Closed Bug 497633 Opened 16 years ago Closed 16 years ago

Crash [@ nsFocusManager::Focus] with onblur removing window on frameset

Tracking

()

Status:

VERIFIED FIXED

People

(Reporter: martijn.martijn, Assigned: enndeakin)

References

Details

(Keywords: crash, regression, testcase)

Crash Data

Attachments

(2 files, 1 obsolete file)

testcase 16 years ago Martijn Wargers (dead) 618 bytes, text/html		Details
add a nullcheck 16 years ago Neil Deakin 2.07 KB, patch		Details \| Diff \| Splinter Review
add tests 16 years ago Neil Deakin 6.79 KB, patch	smaug : review+ smaug : superreview+	Details \| Diff \| Splinter Review

Martijn Wargers (dead)

Reporter

Description

•

16 years ago

Attached file testcase — Details

See testcase, which crashes current trunk build after 1 second or so. http://crash-stats.mozilla.com/report/index/0be00035-01af-4d54-9d16-4879b2090611?p=1 0 xul.dll nsFocusManager::Focus dom/base/nsFocusManager.cpp:1407 1 xul.dll nsFocusManager::SetFocusInner dom/base/nsFocusManager.cpp:1057 2 xul.dll nsFocusManager::SetFocus dom/base/nsFocusManager.cpp:411 3 xul.dll nsGenericHTMLElement::Focus content/html/content/src/nsGenericHTMLElement.cpp:2931 4 xul.dll nsGenericHTMLElementTearoff::Focus content/html/content/src/nsGenericHTMLElement.cpp:190 5 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101 6 xul.dll XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2478 The iframe content is this: <html xmlns="http://www.w3.org/1999/xhtml"> <iframe/> <frameset onblur="window.frameElement.parentNode.removeChild(window.frameElement)"/> <script> function doe(i){ document.getElementsByTagName('*')[1].focus(); } setTimeout(doe,100); </script> </html>

Neil Deakin

Assignee

Comment 1

•

16 years ago

Attached patch add a nullcheck (obsolete) — Details — Splinter Review

Assignee: nobody → enndeakin

Status: NEW → ASSIGNED

Martijn Wargers (dead)

Reporter

Comment 2

•

16 years ago

Did you mean to ask review for the patch?

Neil Deakin

Assignee

Comment 3

•

16 years ago

Attached patch add tests — Details — Splinter Review

This also includes the patch and test for bug 497878.

Attachment #382806 - Attachment is obsolete: true

Attachment #383971 - Flags: review?(Olli.Pettay)

Olli Pettay [:smaug][bugs@pettay.fi] (vacation-ish -> Aug 1)

Updated

•

16 years ago

Attachment #383971 - Flags: superreview+

Attachment #383971 - Flags: review?(Olli.Pettay)

Attachment #383971 - Flags: review+

Neil Deakin

Assignee

Comment 4

•

16 years ago

http://hg.mozilla.org/mozilla-central/rev/a5a77c22395f

Status: ASSIGNED → RESOLVED

Closed: 16 years ago

Resolution: --- → FIXED

Martijn Wargers (dead)

Reporter

Updated

•

16 years ago

Status: RESOLVED → VERIFIED

Neil Deakin

Assignee

Updated

•

16 years ago

Flags: in-testsuite+

Serge Gautherie (:sgautherie)

Updated

•

15 years ago

Depends on: 558658

Nobody; OK to take it and work on it

Updated

•

14 years ago

Crash Signature: [@ nsFocusManager::Focus]

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Crash [@ nsFocusManager::Focus] with onblur removing window on frameset

Categories

(Core :: XUL, defect)

Tracking

()

People

(Reporter: martijn.martijn, Assigned: enndeakin)

References

Details

(Keywords: crash, regression, testcase)

Crash Data

Security

(public)

User Story

Attachments

(2 files, 1 obsolete file)

Description

Comment 1

Comment 2

Comment 3

Updated

Comment 4

Updated

Updated

Updated

Updated

Attachment

General

Description

File Name

Content Type