSpanElement.cpp]
nsGenericElement::SetDocumentInChildrenOf
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1237]
nsGenericElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1328]
nsGenericHTMLElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsGenericHTMLElement.cpp,li
ne966]
nsHTMLSpanElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLSpanElement.cpp]
nsGenericElement::SetDocumentInChildrenOf
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1237]
nsGenericElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1328]
nsGenericHTMLElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsGenericHTMLElement.cpp,li
ne966]
nsHTMLSpanElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLSpanElement.cpp]
nsGenericElement::SetDocumentInChildrenOf
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1237]
nsGenericElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\base\src\nsGenericElement.cpp,line1328]
nsGenericHTMLElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsGenericHTMLElement.cpp,li
ne966]
nsHTMLSpanElement::SetDocument
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLSpanElement.cpp]
nsGenericHTMLContainerElement::RemoveChildAt
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsGenericHTMLElement.cpp,li
ne3538]
nsHTMLFormElement::RemoveChildAt
[d:\builds\seamonkey\mozilla\layout\html\content\src\nsHTMLFormElement.cpp,line9
4]
SinkContext::DemoteContainer
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp,line
1637]
HTMLContentSink::CloseForm
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp,line
2897]
CNavDTD::CloseForm
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp,line2976]
CNavDTD::CloseContainer
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp,line3241]
CNavDTD::HandleEndToken
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp,line1747]
CNavDTD::HandleToken
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp,line770]
CNavDTD::BuildModel
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp,line504]
nsParser::BuildModel
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp,line1987]
nsParser::ResumeParse
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp,line1866]
nsParser::OnDataAvailable
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp,line2319]
nsDocumentOpenInfo::OnDataAvailable
[d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp,line252]
nsHTTPFinalListener::OnDataAvailable
[d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp
p,line1228]
nsHTTPChunkConv::OnDataAvailable
[d:\builds\seamonkey\mozilla\netwerk\streamconv\converters\nsHTTPChunkConv.cpp,l
ine213]
nsHTTPServerListener::OnDataAvailable
[d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp
p,line554]
nsOnDataAvailableEvent::HandleEvent
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp,line406]
nsStreamListenerEvent::HandlePLEvent
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp,line106]
PL_HandleEvent
[d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c,line588]
PL_ProcessPendingEvents
[d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c,line547]
_md_EventReceiverProc
[d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c,line1045]
USER32.dll+0x1820(0x77e71820)
|
|
||
Comment 3•24 years ago
|
||
adding dbaron@fas.harvard.edu over to layout.
Assignee: asa → clayton
Component: Browser-General → Layout
QA Contact: doronr → petersen
#0 0x0 in ?? ()
No symbol table info available.
#1 0x40126ee6 in nsQueryInterface::operator() (this=0xbfffe124,
aIID=@0x41973810, answer=0xbfffe024)
at /home/david/mozilla/src/mozilla/xpcom/base/nsCOMPtr.cpp:32
this = (nsQueryInterface *) 0xbfffe124
status = 149063016
#2 0x4184223c in nsCOMPtr<nsIAnonymousContentCreator>::assign_from_helper (
this=0xbfffe154, helper=@0xbfffe124, aIID=@0x41973810)
at ../../../dist/include/nsCOMPtr.h:856
this = (nsCOMPtr<nsIAnonymousContentCreator> *) 0xbfffe154
newRawPtr = (nsIAnonymousContentCreator *) 0x419cc3e0
#3 0x418428bd in nsCOMPtr<nsIAnonymousContentCreator>::nsCOMPtr (
this=0xbfffe154, helper=@0xbfffe124)
at ../../../dist/include/nsCOMPtr.h:564
this = (nsCOMPtr<nsIAnonymousContentCreator> *) 0xbfffe154
helper = (nsQueryInterface &) @0xbfffe124: {<nsCOMPtr_helper> = {
_vptr. = 0x40192cec <nsQueryInterface virtual table>},
mRawPtr = 0x928c4b4, mErrorPtr = 0x0}
#4 0x4176d71c in nsGenericElement::SetDocument (this=0x9247b74,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1)
at /home/david/mozilla/src/mozilla/layout/base/src/nsGenericElement.cpp:1295
creator = {mRawPtr = 0x0}
frame = (nsIFrame *) 0x928c4b4
bindingManager = {mRawPtr = 0x8ff2198}
shell = {mRawPtr = 0x8e28568}
#5 0x414d8ec4 in nsGenericHTMLElement::SetDocument (this=0x9247b74,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1)
at
/home/david/mozilla/src/mozilla/layout/html/content/src/nsGenericHTMLElement.cpp:965
this = (nsGenericHTMLElement *) 0x9247b74
doNothing = 0
result = 1100792800
#6 0x414eacda in nsHTMLAreaElement::SetDocument (this=0x9247b58,
aDocument=0x0, aDeep=1, aCompileEventHandlers=1)
at
/home/david/mozilla/src/mozilla/layout/html/content/src/nsHTMLAreaElement.cpp:100
this = (nsHTMLAreaElement *) 0x9247b58
aDocument = (nsIDocument *) 0x0
#7 0x4176d16b in nsGenericElement::SetDocumentInChildrenOf (
aContent=0x9247c80, aDocument=0x0, aCompileEventHandlers=1)
at /home/david/mozilla/src/mozilla/layout/base/src/nsGenericElement.cpp:1236
child = (nsIContent *) 0x9247b68
i = 0
...
|
|
||
Comment 5•24 years ago
|
||
|
|
||
Comment 6•24 years ago
|
||
Shockingly enough, this crasher can actually be distilled to valid HTML. See
the attached testcase. The testcase is VERY fragile: even whitespace (e.g. a
newline between <BODY> and <FORM>) makes the crash go away. CC'ing rickg
because parser should not have whitespace sensitivity.
See also Bug 48427.
Summary: Crash on load → Crash on page with MAP, AREA
http://www.gatewayatwork.com/gw_atwork/edu/gw_edu.shtml crashes with a very
similar stack trace - looks again like a bad frame for an area element within
DemoteContainer.
|
Assignee | |
Comment 9•24 years ago
|
||
Crasher, with at least one dup. Nominating for nsbeta3.
Status: NEW → ASSIGNED
Keywords: nsbeta3
|
||
Comment 10•24 years ago
|
||
Approving for beta3: crashing is impolite to users...
Whiteboard: [nsbeta3+]
|
||
Comment 11•24 years ago
|
||
|
|
Assignee | |
Comment 12•24 years ago
|
||
dbaron's checkin to fix anonymous content exposed a bug in joki's
(recently-landed-by-saari on 08-AUG-2000) code:
http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&r
oot=/cvsroot&subdir=mozilla/layout/html/base/src&command=DIFF_FRAMESET&file=nsI
mageFrame.cpp&rev2=1.129&rev1=1.128
The problem is that we set the primary frame for the <area> element to the
image frame. When the image frame is nuked, he doesn't clean up the frame map.
I'll work up a patch.
|
|
Assignee | |
Comment 13•24 years ago
|
||
*** Bug 48427 has been marked as a duplicate of this bug. ***
|
|
Assignee | |
Comment 14•24 years ago
|
||
Well, the more I look at joki's change, the less I like it.
1. It puts stuff into the frame manager that it doesn't clean up.
2. If somebody tinkers with the <map> elements beneath an <area> (e.g., via
Node::removeChild), there is no way to ever clean it up.
3. It assumes all the elements beneath a <map> are <area>s, and lord only knows
what'll happen if they aren't.
Could somebody please point me to what he was trying to fix with this, so I can
try to figure something better out?
|
|
Assignee | |
Comment 15•24 years ago
|
||
I WILL REFRAIN FROM CRITICIZING SYSTEMS THAT I DO NOT UNDERSTAND.
saari pointed out to me that nsImageMap already does most of this stuff. I'm
about to attach a (not very well tested) patch for comment. It move the frame
manager twiddling into nsImageMap.cpp, so that it we'll keep the frame manager
in sync with the content.
|
|
Assignee | |
Comment 16•24 years ago
|
||
|
|
Assignee | |
Comment 17•24 years ago
|
||
|
|
Assignee | |
Updated•24 years ago
|
Whiteboard: [nsbeta3+] → [nsbeta3+] FIX IN HAND
|
|
Assignee | |
Comment 18•24 years ago
|
||
fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
|
|
||
Comment 19•24 years ago
|
||
Looks fixed on Linux 2000-08-19-08. The given URL does not crash the browser.
|
|
||
Comment 20•24 years ago
|
||
Verified fixed in the Aug 24 build (2000082409).
Status: RESOLVED → VERIFIED
|
||
Comment 21•16 years ago
|
||
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/5a6def05ccbc
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•