Closed Bug 86262 Opened 18 years ago Closed 17 years ago

Pasting a lot of text into a textarea crashes mozilla

Categories

(Core :: Editor, defect, major)

x86
Linux
defect
Not set
major

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: gabriel, Assigned: scc)

References

()

Details

(Keywords: crash)

Attachments

(1 file)

Linux build 2001061308.

To reproduce:
Navigate to http://www.spy.org.uk/anonf.html

Select all text in the textarea.

Cut or copy text.

Paste text back into textarea.


Results:
mozilla crashes.

Expected results:
Textarea should be readonly. At the very least it should not crash.


I have a talkback ID for this: TB31736571W.
Keywords: crash
I was able to duplicate this using a cvs build from today.  I had to select all,
copy paste several times.  Also, the url I had to use was
http://www.spy.org.uk/anonf.htm  (I've corrected the URL above).
I'll attach my backtrace.
scc--Can you help with this bug?  Do you already have a bug on this issue?
I don't already have a bug on this issue.  The steps do reproduce do not produce
a crash for me using 6.0.  I am happy to help with this problem.  I will try
this in a debug build from the tip of the trunk to try to find the crash.  Do we
want text-areas to be read-only?  It really looked like a place one was supposed
to type.  What does the standard say?
Sorry, my mistake - according to the 4.0 html standards, the author of the page
should have set the 'readonly' attribute to make the textarea readonly.

However, the bug is still valid because of the crash.
hey scott, I'm handing this one over to you since you are looking into it, 
please reassign back if you are not able to assist.
Assignee: beppe → scc
This doesn't crash for me in my tip debug build.  Can anyone else with a debug
setup reproduce?
I can't reproduce this in my Macintosh build from today.

Gabriel--can you get a newer build and try again?
fwiw -- I can get it to crash on win98 using today's build, I pasted lots and 
lots of text in the textarea. I would suspect that I pasted well over 10k of 
data before I got it to crash. I took this text, pasted 50 times, then copied 
all of the pasted text and pasted that in several times. THis may be related to 
a bug Kin has, cc him too.
The text I used:

Now is the time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the 
time for all good men to come to the aid of their country. 
abcdefghijklmnopqrstuvwxyz. 1234567890. Now is the time for all good men to come 
to the aid of their country. abcdefghijklmnopqrstuvwxyz. 1234567890. 
incident # 31925821:

nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3718] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
nsTextFrame::GetChildFrameContainingOffset 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 3754] 
What does the stacktrace from TB31736571W look like ?
With the build I was using on 6/17, I wasn't able to crash it when I built
without --disable-debug.  To get that stacktrace, I built with --disable-debug
and --enable-optimize="-O -g".  I just tried it again with a cvs build from this
morning (nondebug w/-g), and it took 10 or 15 select all, copy, pastes when I
wasn't running in gdb, and 2 when it was in gdb.  The stacktrace was identical
to the one in attachment 38862 [details].
One thing I just noticed odd:
#1  0x400e8248 in nsAString::do_AssignFromElementPtrLength (this=0xbfffd5cc,
    aPtr=0x8bb87c8, aLength=123350) at nsAString.cpp:265
265         do_AssignFromReadable(nsDependentString(aPtr, aLength));
(gdb) print aLength
$6 = 1093383090

Looks like the length got clobbered, or I suck at gdb.
*** Bug 97708 has been marked as a duplicate of this bug. ***
removing myself from the cc list
No longer seems to crash. I tested with both NT and Linux, using mozilla 1.0.

I selected all, and then copied and pasted 10 times, each time selecting the
entire text before copying and pasting.

Closing as wfm.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
Can somebody vfy please ?
bulk verification.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.