If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Clicking twice on JavaScript popup image crashes browser

RESOLVED FIXED in mozilla0.9.6

Status

()

Core
Document Navigation
--
critical
RESOLVED FIXED
17 years ago
16 years ago

People

(Reporter: Andrew Wu, Assigned: Adam Lock)

Tracking

({crash})

Trunk
mozilla0.9.6
x86
All
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

17 years ago
Go to http://www.newdoom.com/articles/id3.shtml and click on an image like 
the one of John Carmack. A popup window appears. Click on the same image again.
This crashes the browser.

Comment 1

17 years ago
I can dupe this crash on build 2001053104 on Win2K.

Talkback ID
TB31169765E

Comment 2

17 years ago
Confirming with WinNT nightly binary 20010601xx, Linux debug 2001-05-31.
Changing OS --> All. Here is a Linux stack trace:


#0  0x90 in ?? ()
#1  0x41cebf8d in PresShell::Release (this=0x8834168) at nsPresShell.cpp:1374
#2  0x410459de in nsCOMPtr<nsIPresShell>::~nsCOMPtr (this=0xbfffec7c, 
__in_chrg=2) at ../../../dist/include/nsCOMPtr.h:489
#3  0x4100ea52 in GlobalWindowImpl::Focus (this=0x875a3b8) at 
nsGlobalWindow.cpp:1741
#4  0x4092be32 in nsWebShellWindow::HandleEvent (aEvent=0xbfffee98) at 
nsWebShellWindow.cpp:525
#5  0x409ae1ab in nsWidget::DispatchEvent (this=0x8af0580, aEvent=0xbfffee98, 
aStatus=@0xbfffee34) at nsWidget.cpp:1380
#6  0x409add86 in nsWidget::DispatchWindowEvent (this=0x8af0580, 
event=0xbfffee98) at nsWidget.cpp:1271
#7  0x409ade45 in nsWidget::DispatchFocus (this=0x8af0580, aEvent=@0xbfffee98) 
at nsWidget.cpp:1293
#8  0x409b554a in nsWindow::DispatchSetFocusEvent (this=0x8af0580) at 
nsWindow.cpp:1253
#9  0x409b57a3 in nsWindow::HandleMozAreaFocusIn (this=0x8af0580) at 
nsWindow.cpp:1360
#10 0x409b97ae in handle_mozarea_focus_in (aWidget=0x8a316e0, 
aGdkFocusEvent=0xbffff2b4, aData=0x8af0580) at nsWindow.cpp:2816
#11 0x403b4719 in gtk_marshal_BOOL__POINTER () from /usr/lib/libgtk-1.2.so.0
#12 0x403e1fdd in gtk_handlers_run () from /usr/lib/libgtk-1.2.so.0
#13 0x403e1422 in gtk_signal_real_emit () from /usr/lib/libgtk-1.2.so.0
#14 0x403df575 in gtk_signal_emit () from /usr/lib/libgtk-1.2.so.0
#15 0x4041477c in gtk_widget_event () from /usr/lib/libgtk-1.2.so.0
#16 0x4041c28e in gtk_window_focus_in_event () from /usr/lib/libgtk-1.2.so.0
#17 0x403b4719 in gtk_marshal_BOOL__POINTER () from /usr/lib/libgtk-1.2.so.0
#18 0x403e145b in gtk_signal_real_emit () from /usr/lib/libgtk-1.2.so.0
#19 0x403df575 in gtk_signal_emit () from /usr/lib/libgtk-1.2.so.0
#20 0x4041477c in gtk_widget_event () from /usr/lib/libgtk-1.2.so.0
#21 0x403b396a in gtk_main_do_event () from /usr/lib/libgtk-1.2.so.0
#22 0x409a4afc in handle_gdk_event (event=0x81692a0, data=0x0) at 
nsGtkEventHandler.cpp:979
#23 0x4045e00b in gdk_event_dispatch () from /usr/lib/libgdk-1.2.so.0
#24 0x4048bbe6 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
#25 0x4048c1a1 in g_main_iterate () from /usr/lib/libglib-1.2.so.0
#26 0x4048c341 in g_main_run () from /usr/lib/libglib-1.2.so.0
#27 0x403b3209 in gtk_main () from /usr/lib/libgtk-1.2.so.0
#28 0x4099867d in nsAppShell::Run (this=0x8133910) at nsAppShell.cpp:360
#29 0x409284c5 in nsAppShellService::Run (this=0x81077b0) at 
nsAppShellService.cpp:417
#30 0x805bbe9 in main1 (argc=1, argv=0xbffffa74, nativeApp=0x0) at 
nsAppRunner.cpp:1128
#31 0x805ca11 in main (argc=1, argv=0xbffffa74) at nsAppRunner.cpp:1426
(gdb) 
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 98 → All

Updated

17 years ago
Assignee: rogerl → adamlock
Component: Javascript Engine → Embedding: Docshell
QA Contact: pschwartau → adamlock

Comment 3

17 years ago
Not sure which component this stack indicates, but certainly not
JS Engine. Reassigning to Embedding:Docshell for further triage - 

Comment 4

17 years ago
NOTES:

1. Popup ads are abundnant at this site
2. The link for the John Carmack image is

<A href="javascript:;" 
onClick="JustSoPicWindow('/articles/images/me_john.jpg','800','600','* * Click 
screen to close * *','#000000','hug image','0');return 
document.MM_returnValue"><IMG src="/articles/images/me_johnt.jpg" width="200" 
height="150" border="1" alt="Click for larger image" vspace="4" hspace="4" 
align="right"></A>



The function JustSoPicWindow() is as follows:


<script language="JavaScript">

function 
JustSoPicWindow(imageName,imageWidth,imageHeight,alt,bgcolor,hugger,hugMargin) 
{
// by E Michael Brandt of ValleyWebDesigns.com - 
// Please leave these comments intact.
// version 3.0.4  

if (bgcolor=="") {
	bgcolor="#FFFFFF";
}
var adj=10
var w = screen.width;
var h = screen.height;
var byFactor=1;
	if(w<740){
  var lift=0.90;
}
if(w>=740 & w<835){
  var lift=0.91;
}
if(w>=835){
  var lift=0.93;
}
if (imageWidth>w){	
  byFactor = w / imageWidth;			
  imageWidth = w;
  imageHeight = imageHeight * byFactor;
}
if (imageHeight>h-adj){
  byFactor = h / imageHeight;
  imageWidth = (imageWidth * byFactor);
  imageHeight = h; 
}
   
var scrWidth = w-adj;
var scrHeight = (h*lift)-adj;
	if (imageHeight>scrHeight){
 	  imageHeight=imageHeight*lift;
  imageWidth=imageWidth*lift;
}
	var posLeft=0;
var posTop=0;
	if (hugger == "hug image"){
  if (hugMargin == ""){
    hugMargin = 0;
  }
  var scrHeightTemp = imageHeight - 0 + 2*hugMargin;
  if (scrHeightTemp < scrHeight) {
	scrHeight = scrHeightTemp;
  } 
  var scrWidthTemp = imageWidth - 0 + 2*hugMargin;
  if (scrWidthTemp < scrWidth) {
	scrWidth = scrWidthTemp;
  }
  
  if (scrHeight<100){scrHeight=100;}
  if (scrWidth<100){scrWidth=100;}
	  posTop =  ((h-(scrHeight/lift)-adj)/2);
  posLeft = ((w-(scrWidth)-adj)/2);
	}
	if (imageHeight > (h*lift)-adj || imageWidth > w-adj){
	imageHeight=imageHeight-adj;
	imageWidth=imageWidth-adj;
}
posTop = parseInt(posTop);
posLeft = parseInt(posLeft);		
scrWidth = parseInt(scrWidth); 
scrHeight = parseInt(scrHeight);

var agt=navigator.userAgent.toLowerCase();
if (agt.indexOf("opera") != -1){
  var args= new Array();
  args[0]='parent';
  args[1]=imageName;
  var i ; document.MM_returnValue = false;
  for (i=0; i<(args.length-1); i+=2) eval(args[i]+".location='"+args[i+1]+"'");
} else {
newWindow = 
window.open("vwd_justso.htm","newWindow","width="+scrWidth+",height="+scrHeight+
",left="+posLeft+",top="+posTop);

newWindow.document.open();

newWindow.document.write('<html><title>'+alt+'</title><body leftmargin="0" 
topmargin="0" marginheight="0" marginwidth="0" bgcolor='+bgcolor+' 
onBlur="self.close()" onClick="self.close()">');  

newWindow.document.write('<table width='+imageWidth+' border="0" cellspacing="0" 
cellpadding="0" align="center" height='+scrHeight+' ><tr><td>');

newWindow.document.write('<img src="'+imageName+'" width='+imageWidth+' 
height='+imageHeight+' alt="Click screen to close" >'); 

newWindow.document.write('</td></tr></table></body></html>');

newWindow.document.close();
newWindow.focus();
}
}
</script>

Updated

16 years ago
Severity: normal → critical
Keywords: crash
(Assignee)

Updated

16 years ago
Target Milestone: --- → mozilla0.9.6
Reporter: 
Can you try this again with a recent build ? 
This should be fixed...
BTW: the URL down't work...

(Reporter)

Comment 6

16 years ago
I believe the problem is fixed. 0.9.5 does not crash here. (New URL is
http://www.newdoom.com/articles.php?i=id2)
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.