Closed
Bug 82926
Opened 23 years ago
Closed 23 years ago
[PATCH] crash [@ gklayout::NS_NewFrameManager]
Categories
(Core :: Layout, defect)
Tracking
()
VERIFIED
FIXED
mozilla0.9.2
People
(Reporter: hharris, Assigned: attinasi)
References
()
Details
(Keywords: crash, regression)
Crash Data
Attachments
(4 files)
From Bugzilla Helper: User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:0.9+) Gecko/20010525 BuildID: 2001052506 JavaScript popup window remains blank for a few seconds and then browser crashes, leaving following in popuplog.os2 05-27-2001 10:16:09 SYS3175 PID 001b TID 0001 Slot 0052 D:\WARPZILLA\BIN\MOZILLA.EXE c0000005 00000000 P1=00000001 P2=00000000 P3=XXXXXXXX P4=XXXXXXXX EAX=024d60ec EBX=024d66b4 ECX=00000000 EDX=0103cc5c ESI=00000000 EDI=00000000 DS=0053 DSACC=f0f3 DSLIM=ffffffff ES=0053 ESACC=f0f3 ESLIM=ffffffff FS=150b FSACC=00f3 FSLIM=00000030 GS=0000 GSACC=**** GSLIM=******** CS:EIP=005b:00000000 CSACC=f0df CSLIM=ffffffff SS:ESP=0053:0103cacc SSACC=f0f3 SSLIM=ffffffff EBP=0103cc70 FLG=00012202 Reproducible: Always Steps to Reproduce: 1. connect to http://www.novatech.co.uk/NOVATECH/Home.html 2. wait for page to load 3. wait for popup window to appear Actual Results: Mozilla crashed leaving the following entry in popuplog.os2 05-27-2001 10:16:09 SYS3175 PID 001b TID 0001 Slot 0052 D:\WARPZILLA\BIN\MOZILLA.EXE c0000005 00000000 P1=00000001 P2=00000000 P3=XXXXXXXX P4=XXXXXXXX EAX=024d60ec EBX=024d66b4 ECX=00000000 EDX=0103cc5c ESI=00000000 EDI=00000000 DS=0053 DSACC=f0f3 DSLIM=ffffffff ES=0053 ESACC=f0f3 ESLIM=ffffffff FS=150b FSACC=00f3 FSLIM=00000030 GS=0000 GSACC=**** GSLIM=******** CS:EIP=005b:00000000 CSACC=f0df CSLIM=ffffffff SS:ESP=0053:0103cacc SSACC=f0f3 SSLIM=ffffffff EBP=0103cc70 FLG=00012202 Expected Results: Display contents of popup window
The testcase is reduced from the URL of the pop-up: http://www.novatech.co.uk/NOVATECH/CompetitionEntry2.html Crashed on Win32 build 2001052608.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 3•23 years ago
|
||
Comment 4•23 years ago
|
||
Changing summary from "Bad: JavaScript popup window crashes Mozilla" to "crash [@ gklayout::NS_NewFrameManager]", adding crash keyword, setting OS=All.
Keywords: crash
OS: OS/2 → All
Summary: Bad: JavaScript popup window crashes Mozilla → crash [@ gklayout::NS_NewFrameManager]
Comment 5•23 years ago
|
||
Over to Layout.
Assignee: rogerl → karnaze
Component: Javascript Engine → Layout
QA Contact: pschwartau → petersen
It crashed already with 2001-04-20 and does not crash with 2001-04-09.
Updated•23 years ago
|
Keywords: regression
Comment 10•23 years ago
|
||
Nope, I get a completely different stack trace with 77713 with a crash in nsGetInterface::operator= .
Comment 11•23 years ago
|
||
Moving to m0.9.2.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.2
Comment 12•23 years ago
|
||
Comment 13•23 years ago
|
||
Reassigning to attinasi, since he came up with the patch.
Assignee: karnaze → attinasi
Status: ASSIGNED → NEW
Assignee | ||
Comment 14•23 years ago
|
||
Pavlov, the change is to null out the listener before removing the proxy because if we do not, then we can get called back into the frame that is trying to cancel the notifications! This results in a crash because the frames are only partly destroyed, and the DOMEvent winds up walking over the partially torn-down frames. I think that it is very wrong to notify an observer while they are canceling their notification registration... review please?
Status: NEW → ASSIGNED
Keywords: patch
Comment 15•23 years ago
|
||
sr=waterson
Comment 16•23 years ago
|
||
I'm looking at this to see if it will break anything.
Comment 17•23 years ago
|
||
*** Bug 77713 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 18•23 years ago
|
||
Graffiti tagging
Keywords: patch
Summary: crash [@ gklayout::NS_NewFrameManager] → [PATCH] crash [@ gklayout::NS_NewFrameManager]
Whiteboard: have sr, need r
Comment 19•23 years ago
|
||
r=pavlov
Assignee | ||
Comment 20•23 years ago
|
||
waiting on approval for 0.9.2 landing
Whiteboard: have sr, need r → have r and sr, need a
Comment 21•23 years ago
|
||
a= asa@mozilla.org for checkin to the trunk. (on behalf of drivers)
Assignee | ||
Comment 22•23 years ago
|
||
Checking in imgRequestProxy.cpp; /cvsroot/mozilla/modules/libpr0n/src/imgRequestProxy.cpp,v <-- imgRequestProxy .cpp new revision: 1.25; previous revision: 1.24
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Whiteboard: have r and sr, need a
Comment 23•23 years ago
|
||
Marking verified in the June 27th branch build.
Status: RESOLVED → VERIFIED
Updated•13 years ago
|
Crash Signature: [@ gklayout::NS_NewFrameManager]
You need to log in
before you can comment on or make changes to this bug.
Description
•