Closed
Bug 15769
Opened 25 years ago
Closed 25 years ago
[BLOCKER][CRASHER][TESTCASE] Having <select></select> without options inside crash application.
Categories
(Core :: Layout: Form Controls, defect, P1)
Tracking
()
VERIFIED
FIXED
M11
People
(Reporter: desale, Assigned: pollmann)
References
Details
Attachments
(1 file)
(deleted),
text/html
|
Details |
Having <select></select> without options inside, crash application real hard.
BUILDS: 10-06-19 [M10][Apprunner/Viewer]
STEPS TO REPRODUCE:
1] Please copy code I'm providing. Save it as HTML file.
2] Open this HTML file with apprunner as well as viewer.
EXPECTED RESULTS:
Application should simply load the page.
ACTUAL RESULTS:
Application crashes.
DESCRIPTION:
Application is crashing because of having empty select list in HTML code.
We can have empty select list because we can expect cgi to fill this select
depending on the data coming from cgi.
Having
<select>
</select>
in HTML code is crashing application.
On other hand if we put option inside the select list then it does not crash.
If we use
<select>
<option>opt1</option>
</select>
then it does not crash.
So having empty select is crashing the application.
CODE:
<html>
<head>
<title>Tester.html</title>
</head>
<body>
<form name="workform" >
<select>
</select>
</form>
</body>
</html>
END OF CODE:
STACK REPORT
Incident ID: 14133930
Trigger Type: Program Crash
Trigger Reason: Access violation
Call Stack: (Signature = nsListControlFrame::DisplaySelected 4708ac3c)
nsListControlFrame::DisplaySelected
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsListControlFrame.cpp, line
545]
nsListControlFrame::SetContentSelected
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsListControlFrame.cpp, line
1220]
nsListControlFrame::Reset
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsListControlFrame.cpp, line
1339]
nsListControlFrame::Init
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsListControlFrame.cpp, line
981]
nsCSSFrameConstructor::InitializeScrollFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 4038]
nsCSSFrameConstructor::ConstructSelectFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 2950]
nsCSSFrameConstructor::ConstructFrameByTag
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 3060]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 4869]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7987]
nsCSSFrameConstructor::ConstructFrameByTag
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 3153]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 4869]
nsCSSFrameConstructor::ContentAppended
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 5417]
StyleSetImpl::ContentAppended
[d:\builds\seamonkey\mozilla\layout\base\src\nsStyleSet.cpp, line 864]
PresShell::ContentAppended
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 1724]
nsDocument::ContentAppended
[d:\builds\seamonkey\mozilla\layout\base\src\nsDocument.cpp, line 1575]
nsHTMLDocument::ContentAppended
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLDocument.cpp, line
1044]
HTMLContentSink::NotifyBody
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp,
line 276]
HTMLContentSink::WillInterrupt
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp,
line 1770]
CNavDTD::WillInterruptParse
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 3116]
nsParser::ResumeParse
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 958]
nsParser::OnDataAvailable
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 1340]
nsDocumentBindInfo::OnDataAvailable
[d:\builds\seamonkey\mozilla\webshell\src\nsDocLoader.cpp, line 1372]
nsChannelListener::OnDataAvailable
[d:\builds\seamonkey\mozilla\webshell\src\nsDocLoader.cpp, line 1613]
nsHTTPResponseListener::OnDataAvailable
[d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp
p, line 195]
nsOnDataAvailableEvent::HandleEvent
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line
359]
nsStreamListenerEvent::HandlePLEvent
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line
153]
PL_HandleEvent
[plevent.c, line 542]
PL_ProcessPendingEvents
[plevent.c, line 501]
_md_EventReceiverProc
[plevent.c, line 974]
KERNEL32.DLL + 0x35d9 (0xbff735d9)
KERNEL32.DLL + 0x2222f (0xbff9222f)
0x00638bec
Reporter | ||
Updated•25 years ago
|
Priority: P3 → P1
QA Contact: cpratt → desale
Summary: [CRASHER][TESTCASE] Having <select></select> without options inside crash application. → [BLOCKER][CRASHER][TESTCASE] Having <select></select> without options inside crash application.
Reporter | ||
Comment 1•25 years ago
|
||
Changing priority to P1 and QA contact to myself. Pratt is this okay if I keep
QA contact ?
Updated•25 years ago
|
Assignee: karnaze → rods
Severity: normal → blocker
Comment 2•25 years ago
|
||
Reassigning to Rod.
Comment 4•25 years ago
|
||
I fixed this a while ago. This works for me, although I was mucking about in the
select code and just did a check in. This test is in test8 in the viewer and
apprunner. test8 has been working and quite sometme. Please repull or wait until
tomorrow and test it then after verifications.
Tomorrow I will mark as works for me.
Comment 5•25 years ago
|
||
I'm not seeing a "crash", but I see a couple of asserts because of this check:
if (mSelectionCacheLength != length) {
NS_ASSERTION(0,"nsListControlFrame: Cache sync'd with content!\n");
when adding items to a list in JavaScript. I notice that if there's no items
added, there is a "X" that appears as a single list item -- so the above
check fails since mSelectionCacheLength = 0 but length = 1 (for the "X")
Stack:
nsListControlFrame::UpdateSelection(nsListControlFrame * const 0x02e52524, int
0, nsIContent * 0x02e326d0) line 1724 + 35 bytes
nsComboboxControlFrame::UpdateSelection(nsComboboxControlFrame * const
0x02e52884, int 0, int 1, int -1) line 986
Updated•25 years ago
|
Assignee: rods → pollmann
Comment 6•25 years ago
|
||
The asserts are in Eric P. new code and this then needs to be assigned to him.
The "X" shouldn't be appearing. If it is it is because the visibility (shown
below) is incorrectly set to collapse instead of hidden. It should be hidden
now.
select:-moz-dummy-option {
visibility: hidden;
content: "X";
/*display: block;*/
}
Assigning to Eric to check for the problem with the asserts.
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 8•25 years ago
|
||
This crash has been fixed in M11. I'll look into those asserts. Charlie, do
you have a testcase that will reproduce them?
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 9•25 years ago
|
||
I'm now resizing the cache eagerly when an option is added or removed. This got
rid of the assert I was able to reproduce.
To verify, browse to the attachment I'm about to make. Click on the
RemoveOption button. You should not see any warnings printed out to the
terminal.
Assignee | ||
Comment 10•25 years ago
|
||
Reporter | ||
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
Reporter | ||
Comment 11•25 years ago
|
||
Marking verified.
Comment 12•25 years ago
|
||
*** Bug 17355 has been marked as a duplicate of this bug. ***
You need to log in
before you can comment on or make changes to this bug.
Description
•