Last Comment Bug 684927 - unchecked null pointer in nsMenuBarListener::KeyUp
: unchecked null pointer in nsMenuBarListener::KeyUp
Status: RESOLVED FIXED
: crash, crashreportid
Product: Core
Classification: Components
Component: XUL (show other bugs)
: 7 Branch
: x86 Windows XP
: -- normal (vote)
: mozilla9
Assigned To: Jonas Sicking (:sicking) PTO Until July 5th
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-09-06 11:04 PDT by clever
Modified: 2011-09-13 06:45 PDT (History)
5 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
the main part of the testcase (2.73 KB, application/x-xpinstall)
2011-09-07 14:09 PDT, clever
no flags Details
the trigger for the testcase (267 bytes, text/html)
2011-09-07 14:09 PDT, clever
no flags Details
Patch to fix (1.44 KB, patch)
2011-09-09 09:48 PDT, Jonas Sicking (:sicking) PTO Until July 5th
bugs: review+
Details | Diff | Review

Description clever 2011-09-06 11:04:18 PDT
https://crash-stats.mozilla.com/report/index/bp-970a6ac2-ff25-49b6-b42d-f7dcd2110905

the bug seems to be triggered by this part of the JS in my extension


 function kick_input(node,evt) {
       var ev = node.ownerDocument.createEvent('Events');
        ev.initEvent(evt,true,false);
        node.dispatchEvent(ev);
 }
kick_input(quant,'keyup');
quant being an html <input type=text>
Comment 1 Jonas Sicking (:sicking) PTO Until July 5th 2011-09-06 18:11:39 PDT
If you're sending key events you really should be using the correct interface. The fix here is going to be to no-op the implementation so you might as well not send the event.
Comment 2 clever 2011-09-06 19:52:14 PDT
yeah, ive corrected the code to use var ev = node.ownerDocument.createEvent("keyboardevent"); now
but it would still be nice for firefox to not segfault the moment an API is mis-used
just image what could happen if you just put that code on the homepage of a site, instantly block all firefox users from viewing it
Comment 3 :aceman 2011-09-07 06:05:11 PDT
Can you please make such a page (html file) having this code that crashes Firefox and attach it here?
Comment 4 clever 2011-09-07 14:09:36 PDT
Created attachment 558950 [details]
the main part of the testcase
Comment 5 clever 2011-09-07 14:09:59 PDT
Created attachment 558951 [details]
the trigger for the testcase
Comment 6 clever 2011-09-07 14:10:57 PDT
thru some testing, i found that it only occurs when the event is made from chrome code
ive attached an extension and .htm file that will reproduce the problem 100%
just install the extension and open the .htm file
Comment 7 clever 2011-09-07 14:12:11 PDT
Comment on attachment 558950 [details]
the main part of the testcase

oops, this was meant to be a .xpi
Comment 8 :aceman 2011-09-09 07:25:07 PDT
I installed the extension and visited the testcase html. No crash for me, Win XP 32bit.
Comment 9 Jonas Sicking (:sicking) PTO Until July 5th 2011-09-09 09:48:48 PDT
Created attachment 559491 [details] [diff] [review]
Patch to fix

This should fix the crash. I would be awesome if someone could figure out how to write a automated testcase for this.
Comment 10 clever 2011-09-09 15:34:59 PDT
aceman, did you try testing it on the nightly or beta channel?
i havent checked nightly at all yet, but have seen it on beta channel in 2 computers
Comment 11 :aceman 2011-09-10 09:48:14 PDT
NO, I did it on FF6.0.2. But it seems Jonas can already see it.
Comment 12 :Ehsan Akhgari (busy, don't ask for review please) 2011-09-12 11:03:30 PDT
http://hg.mozilla.org/integration/mozilla-inbound/rev/e60a0b9fe93c

(In reply to Jonas Sicking (:sicking) from comment #9)
> Created attachment 559491 [details] [diff] [review]
> Patch to fix
> 
> This should fix the crash. I would be awesome if someone could figure out
> how to write a automated testcase for this.

Couldn't you convert the test case attached to the bug to a chrome mochitest of some sort?
Comment 13 Matt Brubeck (:mbrubeck) 2011-09-13 06:45:23 PDT
https://hg.mozilla.org/mozilla-central/rev/e60a0b9fe93c

Note You need to log in before you can comment on or make changes to this bug.