Closed Bug 76453 Opened 24 years ago Closed 24 years ago

crash If I hit the search button on that page.

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 76694
Milestone:
mozilla0.9.1

People

(Reporter: Matti, Assigned: rods)

References

(
URL
)

Details

(Keywords: crash, regression, top100, Whiteboard: 0.9 blocker?)

Attachments

(2 files)

complete Stack trace
142.50 KB, text/plain
Details
Testcase HTML
688 bytes, text/html
Details
using build 20010417.. (early CVS build). Go to the URL. Type something in the search (suchen) field at the right top corner. Hit "Finden" - crash A part of the Stack: nsXULElement::HandleDOMEvent(nsXULElement * const 0x02d5ecb8, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 3526 + 3 bytes nsXULElement::HandleDOMEvent(nsXULElement * const 0x02d5c248, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 3654 nsXULElement::HandleDOMEvent(nsXULElement * const 0x02d5c480, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 3654 nsXULElement::HandleDOMEvent(nsXULElement * const 0x02d5c5e0, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 3654 nsXULElement::HandleChromeEvent(nsXULElement * const 0x02d5c5f4, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 4630 + 39 bytes GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x0368c000, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 568 nsDocument::HandleDOMEvent(nsDocument * const 0x04b1b8d8, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 2817 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04b18580, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 1488 + 39 bytes nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x039a1618, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 1486 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x03889720, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 1486 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x037f4578, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 1486 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x036db688, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 1486 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x036db6f0, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 1486 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04a72278, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 4, nsEventStatus * 0x00034cd0) line 1486 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x04a725d8, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00034c10, unsigned int 1, nsEventStatus * 0x00034cd0) line 1486 nsHTMLFormElement::HandleDOMEvent(nsHTMLFormElement * const 0x04a725d8, nsIPresContext * 0x03773008, nsEvent * 0x00034ca4, nsIDOMEvent * * 0x00000000, unsigned int 1, nsEventStatus * 0x00034cd0) line 426 + 29 bytes nsHTMLFormElement::Submit(nsHTMLFormElement * const 0x04a72604) line 340 + 40 bytes HTMLFormElementSubmit(JSContext * 0x0368c190, JSObject * 0x03824d98, unsigned int 0, long * 0x039a5b90, long * 0x00034dd4) line 426 + 15 bytes js_Invoke(JSContext * 0x0368c190, unsigned int 0, unsigned int 0) line 813 + 23 bytes js_Interpret(JSContext * 0x0368c190, long * 0x00035b54) line 2706 + 15 bytes js_Invoke(JSContext * 0x0368c190, unsigned int 1, unsigned int 2) line 830 + 13 bytes js_InternalInvoke(JSContext * 0x0368c190, JSObject * 0x03824d98, long 59955784, unsigned int 0, unsigned int 1, long * 0x00035cec, long * 0x00035c7c) line 902 + 20 bytes JS_CallFunctionValue(JSContext * 0x0368c190, JSObject * 0x03824d98, long 59955784, unsigned int 1, long * 0x00035cec, long * 0x00035c7c) line 3334 + 31 bytes nsJSContext::CallEventHandler(nsJSContext * const 0x0368c128, void * 0x03824d98, void * 0x0392da48, unsigned int 1, void * 0x00035cec, int * 0x00035ce8, int 0) line 940 + 33 bytes nsJSEventListener::HandleEvent(nsIDOMEvent * 0x039e69dc) line 154 + 64 bytes
Attached file complete Stack trace
Keywords: crash
Confirming using today's moz bits on Win98, but this is Form Submission, reassigning to component owner.
Assignee: trudelle → rods
Status: UNCONFIRMED → NEW
Component: XP Toolkit/Widgets: XUL → Form Submission
Ever confirmed: true
QA Contact: jrgm → vladimire
Attached file Testcase HTML
Pls try the testcase. You'll find that it's not Form Submission's fault. Probably JavaScript-related.
Seeing this on Linux build 2001-04-17-08 too. Reading the JS, here's what's happening. The form has a onSubmit handler that does some parsing of the data in the form and unless it fits some _very_ narrow constraints calls form.submit() This gets us into an infinite recursion and eventually we just blow the runtime stack. For an even simpler testcase, try this: <form onsubmit="form.submit(); return false;"> So it would seem that the right thing is to prevent a form from being submitted from its own onsubmit handler... would that make sense? Certainly looks like form submission (or maybe event handling) to me... What NS4.x seems to be doing is completely bypassing the onsubmit handler if form.submit() is called inside the onsubmit handler.
OS: Windows 2000 → All
See also bug 76608
Keywords: regression
Another URL http://pages.ebay.com/catindex/computers.html hit search and boom. I think this should be fixed in moz0.9 !
Matti says "go to to Ebay/Computers and hit the search button, crash". Sounds like top100 to me. Asa: 0.9 blocker?
Keywords: top100
Whiteboard: 0.9 blocker?
*** Bug 76608 has been marked as a duplicate of this bug. ***
This works fine for me on WinNT is this a Linux onloy bug?
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.1
No, I use Win2k. I see thecrash with an new build (CVS updated ~20min). You can find me on IRC if you need some Info (Nick:Matti)
*** This bug has been marked as a duplicate of 76694 ***
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
verifying duplicate
Status: RESOLVED → VERIFIED
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: