Closed
Bug 506838
Opened 15 years ago
Closed 15 years ago
Crash bug when moving mouse between fields [@AllowedToAct(JSContext*, int) ]
Categories
(Core :: XPConnect, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: sroussey, Assigned: mrbkap)
References
()
Details
(Keywords: crash, regression, verified1.9.1, Whiteboard: [sg:investigate])
Crash Data
Attachments
(1 file)
1.92 KB,
patch
|
jst
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (.NET CLR 3.5.30729)
Fx crashes when moving mouse between fields. The file is an example that is an attachment to another bug report I am interested in, though I think this crashing is unrelated.
Reproducible: Always
Steps to Reproduce:
1. go to https://bug418280.bugzilla.mozilla.org/attachment.cgi?id=304082
2. Move the mouse between fields quickly
Actual Results:
Crash
Expected Results:
No crash
If you install and activate firebug to receive the console.log calls, it does not crash.
Reporter | ||
Updated•15 years ago
|
OS: Windows NT → Windows 7
Comment 1•15 years ago
|
||
bp-119f6969-6019-4697-812b-e53e12090727
Signature AllowedToAct(JSContext*, int)
UUID 119f6969-6019-4697-812b-e53e12090727
Time 2009-07-27 20:32:58.513851
Uptime 27
Last Crash 34 seconds before submission
Product Firefox
Version 3.5.1
Build ID 20090715094852
Branch 1.9.1
OS Windows NT
OS Version 5.1.2600 Service Pack 2
CPU x86
CPU Info GenuineIntel family 15 model 2 stepping 9
Crash Reason EXCEPTION_ACCESS_VIOLATION
Crash Address 0x20
User Comments
Processor Notes
0 xul.dll AllowedToAct js/src/xpconnect/src/XPCSystemOnlyWrapper.cpp:205
1 xul.dll XPC_SOW_toString js/src/xpconnect/src/XPCSystemOnlyWrapper.cpp:669
2 js3250.dll js_Invoke js/src/jsinterp.cpp:1386
3 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1447
4 js3250.dll js_TryMethod js/src/jsobj.cpp:5517
5 js3250.dll js_DefaultValue js/src/jsobj.cpp:4742
6 js3250.dll js_ValueToString js/src/jsstr.cpp:2966
7 js3250.dll js_ReportUncaughtException js/src/jsexn.cpp:1263
8 js3250.dll js3250.dll@0x83a03
9 xul.dll nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:247
10 xul.dll nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1098
11 xul.dll nsEventListenerManager::HandleEvent content/events/src/nsEventListenerManager.cpp:1206
12 xul.dll nsEventTargetChainItem::HandleEvent content/events/src/nsEventDispatcher.cpp:236
13 xul.dll nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:300
14 xul.dll nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:514
15 xul.dll nsEventStateManager::DispatchMouseEvent content/events/src/nsEventStateManager.cpp:3697
16 xul.dll xul.dll@0x2e3c47
17 xul.dll nsEventStateManager::NotifyMouseOver content/events/src/nsEventStateManager.cpp:3810
18 xul.dll nsEventStateManager::GenerateMouseEnterExit content/events/src/nsEventStateManager.cpp:3851
19 xul.dll nsEventStateManager::PreHandleEvent content/events/src/nsEventStateManager.cpp:999
20 xul.dll PresShell::HandleEventInternal layout/base/nsPresShell.cpp:6307
21 xul.dll PresShell::HandlePositionedEvent layout/base/nsPresShell.cpp:6205
22 xul.dll PresShell::HandleEvent layout/base/nsPresShell.cpp:6065
23 xul.dll nsViewManager::HandleEvent view/src/nsViewManager.cpp:1400
24 xul.dll nsViewManager::DispatchEvent view/src/nsViewManager.cpp:1359
25 xul.dll HandleEvent view/src/nsView.cpp:168
26 xul.dll nsWindow::DispatchEvent widget/src/windows/nsWindow.cpp:1051
27 nssutil3.dll nssutil3.dll@0x1bb
28 xul.dll nsWindow::DispatchMouseEvent widget/src/windows/nsWindow.cpp:6605
29 xul.dll ChildWindow::DispatchMouseEvent widget/src/windows/nsWindow.cpp:6752
30 xul.dll nsWindow::ProcessMessage widget/src/windows/nsWindow.cpp:4618
31 xul.dll nsWindow::WindowProc widget/src/windows/nsWindow.cpp:1267
32 user32.dll InternalCallWinProc
33 user32.dll UserCallWinProcCheckWow
34 user32.dll DispatchMessageWorker
35 user32.dll DispatchMessageW
36 xul.dll nsAppShell::ProcessNextNativeEvent widget/src/windows/nsAppShell.cpp:165
37 winmm.dll timeGetTime
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
OS: Windows 7 → Windows XP
Summary: Crash bug when moving mouse between fields → Crash bug when moving mouse between fields [@AllowedToAct(JSContext*, int) ]
Comment 3•15 years ago
|
||
regression range:
http://hg.mozilla.org/releases/mozilla-1.9.1/pushloghtml?fromchange=c11e41845954&tochange=5b61f163f2fd
Keywords: regression,
regressionwindow-wanted
Comment 4•15 years ago
|
||
CCing mrbkap/smaug/John by Bug 418280 comment 10.
Component: General → XPConnect
Keywords: regressionwindow-wanted
Product: Firefox → Core
QA Contact: general → xpconnect
Version: 3.5 Branch → 1.9.1 Branch
Updated•15 years ago
|
blocking1.9.1: --- → ?
Updated•15 years ago
|
Group: core-security
Comment 5•15 years ago
|
||
fwiw, on 1.8.1/1.9.0 branch and MC there are just uncaught exceptions listed in error console output:
Error: uncaught exception: null
Error: uncaught exception: [object HTMLBodyElement]
Error: uncaught exception: [object HTMLInputElement]
Error: uncaught exception: [object HTMLHtmlElement]
and i failed finding a MC build that crashes which is weird.
Assignee | ||
Updated•15 years ago
|
Assignee: nobody → mrbkap
Reporter | ||
Comment 6•15 years ago
|
||
As they are related, it would be awesome to close these as part of the fix:
https://bugzilla.mozilla.org/show_bug.cgi?id=418280
https://bugzilla.mozilla.org/show_bug.cgi?id=101197
https://bugzilla.mozilla.org/show_bug.cgi?id=208427
#208427 is the bug that jquery, extjs, dojo, mootools, etc reference, though that bug is technically about originalTarget not relatedTarget. It would have been better to reference #101197 from 2001. #418280 is more specific about the input element rather than the textarea, and gave the example I used as the test case for the crashing bug in Fx 3.5.x. At any rate, user JS code should not get the internal anonymous div in relatedTarget as that causes a permissions exception on accessing chrome objects when this crashing bug gets fixed.
Thanks,
Steven Roussey
Assignee | ||
Comment 7•15 years ago
|
||
GetCxSubjectPrincipalAndFrame returns a non-scripted frame if there is only a native frame running but we got the principal off of the context's global object. So we have to deal with that.
Attachment #393060 -
Flags: superreview?(jst)
Attachment #393060 -
Flags: review?(jst)
Comment 8•15 years ago
|
||
Which bug regressed this? Is this needed on the 1.9.0 branch also?
Comment 9•15 years ago
|
||
smaller regression range:
http://hg.mozilla.org/releases/mozilla-1.9.1/pushloghtml?fromchange=84d3c65a9680&tochange=b96cdb8210fe
Updated•15 years ago
|
Attachment #393060 -
Flags: superreview?(jst)
Attachment #393060 -
Flags: superreview+
Attachment #393060 -
Flags: review?(jst)
Attachment #393060 -
Flags: review+
Comment 10•15 years ago
|
||
Blake: Where are we on getting this landed on m-c? Code freeze for 1.9.1.3 is tomorrow at midnight. Also, please answer Dan's comment 8.
Assignee | ||
Comment 11•15 years ago
|
||
Assignee | ||
Comment 12•15 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/606e25f1066e (the second hunk wasn't needed.)
Assignee | ||
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Comment 13•15 years ago
|
||
Verified fixed for 1.9.1 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3pre) Gecko/20090817 Shiretoko/3.5.3pre (.NET CLR 3.5.30729). No longer crashes as it does with 1.9.1.2 with testcase.
Status: RESOLVED → VERIFIED
Keywords: verified1.9.1
Comment 14•15 years ago
|
||
regression from bug 475864 which isn't going to land on the 1.9.0 branch.
Flags: wanted1.9.0.x? → wanted1.9.0.x-
Whiteboard: [sg:investigate]
Updated•15 years ago
|
Group: core-security
Updated•13 years ago
|
Crash Signature: [@AllowedToAct(JSContext*, int) ]
You need to log in
before you can comment on or make changes to this bug.
Description
•