Closed Bug 694913 Opened 8 years ago Closed 8 years ago

crash nsIMM32Handler::OnMouseEvent

Categories

(Core :: Widget: Win32, defect, critical)

x86
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla10

People

(Reporter: alice0775, Assigned: masayuki)

References

Details

(Keywords: crash, inputmethod, Whiteboard: [inbound])

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-0e7b43a9-b7cb-4334-8f0e-0d22a2111016 .
============================================================= 

When I edit some text in textarea(Additional Comments:) of https://bugzilla.mozilla.org/show_bug.cgi?id=692153 , theb rowser crashes.

I am using http://hg.mozilla.org/releases/mozilla-beta/rev/178cfa4240b3
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0 ID:20111011182523
and ATOK 2006.

Reproducible: I can not reproduce.
s/theb rowser crashes./the browser crashes.
Component: General → Widget: Win32
Product: Firefox → Core
QA Contact: general → win32
Blocks: 492233
Ah, I'll take this.
Assignee: nobody → masayuki
Version: 8 Branch → Trunk
Status: NEW → ASSIGNED
Attached patch PatchSplinter Review
The crash is caused by EXCEPTION_INT_DIVIDE_BY_ZERO. It indicates that the width of the character under mouse cursor can be zero. But I failed to find the actual cases.

The crash was reported with MS-IME (Japanese), ATOK (Japanese) and Phenetic IME (Chinese) at least. For Chinese IME, I can guess that the cause could be to query it even when we don't draw composition string ourselves. Therefore, first, we shouldn't query the character when ShouldDrawCOmpositionStringOurselves() returns FALSE (at that time, nsTextFrame doesn't have the composition string).

However, I have no idea for Japanese IMEs. All of Japanese IMEs' composition string is drawn by us. But Japanese people usually doesn't use zero-width character...

This patch passes the mouse event as clicked at right-most of a zero-width character. This prevents the crash forcibly.

Note that the mouse event may be used for setting caret position in composition string or changing selected clause in composition string. The new behavior must not be worse behavior than crash.
Attachment #569031 - Flags: review?(roc)
Attachment #569031 - Flags: review?(VYV03354)
Attachment #569031 - Flags: review?(VYV03354) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/6e3203f7d220
Flags: in-testsuite-
Whiteboard: [inbound]
Target Milestone: --- → mozilla10
https://hg.mozilla.org/mozilla-central/rev/6e3203f7d220
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.