Closed Bug 61753 Opened 24 years ago Closed 23 years ago

Clicking on 'Back' button (2nd time) from this page crashes the browser

Categories

(Core Graveyard :: Java: OJI, defect, P2)

Product:
Core Graveyard
Component:
Java: OJI
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED WORKSFORME

People

(Reporter: rpallath, Assigned: joe.chou)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: suntrak-n6-highp oji-working)

The above URL can be accessed from within SUN. Not sure what the external link to acess the same is. Load the Above URL. Click on the UML link (search for UML on that page). It will load a page with 2 frames, left has an applet and right side displays contents of selected item from left hand side. Double click on "Project Properties" It will update the Right hand side. Click on "Browser Back" button Wait.. ( a couple of seconds) Click again on Back button. Browser crashes. Tried this with FCs bits (11/30) on Solaris sparc 2.7/2.8 Also crashes with FCs bits on WinNT v4.0 with SP5. NOTe: I have not granted "AllPermissions" in my .java.policy file.
Update Status Whiteboard and changed priority from P3 to P2.
Priority: P3 → P2
Whiteboard: suntrak-n6-highp
Keywords: crash
Joe, can you take a look at this one?
Assignee: edburns → joe.chou
Problem reproduced. Saw Java Script errors. Zooming in to problem area.
Status: NEW → ASSIGNED
Whiteboard: suntrak-n6-highp → suntrak-n6-highp oji-working
It seems to me that this crash is caused by the fix of 53849, since the crashed spot is in the added code of 53849: RCS file: /cvsroot/mozilla/modules/oji/src/nsCSecurityContext.cpp,v ... + if( !m_pPrincipal ) + { + if (NS_FAILED(secMan->GetSubjectPrincipal(&m_pPrincipal))) + // return NS_ERROR_FAILURE; + ; // Don't return here because the security manager returns + // NS_ERROR_FAILURE when there is no subject principal. In + // that case we are not done. + + if(!m_pPrincipal && m_pJSCX ) + { + JSPrincipals *jsprin = nsnull; + + nsCOMPtr<nsIScriptContext> scriptContext = (nsIScriptContext*)JS_GetContextPrivate(m_pJSCX); !!! crashed line !!! ... The last line was where the browser crashed (see core stack below). If I changed the code that if get principal of security manager fails then return error, instead of trying to get it form JSCX, the browser no longer crashed, but saw other strange behavior (i.e., could not return to the right page, etc.) if I ketp playing with the Back button on the site: ... if( !m_pPrincipal ) { if (NS_FAILED(secMan->GetSubjectPrincipal(&m_pPrincipal))) return NS_ERROR_FAILURE; } ... Re-assign to Jeff Dyer, who fixed 53849. Core stack: #0 0xfc85c9bc in nsCOMPtr<nsIScriptContext>::nsCOMPtr (this=0xffbebb70, aRawPtr=0x62d78) at ../../../dist/include/nsCOMPtr.h:533 #1 0xfc8432d8 in nsCSecurityContext::GetOrigin (this=0x6d8990, buf=0xffbebc18 "", buflen=256) at nsCSecurityContext.cpp:129 ... (full stack available upon request)
Assignee: joe.chou → jeff.dyer
Status: ASSIGNED → NEW
*** Bug 66324 has been marked as a duplicate of this bug. ***
I was wanting to know if this bug will get fixed in mozilla0.9 release. I have a customer(who reported bug 66324)whose product CANNOT work without this bug getting fixed.
added avm to CC list
Reassigning to Joe
Assignee: jeff.dyer → joe.chou
This bug was seen to happen on MOZ nightly build on wind NT 4.0 platform: 2001041704. Updating this bug to all platforms and OS.
Changing the O/S to All per latest comment from our QA team.
OS: Solaris → All
This bug still remains in Netscape 6.1PR1. Stability issue. I could crash the browser on a Win2k box in a couple of minutes. Here's the test case: To crash the browser: 1) load Netscape6Frames.html. 2) Wait for a small delay (parsing the DOM etc). 3) Click in one or both windows of the browser body and confirm Liveconnect has functioned. The click event is printed to the Java console. 4) Reload the page couple of times using the reload button of the browser. Simple.java _________________________________________________ import java.applet.*; import netscape.javascript.JSObject; public class Simple extends Applet { public void handleEvent(Object event) { System.out.println("Handle event called "+event+" "+event.getClass().getName()); } } _________________________________________________ </pre><html> <BODY> <script> function ss(e) { document.Simple.handleEvent(e); } document.onclick=ss; </script> <APPLET name="Simple" code="Simple.class" width="100" height="50" MAYSCRIPT> </applet> </BODY> </html><pre> _________________________________________________ Netscape6Frames.html _________________________________________________ </pre><html> <frameset cols="50%,*"> <frame src="http://localhost/Netscape6.html" frameborder=1 target="_self"> <frame src="http://localhost/Netscape6.html" target="_self"> </frameset> </html><pre> _________________________________________________ Customer wants to know what version of Netscape 6/Mozilla will include the fixes for this problem? Its been around for quite some time....:-(
Assign to myself.
Status: NEW → ASSIGNED
SPAM: reassigning all OJI bugs to new OJI QA, pmac ( 227 bugs)
QA Contact: shrir → pmac
Tried the test case (provided by Manish) with mozilla 092 and 094 and JRE1.4 beta 3, and it seemed working now. The bug must have been fixed by a few liveconnect fixes submitted in JRE 1.4 beta 3. Mark WORKSFORME.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
QA Contact: pmac → petersen
Tested with Test case provided by Manish on latest trunk build. Works fine. Used JRE 1.4.1_02. Marking verified.
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.