Pasting a lot of text into a textarea crashes mozilla

VERIFIED WORKSFORME

Status

()

Core
Editor
--
major
VERIFIED WORKSFORME
17 years ago
16 years ago

People

(Reporter: gabriel, Assigned: Scott Collins)

Tracking

({crash})

Trunk
x86
Linux
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

17 years ago
Linux build 2001061308.

To reproduce:
Navigate to http://www.spy.org.uk/anonf.html

Select all text in the textarea.

Cut or copy text.

Paste text back into textarea.


Results:
mozilla crashes.

Expected results:
Textarea should be readonly. At the very least it should not crash.


I have a talkback ID for this: TB31736571W.
(Reporter)

Updated

17 years ago
Keywords: crash

Comment 1

17 years ago
I was able to duplicate this using a cvs build from today.  I had to select all,
copy paste several times.  Also, the url I had to use was
http://www.spy.org.uk/anonf.htm  (I've corrected the URL above).
I'll attach my backtrace.

Comment 2

17 years ago
Created attachment 38862 [details]
gdb backtrace from cvs build with -g

Comment 3

17 years ago
scc--Can you help with this bug?  Do you already have a bug on this issue?
(Assignee)

Comment 4

17 years ago
I don't already have a bug on this issue.  The steps do reproduce do not produce
a crash for me using 6.0.  I am happy to help with this problem.  I will try
this in a debug build from the tip of the trunk to try to find the crash.  Do we
want text-areas to be read-only?  It really looked like a place one was supposed
to type.  What does the standard say?
(Reporter)

Comment 5

17 years ago
Sorry, my mistake - according to the 4.0 html standards, the author of the page
should have set the 'readonly' attribute to make the textarea readonly.

However, the bug is still valid because of the crash.

Comment 6

17 years ago
hey scott, I'm handing this one over to you since you are looking into it, 
please reassign back if you are not able to assist.
Assignee: beppe → scc
(Assignee)

Comment 7

17 years ago
This doesn't crash for me in my tip debug build.  Can anyone else with a debug
setup reproduce?

Comment 8

17 years ago
I can't reproduce this in my Macintosh build from today.

Gabriel--can you get a newer build and try again?

Comment 9

17 years ago
fwiw -- I can get it to crash on win98 using today's build, I pasted lots and 
lots of text in the textarea. I would suspect that I pasted well over 10k of 
data before I got it to crash. I took this text, pasted 50 times, then copied 
all of the pasted text and pasted that in several times. THis may be related to 
a bug Kin has, cc him too.
The text I used:

Now is the time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. 

Comment 10

17 years ago
incident # 31925821:

nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3718] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
(Reporter)

Comment 11

17 years ago
What does the stacktrace from TB31736571W look like ?

Comment 12

17 years ago
With the build I was using on 6/17, I wasn't able to crash it when I built
without --disable-debug.  To get that stacktrace, I built with --disable-debug
and --enable-optimize="-O -g".  I just tried it again with a cvs build from this
morning (nondebug w/-g), and it took 10 or 15 select all, copy, pastes when I
wasn't running in gdb, and 2 when it was in gdb.  The stacktrace was identical
to the one in attachment 38862 [details].
One thing I just noticed odd:
#1  0x400e8248 in nsAString::do_AssignFromElementPtrLength (this=0xbfffd5cc,
    aPtr=0x8bb87c8, aLength=123350) at nsAString.cpp:265
265         do_AssignFromReadable(nsDependentString(aPtr, aLength));
(gdb) print aLength
$6 = 1093383090

Looks like the length got clobbered, or I suck at gdb.

Comment 13

17 years ago
*** Bug 97708 has been marked as a duplicate of this bug. ***

Comment 14

16 years ago
removing myself from the cc list
(Reporter)

Comment 15

16 years ago
No longer seems to crash. I tested with both NT and Linux, using mozilla 1.0.

I selected all, and then copied and pasted 10 times, each time selecting the
entire text before copying and pasting.

Closing as wfm.
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → WORKSFORME
(Reporter)

Comment 16

16 years ago
Can somebody vfy please ?

Comment 17

16 years ago
bulk verification.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.