Closed Bug 89964 Opened 24 years ago Closed 24 years ago

crash on form of visual hebrew with dir=rtl

Categories

(Core :: Layout: Text and Fonts, defect)

Product:
Core
Component:
Layout: Text and Fonts
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: tzafrir, Assigned: mkaply)

References

(
URL
)

Details

(Keywords: crash, rtl, Whiteboard: [PDT+])

Attachments

(2 files)

suggested patch
1.25 KB, patch
Details | Diff | Splinter Review
possibly a better patch
2.63 KB, patch
Details | Diff | Splinter Review
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.2) Gecko/20010628 BuildID: 2001062815 That page is encoded as ISO-8859-8 . It includes a form with a textarea element that has dir=rtl and wrap=virtual . Generally working with this form I got some unexpected behaviours (including strange behaviours of the selection) and some crashes. Procedure below produces a reporducable crash (at least in this machine) I seem to have had this problem from at least 0.9.1, but couldn't isolate it before. Reproducible: Always Steps to Reproduce: 1. start a new mozilla with that page 2. type a hebrwe word of at least two letters in that form (this requires hebrew keyboard layout installed) 3. press enter 4. press backspace twice
Severity: normal → critical
Keywords: crash
Commentary on the attached patch: The IBMBIDI block in |nsCaret::SetupDrawingFrameAndOffset| needs to be moved before the code that sets NS_FRAME_EXTERNAL_REFERENCE on the caret frame. The crash was caused by the bidi code changing |theFrame| to a frame without NS_FRAME_EXTERNAL_REFERENCE, so when that frame was deleted by backspacing |nsCaret::ClearFrameRefs| wasn't being called and |mLastCaretFrame| was still pointing to the deleted frame.
I guess it makes sense to move the IBMBIDI block even earlier, as in the second patch. What would be a good testcase?
Marking NEW.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: patch, review
mkaply, do you think this is something that should go on the 6.1 branch?
I think this would be a good candidate for the branch, although it is not even on the trunk right now.
I will check this into the trunk as soon as I get r=
r=ftang, you already got sr=kin . Check into trunk ASAP, please.
How common is the case that causes this crash? Since it's not a simple null-check, I'd like you to describe the testing that's been done and to have an extra reviewer looking for possible interactions outside the immediate scope of the change. I can't afford any regressions right now, so I need to be able to judge both the value and the risk before making the decision whether this goes in the branch. Frank, can you be the local representative for this bug? Please bring an update to the PDT meeting today.
fix checked into trunk
PDT+. Pls check into the branch as soon as possible. Thanks.
Whiteboard: [PDT+]
I checked this into the branch.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
simon@softel.co.il or gila, can you verify this bug?
VERIFIED FIXED
Status: RESOLVED → VERIFIED
Mass-assigning the new rtl keyword to RTL-related (see bug 349193).
Keywords: rtl
Component: Layout: BiDi Hebrew & Arabic → Layout: Text
QA Contact: giladehven → layout.fonts-and-text
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: