Closed
Bug 61753
Opened 24 years ago
Closed 23 years ago
Clicking on 'Back' button (2nd time) from this page crashes the browser
Categories
(Core Graveyard :: Java: OJI, defect, P2)
Core Graveyard
Java: OJI
Tracking
(Not tracked)
VERIFIED
WORKSFORME
People
(Reporter: rpallath, Assigned: joe.chou)
References
()
Details
(Keywords: crash, Whiteboard: suntrak-n6-highp oji-working)
The above URL can be accessed from within SUN.
Not sure what the external link to acess the same is.
Load the Above URL.
Click on the UML link (search for UML on that page).
It will load a page with 2 frames, left has an applet and right side displays
contents of selected item from left hand side.
Double click on "Project Properties"
It will update the Right hand side.
Click on "Browser Back" button
Wait.. ( a couple of seconds)
Click again on Back button.
Browser crashes.
Tried this with FCs bits (11/30) on Solaris sparc 2.7/2.8
Also crashes with FCs bits on WinNT v4.0 with SP5.
NOTe: I have not granted "AllPermissions" in my .java.policy file.
Update Status Whiteboard and changed priority from P3 to P2.
Priority: P3 → P2
Whiteboard: suntrak-n6-highp
Problem reproduced. Saw Java Script errors. Zooming in to problem area.
Status: NEW → ASSIGNED
Whiteboard: suntrak-n6-highp → suntrak-n6-highp oji-working
It seems to me that this crash is caused by the fix of 53849, since the crashed
spot is in the added code of 53849:
RCS file: /cvsroot/mozilla/modules/oji/src/nsCSecurityContext.cpp,v
...
+ if( !m_pPrincipal )
+ {
+ if (NS_FAILED(secMan->GetSubjectPrincipal(&m_pPrincipal)))
+ // return NS_ERROR_FAILURE;
+ ; // Don't return here because the security manager returns
+ // NS_ERROR_FAILURE when there is no subject principal. In
+ // that case we are not done.
+
+ if(!m_pPrincipal && m_pJSCX )
+ {
+ JSPrincipals *jsprin = nsnull;
+
+ nsCOMPtr<nsIScriptContext> scriptContext =
(nsIScriptContext*)JS_GetContextPrivate(m_pJSCX); !!! crashed line !!!
...
The last line was where the browser crashed (see core stack below).
If I changed the code that if get principal of security manager fails then
return error, instead of trying to get it form JSCX, the browser no longer
crashed, but saw other strange behavior (i.e., could not return to the right
page, etc.) if I ketp playing with the Back button on the site:
...
if( !m_pPrincipal ) {
if (NS_FAILED(secMan->GetSubjectPrincipal(&m_pPrincipal)))
return NS_ERROR_FAILURE;
}
...
Re-assign to Jeff Dyer, who fixed 53849.
Core stack:
#0 0xfc85c9bc in nsCOMPtr<nsIScriptContext>::nsCOMPtr (this=0xffbebb70,
aRawPtr=0x62d78) at ../../../dist/include/nsCOMPtr.h:533
#1 0xfc8432d8 in nsCSecurityContext::GetOrigin (this=0x6d8990,
buf=0xffbebc18 "", buflen=256) at nsCSecurityContext.cpp:129
...
(full stack available upon request)
Assignee: joe.chou → jeff.dyer
Status: ASSIGNED → NEW
*** Bug 66324 has been marked as a duplicate of this bug. ***
Comment 6•24 years ago
|
||
I was wanting to know if this bug will get fixed in mozilla0.9 release. I have a
customer(who reported bug 66324)whose product CANNOT work without this bug
getting fixed.
Comment 9•24 years ago
|
||
This bug was seen to happen on MOZ nightly build on wind NT 4.0 platform:
2001041704. Updating this bug to all platforms and OS.
Comment 10•24 years ago
|
||
Changing the O/S to All per latest comment from our QA team.
OS: Solaris → All
Comment 11•23 years ago
|
||
This bug still remains in Netscape 6.1PR1. Stability issue. I could crash the
browser on a Win2k box in a couple of minutes. Here's the test case:
To crash the browser:
1) load Netscape6Frames.html.
2) Wait for a small delay (parsing the DOM etc).
3) Click in one or both windows of the browser body and confirm Liveconnect has
functioned. The click event is printed to the Java console.
4) Reload the page couple of times using the reload button of the
browser.
Simple.java
_________________________________________________
import java.applet.*;
import netscape.javascript.JSObject;
public class Simple extends Applet
{
public void handleEvent(Object event)
{
System.out.println("Handle event
called "+event+" "+event.getClass().getName());
}
}
_________________________________________________
</pre><html>
<BODY>
<script>
function ss(e)
{
document.Simple.handleEvent(e);
}
document.onclick=ss;
</script>
<APPLET name="Simple" code="Simple.class"
width="100" height="50" MAYSCRIPT>
</applet>
</BODY>
</html><pre>
_________________________________________________
Netscape6Frames.html
_________________________________________________
</pre><html>
<frameset cols="50%,*">
<frame src="http://localhost/Netscape6.html"
frameborder=1 target="_self">
<frame src="http://localhost/Netscape6.html"
target="_self">
</frameset>
</html><pre>
_________________________________________________
Customer wants to know what version of Netscape 6/Mozilla will include the fixes
for this problem? Its been around for quite some time....:-(
Comment 13•23 years ago
|
||
SPAM: reassigning all OJI bugs to new OJI QA, pmac ( 227 bugs)
QA Contact: shrir → pmac
Assignee | ||
Comment 14•23 years ago
|
||
Tried the test case (provided by Manish) with mozilla 092 and 094 and JRE1.4
beta 3, and it seemed working now. The bug must have been fixed by a few
liveconnect fixes submitted in JRE 1.4 beta 3. Mark WORKSFORME.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
Comment 15•22 years ago
|
||
Tested with Test case provided by Manish on latest trunk build. Works fine. Used
JRE 1.4.1_02.
Marking verified.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•