Closed
Bug 63930
Opened 24 years ago
Closed 23 years ago
crash when using a DOM function as a first-class function
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
VERIFIED
FIXED
Future
People
(Reporter: jacobs, Assigned: jst)
References
()
Details
(Keywords: crash, dom0, Whiteboard: [XPCDOM])
Attachments
(2 files)
Assignments from a DOM-provided function to a JavaScript variable are not working correctly. This is likely a bug in the type conversion between a "native method" and a JavaScript Function object. e.g.: var c = document.createElement // this runs without error c('H1') // however, this explodes Reproducible: Always Steps to Reproduce: 1a. Load http://penguin.theopalgroup.com/~jacobs/crash.html or 1b. Or use the script fragment in the description Actual Results: Kaboom. Mozilla terminates with extreme prejudice. Expected Results: Mozilla should have continued, since the code as presented should effectively be a NO-OP. These kinds of assignments work with other "native" ECMAscript objects. I would suggest testing this with any other function type conversion/bindings. Note, that I classify this bug as critical, though many will never see it and there are viable workarounds. Nevertheless, it is a fundamental problem with Javascript DOM support. Its also most likely an easy fix and should not get lost between the cracks.
Comment 1•24 years ago
|
||
Confirming on WinNT and Linux; changing OS to "All". Using on WinNT: debug build 2000-12-09 (the only one that DOESN'T crash !!!) nightly 2000120905 (crashes) nightly 2000122105 (crashes) Using on Linux: debug build 2000-12-09 (crashes) nightly 2000122108 (crashes) Steps to reproduce: 1. Bring up Mozilla 2. In the URL bar, type this and hit enter: javascript: var c = document.createElement; c('H1'); 3. CRASH Here is a searchable stack trace summary; will attach details below - (gdb) bt #0 0x4013b702 in nsQueryInterface::operator() () at nsCOMPtr.cpp:32 #1 0x4060106c in nsCOMPtr<nsIScriptObjectOwner>::assign_from_helper () at ../../../dist/include/nsCOMPtr.h:932 #2 0x40602589 in nsCOMPtr<nsIScriptObjectOwner>::nsCOMPtr () at ../../../dist/include/nsCOMPtr.h:563 #3 0x4057fb37 in nsJSUtils::nsConvertObjectToJSVal () at nsJSUtils.cpp:214 #4 0x40592d95 in DocumentCreateElement () at nsJSDocument.cpp:409 #5 0x401f8934 in js_Invoke () at jsinterp.c:790 #6 0x4020e2e7 in js_Interpret () at jsinterp.c:2613 #7 0x401f8f20 in js_Execute () at jsinterp.c:962 #8 0x401c7861 in JS_EvaluateUCScriptForPrincipals () at jsapi.c:3203 #9 0x4054bf32 in nsJSContext::EvaluateString () at nsJSEnvironment.cpp:603 #10 0x4231bbb2 in nsEvaluateStringProxy::EvaluateString () at nsJSProtocolHandler.cpp:167 #11 0x4014be95 in XPTC_InvokeByIndex () at xptcinvoke_unixish_x86.cpp:134 #12 0x40131f80 in EventHandler () at nsProxyEvent.cpp:510 #13 0x4012a94e in PL_HandleEvent () at plevent.c:576 #14 0x4012a76c in PL_ProcessPendingEvents () at plevent.c:509 #15 0x4012c609 in nsEventQueueImpl::ProcessPendingEvents () at nsEventQueue.cpp:356 #16 0x407f1cd4 in event_processor_callback () at nsAppShell.cpp:158 #17 0x407f190f in our_gdk_io_invoke () at nsAppShell.cpp:58 #18 0x409b952a in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0 #19 0x409babe6 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0 #20 0x409bb1a1 in g_main_iterate () from /usr/lib/libglib-1.2.so.0 #21 0x409bb341 in g_main_run () from /usr/lib/libglib-1.2.so.0 #22 0x408e5209 in gtk_main () from /usr/lib/libgtk-1.2.so.0 #23 0x407f23ca in nsAppShell::Run () at nsAppShell.cpp:350 #24 0x40774064 in nsAppShellService::Run () at nsAppShellService.cpp:407 #25 0x80565c5 in main1 () at nsAppRunner.cpp:1016 #26 0x8056f6a in main () at nsAppRunner.cpp:1260 I believe this is a DOM issue, not JS Engine; reassigning to DOM Level 0 -
Assignee: rogerl → jst
Status: UNCONFIRMED → NEW
Component: Javascript Engine → DOM Level 0
Ever confirmed: true
OS: Windows 2000 → All
QA Contact: pschwartau → desale
Comment 2•24 years ago
|
||
Comment 3•24 years ago
|
||
I am seeing no problem in the JS shell: js> var c = String; js> c('Hi'); Hi js> var c = Date; js> c(0); Fri Dec 29 14:38:21 GMT-0800 (Pacific Standard Time) 2000 js> var d = new c; js> d; Fri Dec 29 14:38:55 GMT-0800 (Pacific Standard Time) 2000
Assignee | ||
Comment 4•24 years ago
|
||
This will most likely be fixed when the DOM uses XPConnect (eta mozilla0.9) but since I won't be working on this bug specifically I'll mark this as Future to keep this off my bug radar.
Hardware: PC → All
Target Milestone: --- → Future
Assignee | ||
Updated•24 years ago
|
Whiteboard: [XPCDOM]
Assignee | ||
Comment 8•23 years ago
|
||
This crash is fixed on the XPCDOM branch, but using DOM (or any XPConnect function) as an unbound function won't work in mozilla, but it won't crash any more.
Comment 9•23 years ago
|
||
Will the following work in the XPConnectDOM branch: document.gtbid = document.getElementById; document.gtbid('elementId'); ?? Or is that also not supported?
Assignee | ||
Comment 10•23 years ago
|
||
document.gtbid = document.getElementById; document.gtbid('elementId'); will work, but: window.gtbid = document.getElementById; window.gtbid('elementId'); will not.
Assignee | ||
Comment 11•23 years ago
|
||
Fixed by the XPCDOM landing, we no longer crash, and my above comment still applies.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 13•23 years ago
|
||
*** Bug 84953 has been marked as a duplicate of this bug. ***
Comment 14•12 years ago
|
||
Reduced testcase demonstrating the bug.
Comment 15•12 years ago
|
||
This is happening again. I have tested it in: - version 10 on linux x86 - version 15 on Windows 7 x64 - nightly 18.0a1 (2012-09-12) on linux x86
Comment 16•12 years ago
|
||
(In reply to Markyys from comment #15) > This is happening again. I have tested it in: > - version 10 on linux x86 > - version 15 on Windows 7 x64 > - nightly 18.0a1 (2012-09-12) on linux x86 This bug has long been fixed. If you're experiencing the same issue again, chances are it is not the same bug, but a different bug with the same symptoms. Please file a new bug for it.
You need to log in
before you can comment on or make changes to this bug.
Description
•