Invalid page fault in JSDOM.DLL

VERIFIED FIXED in mozilla0.9.2

Status

()

Core
DOM: Core & HTML
--
critical
VERIFIED FIXED
17 years ago
17 years ago

People

(Reporter: basic, Assigned: jst)

Tracking

({crash})

Trunk
mozilla0.9.2
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [HAVE FIX] r=jag, sr=me)

Attachments

(5 attachments)

(Reporter)

Description

17 years ago
Build 2001061520 win32 talkback installer sea trunk

In the to be attached testcase when pressing on the "test" button it causes a
crash. Not sure how to describe this bug any further.
(Reporter)

Comment 1

17 years ago
Created attachment 38839 [details]
testcase (left frame)
(Reporter)

Comment 2

17 years ago
Created attachment 38840 [details]
actual testcase (main file)
(Reporter)

Comment 3

17 years ago
Created attachment 38841 [details]
testcase that actually works
confirming with win2k build 20010613 (CVS debug) and 0617 (CVS opt)

A part of the stack :
GlobalWindowImpl::GetScrollY(GlobalWindowImpl * const 0x0360a704, int * 
0x0012d620) line 1507 + 17 bytes
GlobalWindowImpl::GetPageYOffset(GlobalWindowImpl * const 0x0360a704, int * 
0x0012d620) line 1474
XPTC_InvokeByIndex(nsISupports * 0x0360a704, unsigned int 58, unsigned int 1, 
nsXPTCVariant * 0x0012d620) line 139
XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode 
CALL_GETTER) line 1881 + 42 bytes
XPCWrappedNative::GetAttribute(XPCCallContext & {...}) line 1771 + 14 bytes
XPC_WN_GetterSetter(JSContext * 0x02b4f378, JSObject * 0x0338a830, unsigned int 
0, long * 0x036bd614, long * 0x0012d868) line 1284 + 9 bytes
Severity: normal → critical
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
Created attachment 38842 [details]
Full stack trace

Comment 6

17 years ago
Created attachment 38854 [details] [diff] [review]
patch for this bug and a couple of its clones

Comment 7

17 years ago
I know that I should not patch more than one bug per patch, but one could argue
that they're all the same bug.  I'll bet dolars to donuts that this particular
oversight happens more often.
Keywords: patch
(Assignee)

Comment 8

17 years ago
Thanks for the patch! I had a look at it and it's a good change, but I'd like to
add this change too (which fixes the root of the problem in this case):

Index: dom/src/base/nsGlobalWindow.cpp
===================================================================
RCS file: /cvsroot/mozilla/dom/src/base/nsGlobalWindow.cpp,v
retrieving revision 1.412
diff -u -r1.412 nsGlobalWindow.cpp
--- nsGlobalWindow.cpp  2001/05/23 06:33:28     1.412
+++ nsGlobalWindow.cpp  2001/06/17 21:04:18
@@ -3685,6 +3685,8 @@
 GlobalWindowImpl::GetScrollInfo(nsIScrollableView **aScrollableView,
                                 float *aP2T, float *aT2P)
 {
+  *aScrollableView = nsnull;
+
   // Flush pending notifications so that the presentation is up to
   // date.
   FlushPendingNotifications();

With that addition, sr=jst, we should get this in for mozilla0.9.2.

Jag, r=?
Status: NEW → ASSIGNED
Keywords: mozilla0.9.2
OS: Windows 98 → All
Hardware: PC → All
Whiteboard: [HAVE FIX]
Target Milestone: --- → mozilla0.9.2

Comment 9

17 years ago
r=jag
(Assignee)

Updated

17 years ago
Whiteboard: [HAVE FIX] → [HAVE FIX] r=jag, sr=me

Comment 10

17 years ago
a=tor for trunk checkin
(Assignee)

Comment 11

17 years ago
Fix checked in.
Status: ASSIGNED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
(Reporter)

Comment 12

17 years ago
verified fixed build 2001061804 win32
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.