Closed
Bug 694913
Opened 12 years ago
Closed 12 years ago
crash nsIMM32Handler::OnMouseEvent
Categories
(Core :: Widget: Win32, defect)
Tracking
()
RESOLVED
FIXED
mozilla10
People
(Reporter: alice0775, Assigned: masayuki)
References
Details
(Keywords: crash, inputmethod, Whiteboard: [inbound])
Crash Data
Attachments
(1 file)
|
2.31 KB,
patch
|
roc
:
review+
emk
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-0e7b43a9-b7cb-4334-8f0e-0d22a2111016 . ============================================================= When I edit some text in textarea(Additional Comments:) of https://bugzilla.mozilla.org/show_bug.cgi?id=692153 , theb rowser crashes. I am using http://hg.mozilla.org/releases/mozilla-beta/rev/178cfa4240b3 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0 ID:20111011182523 and ATOK 2006. Reproducible: I can not reproduce.
|
Reporter | |
Comment 1•12 years ago
|
||
s/theb rowser crashes./the browser crashes.
|
|
Reporter | |
Updated•12 years ago
|
Component: General → Widget: Win32
Product: Firefox → Core
QA Contact: general → win32
|
Assignee | |
Comment 2•12 years ago
|
||
Ah, I'll take this.
Assignee: nobody → masayuki
Version: 8 Branch → Trunk
|
|
Assignee | |
Updated•12 years ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 3•12 years ago
|
||
The crash is caused by EXCEPTION_INT_DIVIDE_BY_ZERO. It indicates that the width of the character under mouse cursor can be zero. But I failed to find the actual cases. The crash was reported with MS-IME (Japanese), ATOK (Japanese) and Phenetic IME (Chinese) at least. For Chinese IME, I can guess that the cause could be to query it even when we don't draw composition string ourselves. Therefore, first, we shouldn't query the character when ShouldDrawCOmpositionStringOurselves() returns FALSE (at that time, nsTextFrame doesn't have the composition string). However, I have no idea for Japanese IMEs. All of Japanese IMEs' composition string is drawn by us. But Japanese people usually doesn't use zero-width character... This patch passes the mouse event as clicked at right-most of a zero-width character. This prevents the crash forcibly. Note that the mouse event may be used for setting caret position in composition string or changing selected clause in composition string. The new behavior must not be worse behavior than crash.
Attachment #569031 -
Flags: review?(roc)
Attachment #569031 -
Flags: review?(roc) → review+
|
|
Assignee | |
Updated•12 years ago
|
Attachment #569031 -
Flags: review?(VYV03354)
|
||
Updated•12 years ago
|
Attachment #569031 -
Flags: review?(VYV03354) → review+
|
|
Assignee | |
Comment 4•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/6e3203f7d220
Flags: in-testsuite-
Whiteboard: [inbound]
Target Milestone: --- → mozilla10
|
||
Comment 5•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/6e3203f7d220
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•