Closed
Bug 76715
Opened 23 years ago
Closed 23 years ago
crash activating window
Categories
(Core :: DOM: Core & HTML, defect, P1)
Tracking
()
VERIFIED
FIXED
mozilla0.9
People
(Reporter: waterson, Assigned: waterson)
References
Details
(Keywords: crash, regression, Whiteboard: critical for 0.9)
Attachments
(1 file)
714 bytes,
patch
|
Details | Diff | Splinter Review |
SUMMARY Browser crashes activating a window (e.g., via ALT+TAB). To reproduce. 1. Start mozilla and open two browser windows. 2. In window #1, go to http://bugzilla.mozilla.org/enter_bug.cgi and set focus to an entryfield. 3. In window #2, go to www.m-w.com, and look up a word, say ``star-chamber''. 4. Return to window #1. 5. Return to window #2. Result: crash. Seen in 2001-04-19 builds. Hyatt says this a regression from a fix that he put in for google.com or something.
Assignee | ||
Updated•23 years ago
|
Target Milestone: --- → mozilla0.9
Assignee | ||
Comment 1•23 years ago
|
||
Comment 2•23 years ago
|
||
I think this is related to something I saw on the XPCDOM branch (due to other reasons tho), the presshell destructor tears itself down in the wrong order IMO, on the branch, the presshell is torn down while the content nodes still know their document and thus tearing down the frame hierarchy caused focus events to be fired and the content nodes ended up finding deleted frames through the presshell that was being torn down. Here's what I did to fix a crasher on the branch: Index: layout/html/base/src/nsPresShell.cpp =================================================================== RCS file: /cvsroot/mozilla/layout/html/base/src/nsPresShell.cpp,v retrieving revision 3.381 retrieving revision 3.381.2.1 diff -u -r3.381 -r3.381.2.1 --- nsPresShell.cpp 2001/03/27 23:59:56 3.381 +++ nsPresShell.cpp 2001/04/19 06:16:34 3.381.2.1 @@ -1403,14 +1403,17 @@ mViewManager = nsnull; } + // This shell must be removed from the document before the frame + // hierarchy is torn down to avoid finding releted frames through + // this presshell while the frames are being torn down + if (mDocument) { + mDocument->DeleteShell(this); + } + // Destroy the frame manager. This will destroy the frame hierarchy if (mFrameManager) { mFrameManager->Destroy(); NS_RELEASE(mFrameManager); - } - - if (mDocument) { - mDocument->DeleteShell(this); } // We hold a reference to the pres context, and it holds a weak link back Would this change fix this crasher too? (I don't see a stacktrace so I can't say for sure.) If not, don't we need to make your change in a bunch of places, like nsHTMLSelectElement, nsHTMLTextAreaElement, ...?
Comment 3•23 years ago
|
||
s/releted/deleted/
Assignee | ||
Comment 4•23 years ago
|
||
Not sure, but we should get this in. hyatt, could you slam dunk this? I am now officially in meeting hell.
Assignee: waterson → hyatt
Comment 5•23 years ago
|
||
r/sr=jst for Chris's fix.
Comment 6•23 years ago
|
||
[s]r=hyatt
Comment 9•23 years ago
|
||
a=asa (on behalf of drivers) for checkin to 0.9
Assignee | ||
Comment 10•23 years ago
|
||
Fix checked in, but I incorrectly marked it as for bug 75591. :-(
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 11•23 years ago
|
||
*** Bug 76598 has been marked as a duplicate of this bug. ***
Comment 12•23 years ago
|
||
verified fixed for win32 2001-05-08 build. Need to verify for Mac and Linux, or is this a Win32 fix only?
Updated•23 years ago
|
QA Contact: lchiang → stummala
Comment 13•23 years ago
|
||
verified on mac and linux. does not crash. adding the vtrunk keyword
Keywords: vtrunk
Updated•14 years ago
|
Component: DOM: Abstract Schemas → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•