Closed Bug 76453 Opened 23 years ago Closed 23 years ago

crash If I hit the search button on that page.

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 76694
Milestone:
mozilla0.9.1

People

(Reporter: Matti, Assigned: rods)

References

(
URL
)

Details

(Keywords: crash, regression, top100, Whiteboard: 0.9 blocker?)

Attachments

(2 files)

complete Stack trace
142.50 KB, text/plain
Details
Testcase HTML
688 bytes, text/html
Details 
using build 20010417.. (early CVS build).

Go to the URL.
Type something in the search (suchen) field at the right top corner.
Hit "Finden" - crash

A part of the Stack:

nsXULElement::HandleDOMEvent(nsXULElement * const 0x02d5ecb8, nsIPresContext * 
0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, 
nsEventStatus * 0x00034cd0) line 3526 + 3 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x02d5c248, nsIPresContext * 
0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, 
nsEventStatus * 0x00034cd0) line 3654
nsXULElement::HandleDOMEvent(nsXULElement * const 0x02d5c480, nsIPresContext * 
0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, 
nsEventStatus * 0x00034cd0) line 3654
nsXULElement::HandleDOMEvent(nsXULElement * const 0x02d5c5e0, nsIPresContext * 
0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, 
nsEventStatus * 0x00034cd0) line 3654
nsXULElement::HandleChromeEvent(nsXULElement * const 0x02d5c5f4, nsIPresContext 
* 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, 
nsEventStatus * 0x00034cd0) line 4630 + 39 bytes
GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x0368c000, 
nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, 
unsigned int 4, nsEventStatus * 0x00034cd0) line 568
nsDocument::HandleDOMEvent(nsDocument * const 0x04b1b8d8, nsIPresContext * 
0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, 
nsEventStatus * 0x00034cd0) line 2817
nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04b18580, 
nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, 
unsigned int 4, nsEventStatus * 0x00034cd0) line 1488 + 39 bytes
nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x039a1618, 
nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, 
unsigned int 4, nsEventStatus * 0x00034cd0) line 1486
nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x03889720, 
nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, 
unsigned int 4, nsEventStatus * 0x00034cd0) line 1486
nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x037f4578, 
nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, 
unsigned int 4, nsEventStatus * 0x00034cd0) line 1486
nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x036db688, 
nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, 
unsigned int 4, nsEventStatus * 0x00034cd0) line 1486
nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x036db6f0, 
nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, 
unsigned int 4, nsEventStatus * 0x00034cd0) line 1486
nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04a72278, 
nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, 
unsigned int 4, nsEventStatus * 0x00034cd0) line 1486
nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04a725d8, 
nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, 
unsigned int 1, nsEventStatus * 0x00034cd0) line 1486
nsHTMLFormElement::HandleDOMEvent(nsHTMLFormElement * const 0x04a725d8, 
nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00000000, 
unsigned int 1, nsEventStatus * 0x00034cd0) line 426 + 29 bytes
nsHTMLFormElement::Submit(nsHTMLFormElement * const 0x04a72604) line 340 + 40 
bytes
HTMLFormElementSubmit(JSContext * 0x0368c190, JSObject * 0x03824d98, unsigned 
int 0, long * 0x039a5b90, long * 0x00034dd4) line 426 + 15 bytes
js_Invoke(JSContext * 0x0368c190, unsigned int 0, unsigned int 0) line 813 + 23 
bytes
js_Interpret(JSContext * 0x0368c190, long * 0x00035b54) line 2706 + 15 bytes
js_Invoke(JSContext * 0x0368c190, unsigned int 1, unsigned int 2) line 830 + 13 
bytes
js_InternalInvoke(JSContext * 0x0368c190, JSObject * 0x03824d98, long 59955784, 
unsigned int 0, unsigned int 1, long * 0x00035cec, long * 0x00035c7c) line 902 + 
20 bytes
JS_CallFunctionValue(JSContext * 0x0368c190, JSObject * 0x03824d98, long 
59955784, unsigned int 1, long * 0x00035cec, long * 0x00035c7c) line 3334 + 31 
bytes
nsJSContext::CallEventHandler(nsJSContext * const 0x0368c128, void * 0x03824d98, 
void * 0x0392da48, unsigned int 1, void * 0x00035cec, int * 0x00035ce8, int 0) 
line 940 + 33 bytes
nsJSEventListener::HandleEvent(nsIDOMEvent * 0x039e69dc) line 154 + 64 bytes
Attached file complete Stack trace 

    
  
Keywords: crash

    
    

    
  
Confirming using today's moz bits on Win98, but this is Form Submission, 
reassigning to component owner.
Assignee: trudelle → rods
Status: UNCONFIRMED → NEW
Component: XP Toolkit/Widgets: XUL → Form Submission
Ever confirmed: true
QA Contact: jrgm → vladimire

    
    

    
  

      
      
      
      

        Attached file
          
        Testcase HTML
      

    


  

    
    

    
  
Pls try the testcase.

You'll find that it's not Form Submission's fault.

Probably JavaScript-related.



    
    

    
  
Seeing this on Linux build 2001-04-17-08 too.

Reading the JS, here's what's happening.  The form has a onSubmit handler that
does some parsing of the data in the form and unless it fits some _very_ narrow
constraints calls form.submit()

This gets us into an infinite recursion and eventually we just blow the runtime
stack.

For an even simpler testcase, try this:

<form onsubmit="form.submit(); return false;">

So it would seem that the right thing is to prevent a form from being submitted
from its own onsubmit handler... would that make sense?

Certainly looks like form submission (or maybe event handling) to me...

What NS4.x seems to be doing is completely bypassing the onsubmit handler if
form.submit() is called inside the onsubmit handler.

OS: Windows 2000 → All

    
    

    
  
See also bug 76608
Keywords: regression

    
    

    
  
Another URL
http://pages.ebay.com/catindex/computers.html
hit search and boom.
I think this should be fixed in moz0.9 !

    
    

    
  
Matti says "go to to Ebay/Computers and hit the search button, crash".  Sounds 
like top100 to me.

Asa: 0.9 blocker?
Keywords: top100
Whiteboard: 0.9 blocker?

    
    

    
  
*** Bug 76608 has been marked as a duplicate of this bug. ***

    
    

    
  
This works fine for me on WinNT is this a Linux onloy bug?
Status: NEW → ASSIGNED

    
  
Target Milestone: --- → mozilla0.9.1

    
    

    
  
No, I use Win2k.
I see thecrash with an new build (CVS updated ~20min).
You can find me on IRC if you need some Info (Nick:Matti)

    
    

    
  

*** This bug has been marked as a duplicate of 76694 ***
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE

    
    

    
  
verifying duplicate
Status: RESOLVED → VERIFIED
Component: HTML: Form Submission → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: