Closed Bug 83598 Opened 23 years ago Closed 23 years ago

Clicking twice on JavaScript popup image crashes browser

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla0.9.6

People

(Reporter: awu, Assigned: adamlock)

References

(
URL
)

Details

(Keywords: crash) 

Go to http://www.newdoom.com/articles/id3.shtml and click on an image like 
the one of John Carmack. A popup window appears. Click on the same image again.
This crashes the browser.
I can dupe this crash on build 2001053104 on Win2K.

Talkback ID
TB31169765E
Confirming with WinNT nightly binary 20010601xx, Linux debug 2001-05-31.
Changing OS --> All. Here is a Linux stack trace:


#0  0x90 in ?? ()
#1  0x41cebf8d in PresShell::Release (this=0x8834168) at nsPresShell.cpp:1374
#2  0x410459de in nsCOMPtr<nsIPresShell>::~nsCOMPtr (this=0xbfffec7c, 
__in_chrg=2) at ../../../dist/include/nsCOMPtr.h:489
#3  0x4100ea52 in GlobalWindowImpl::Focus (this=0x875a3b8) at 
nsGlobalWindow.cpp:1741
#4  0x4092be32 in nsWebShellWindow::HandleEvent (aEvent=0xbfffee98) at 
nsWebShellWindow.cpp:525
#5  0x409ae1ab in nsWidget::DispatchEvent (this=0x8af0580, aEvent=0xbfffee98, 
aStatus=@0xbfffee34) at nsWidget.cpp:1380
#6  0x409add86 in nsWidget::DispatchWindowEvent (this=0x8af0580, 
event=0xbfffee98) at nsWidget.cpp:1271
#7  0x409ade45 in nsWidget::DispatchFocus (this=0x8af0580, aEvent=@0xbfffee98) 
at nsWidget.cpp:1293
#8  0x409b554a in nsWindow::DispatchSetFocusEvent (this=0x8af0580) at 
nsWindow.cpp:1253
#9  0x409b57a3 in nsWindow::HandleMozAreaFocusIn (this=0x8af0580) at 
nsWindow.cpp:1360
#10 0x409b97ae in handle_mozarea_focus_in (aWidget=0x8a316e0, 
aGdkFocusEvent=0xbffff2b4, aData=0x8af0580) at nsWindow.cpp:2816
#11 0x403b4719 in gtk_marshal_BOOL__POINTER () from /usr/lib/libgtk-1.2.so.0
#12 0x403e1fdd in gtk_handlers_run () from /usr/lib/libgtk-1.2.so.0
#13 0x403e1422 in gtk_signal_real_emit () from /usr/lib/libgtk-1.2.so.0
#14 0x403df575 in gtk_signal_emit () from /usr/lib/libgtk-1.2.so.0
#15 0x4041477c in gtk_widget_event () from /usr/lib/libgtk-1.2.so.0
#16 0x4041c28e in gtk_window_focus_in_event () from /usr/lib/libgtk-1.2.so.0
#17 0x403b4719 in gtk_marshal_BOOL__POINTER () from /usr/lib/libgtk-1.2.so.0
#18 0x403e145b in gtk_signal_real_emit () from /usr/lib/libgtk-1.2.so.0
#19 0x403df575 in gtk_signal_emit () from /usr/lib/libgtk-1.2.so.0
#20 0x4041477c in gtk_widget_event () from /usr/lib/libgtk-1.2.so.0
#21 0x403b396a in gtk_main_do_event () from /usr/lib/libgtk-1.2.so.0
#22 0x409a4afc in handle_gdk_event (event=0x81692a0, data=0x0) at 
nsGtkEventHandler.cpp:979
#23 0x4045e00b in gdk_event_dispatch () from /usr/lib/libgdk-1.2.so.0
#24 0x4048bbe6 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
#25 0x4048c1a1 in g_main_iterate () from /usr/lib/libglib-1.2.so.0
#26 0x4048c341 in g_main_run () from /usr/lib/libglib-1.2.so.0
#27 0x403b3209 in gtk_main () from /usr/lib/libgtk-1.2.so.0
#28 0x4099867d in nsAppShell::Run (this=0x8133910) at nsAppShell.cpp:360
#29 0x409284c5 in nsAppShellService::Run (this=0x81077b0) at 
nsAppShellService.cpp:417
#30 0x805bbe9 in main1 (argc=1, argv=0xbffffa74, nativeApp=0x0) at 
nsAppRunner.cpp:1128
#31 0x805ca11 in main (argc=1, argv=0xbffffa74) at nsAppRunner.cpp:1426
(gdb)
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 98 → All
Assignee: rogerl → adamlock
Component: Javascript Engine → Embedding: Docshell
QA Contact: pschwartau → adamlock
Not sure which component this stack indicates, but certainly not
JS Engine. Reassigning to Embedding:Docshell for further triage - 
NOTES:

1. Popup ads are abundnant at this site
2. The link for the John Carmack image is

<A href="javascript:;" 
onClick="JustSoPicWindow('/articles/images/me_john.jpg','800','600','* * Click 
screen to close * *','#000000','hug image','0');return 
document.MM_returnValue"><IMG src="/articles/images/me_johnt.jpg" width="200" 
height="150" border="1" alt="Click for larger image" vspace="4" hspace="4" 
align="right"></A>



The function JustSoPicWindow() is as follows:


<script language="JavaScript">

function 
JustSoPicWindow(imageName,imageWidth,imageHeight,alt,bgcolor,hugger,hugMargin) 
{
// by E Michael Brandt of ValleyWebDesigns.com - 
// Please leave these comments intact.
// version 3.0.4  

if (bgcolor=="") {
	bgcolor="#FFFFFF";
}
var adj=10
var w = screen.width;
var h = screen.height;
var byFactor=1;
	if(w<740){
  var lift=0.90;
}
if(w>=740 & w<835){
  var lift=0.91;
}
if(w>=835){
  var lift=0.93;
}
if (imageWidth>w){	
  byFactor = w / imageWidth;			
  imageWidth = w;
  imageHeight = imageHeight * byFactor;
}
if (imageHeight>h-adj){
  byFactor = h / imageHeight;
  imageWidth = (imageWidth * byFactor);
  imageHeight = h; 
}
   
var scrWidth = w-adj;
var scrHeight = (h*lift)-adj;
	if (imageHeight>scrHeight){
 	  imageHeight=imageHeight*lift;
  imageWidth=imageWidth*lift;
}
	var posLeft=0;
var posTop=0;
	if (hugger == "hug image"){
  if (hugMargin == ""){
    hugMargin = 0;
  }
  var scrHeightTemp = imageHeight - 0 + 2*hugMargin;
  if (scrHeightTemp < scrHeight) {
	scrHeight = scrHeightTemp;
  } 
  var scrWidthTemp = imageWidth - 0 + 2*hugMargin;
  if (scrWidthTemp < scrWidth) {
	scrWidth = scrWidthTemp;
  }
  
  if (scrHeight<100){scrHeight=100;}
  if (scrWidth<100){scrWidth=100;}
	  posTop =  ((h-(scrHeight/lift)-adj)/2);
  posLeft = ((w-(scrWidth)-adj)/2);
	}
	if (imageHeight > (h*lift)-adj || imageWidth > w-adj){
	imageHeight=imageHeight-adj;
	imageWidth=imageWidth-adj;
}
posTop = parseInt(posTop);
posLeft = parseInt(posLeft);		
scrWidth = parseInt(scrWidth); 
scrHeight = parseInt(scrHeight);

var agt=navigator.userAgent.toLowerCase();
if (agt.indexOf("opera") != -1){
  var args= new Array();
  args[0]='parent';
  args[1]=imageName;
  var i ; document.MM_returnValue = false;
  for (i=0; i<(args.length-1); i+=2) eval(args[i]+".location='"+args[i+1]+"'");
} else {
newWindow = 
window.open("vwd_justso.htm","newWindow","width="+scrWidth+",height="+scrHeight+
",left="+posLeft+",top="+posTop);

newWindow.document.open();

newWindow.document.write('<html><title>'+alt+'</title><body leftmargin="0" 
topmargin="0" marginheight="0" marginwidth="0" bgcolor='+bgcolor+' 
onBlur="self.close()" onClick="self.close()">');  

newWindow.document.write('<table width='+imageWidth+' border="0" cellspacing="0" 
cellpadding="0" align="center" height='+scrHeight+' ><tr><td>');

newWindow.document.write('<img src="'+imageName+'" width='+imageWidth+' 
height='+imageHeight+' alt="Click screen to close" >'); 

newWindow.document.write('</td></tr></table></body></html>');

newWindow.document.close();
newWindow.focus();
}
}
</script>
Severity: normal → critical
Keywords: crash
Target Milestone: --- → mozilla0.9.6
Reporter: 
Can you try this again with a recent build ? 
This should be fixed...
BTW: the URL down't work...


I believe the problem is fixed. 0.9.5 does not crash here. (New URL is
http://www.newdoom.com/articles.php?i=id2)
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.