Closed Bug 18998 Opened 25 years ago Closed 25 years ago

[DOGFOOD] Pasting in the URL bar fails.

Categories

(Core :: DOM: Editor, defect, P3)

defect

Tracking

()

VERIFIED FIXED

People

(Reporter: kinmoz, Assigned: mikepinkerton)

Details

(Whiteboard: [PDT+])

Copying a URL from 4.x's URL textfield and pasting it into 5.0's URL textfield fails. In my 11/15/99 Win32 debug build, the paste causes nsString to throw a debug warning "Possible embeded null in append". Continiuing past the warning causes the scanner to go into an infinite loop in nsScanner::ReadUntil() when it runs across the NULL character. The stack traces are included below. In Akkana's 11/16/99 Linux build, the warning is thrown, but there is no infinite loop, the text that was pasted just fails to show up. Here's the stack trace to the nsString warning: NTDLL! 77f76148() nsDebug::WarnIfFalse(const char * 0x10088008, const char * 0x10087ff8, const char * 0x10087fd4, int 1080) line 183 + 21 bytes nsString::Append(const unsigned short * 0x02ff45f0, int 57) line 1080 + 31 bytes nsString::Assign(const unsigned short * 0x02ff45f0, int 57) line 948 nsString::SetString(const unsigned short * 0x02ff45f0, int 57) line 404 + 23 bytes nsHTMLEditor::Paste(nsHTMLEditor * const 0x02f2e1e0) line 3419 nsHTMLEditorLog::Paste(nsHTMLEditorLog * const 0x02f2e1e0) line 357 + 9 bytes nsTextEditorKeyListener::ProcessShortCutKeys(nsIDOMEvent * 0x02ff4224, int & 1) line 302 nsTextEditorKeyListener::KeyPress(nsIDOMEvent * 0x02ff4224) line 157 nsEventListenerManager::HandleEvent(nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x0012f954, unsigned int 2, nsEventStatus & nsEventStatus_eIgnore) line 793 + 17 bytes nsDocument::HandleDOMEvent(nsDocument * const 0x02753b80, nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x0012f954, unsigned int 2, nsEventStatus & nsEventStatus_eIgnore) line 2381 nsHTMLHtmlElement::HandleDOMEvent(nsHTMLHtmlElement * const 0x0275657c, nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x0012f954, unsigned int 2, nsEventStatus & nsEventStatus_eIgnore) line 191 + 41 bytes nsGenericElement::HandleDOMEvent(nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x0012f954, unsigned int 2, nsEventStatus & nsEventStatus_eIgnore) line 797 + 39 bytes nsHTMLBodyElement::HandleDOMEvent(nsHTMLBodyElement * const 0x0301a05c, nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x0012f954, unsigned int 2, nsEventStatus & nsEventStatus_eIgnore) line 720 nsGenericElement::HandleDOMEvent(nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x0012f954, unsigned int 1, nsEventStatus & nsEventStatus_eIgnore) line 797 + 39 bytes nsHTMLBRElement::HandleDOMEvent(nsHTMLBRElement * const 0x030441ac, nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x00000000, unsigned int 1, nsEventStatus & nsEventStatus_eIgnore) line 218 PresShell::HandleEvent(PresShell * const 0x03019094, nsIView * 0x03033840, nsGUIEvent * 0x0012fbd0, nsEventStatus & nsEventStatus_eIgnore) line 2410 + 39 bytes nsView::HandleEvent(nsView * const 0x03033840, nsGUIEvent * 0x0012fbd0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 840 nsView::HandleEvent(nsView * const 0x03033f70, nsGUIEvent * 0x0012fbd0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 825 nsView::HandleEvent(nsView * const 0x030194b0, nsGUIEvent * 0x0012fbd0, unsigned int 28, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 825 nsViewManager::DispatchEvent(nsViewManager * const 0x03019680, nsGUIEvent * 0x0012fbd0, nsEventStatus & nsEventStatus_eIgnore) line 1724 HandleEvent(nsGUIEvent * 0x0012fbd0) line 69 nsWindow::DispatchEvent(nsWindow * const 0x03033e34, nsGUIEvent * 0x0012fbd0, nsEventStatus & nsEventStatus_eIgnore) line 410 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fbd0) line 431 nsWindow::DispatchKeyEvent(unsigned int 131, unsigned short 118, unsigned int 0) line 2133 + 15 bytes nsWindow::OnChar(unsigned int 22, unsigned int 0, unsigned char 0) line 2442 nsWindow::ProcessMessage(unsigned int 258, unsigned int 22, long 3080193, long * 0x0012fdfc) line 2613 + 32 bytes nsWindow::WindowProc(HWND__ * 0x00020446, unsigned int 258, unsigned int 22, long 3080193) line 597 + 27 bytes USER32! 77e71250() JS3250! 002f0001() Here's where the scanner goes into an infinite loop. The infinite loop is actually in ReadUntil(): nsScanner::Peek(unsigned short & 0) line 420 + 12 bytes nsScanner::ReadUntil(nsString & {...}, nsCString & {...}, int 1, int 0) line 990 + 12 bytes nsScanner::ReadUntil(nsString & {...}, const char * 0x01b46b6c, int 1, int 0) line 1025 + 24 bytes CTextToken::Consume(unsigned short 0, nsScanner & {...}, int 1) line 453 + 25 bytes nsHTMLTokenizer::ConsumeText(const nsString & {...}, CToken * & 0x026680f0, nsScanner & {...}) line 661 + 31 bytes nsHTMLTokenizer::ConsumeToken(nsScanner & {...}) line 317 + 32 bytes nsXMLTokenizer::ConsumeToken(nsScanner & {...}) line 150 nsParser::Tokenize(int 0) line 1410 + 21 bytes nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 955 + 12 bytes nsParser::Parse(const nsString & {...}, void * 0x00000000, const nsString & {...}, int 0, int 1, eParseMode eParseMode_autodetect) line 837 + 15 bytes nsTextEncoder::EncodeToString(nsTextEncoder * const 0x027bb670, nsString & {...}) line 209 + 43 bytes nsHTMLEditor::OutputToString(nsHTMLEditor * const 0x02f2e1e0, nsString & {...}, const nsString & {...}, unsigned int 24) line 3751 + 39 bytes nsGfxTextControlFrame::GetTextControlFrameState(nsString & {...}) line 864 nsGfxTextControlFrame::GetProperty(nsGfxTextControlFrame * const 0x0272fb3c, nsIAtom * 0x011e17d0, nsString & {...}) line 970 nsHTMLInputElement::GetValue(nsHTMLInputElement * const 0x023485a0, nsString & {...}) line 385 WLLT_OnSubmit(nsIContent * 0x022e3f20) line 3088 + 28 bytes nsWalletlibService::Notify(nsWalletlibService * const 0x011d4c38, nsIContent * 0x022e3f20) line 185 + 9 bytes nsFormFrame::OnSubmit(nsFormFrame * const 0x027098a8, nsIPresContext * 0x01c0fc90, nsIFrame * 0x0272fb10) line 548 nsGfxTextControlFrame::EnterPressed(nsIPresContext & {...}) line 355 nsGfxTextControlFrame::HandleEvent(nsGfxTextControlFrame * const 0x0272fb10, nsIPresContext & {...}, nsGUIEvent * 0x0012f6fc, nsEventStatus & nsEventStatus_eConsumeDoDefault) line 321 nsEnderEventListener::KeyPress(nsIDOMEvent * 0x027bb174) line 2993 + 32 bytes nsEventListenerManager::HandleEvent(nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x0012f954, unsigned int 2, nsEventStatus & nsEventStatus_eIgnore) line 793 + 17 bytes nsDocument::HandleDOMEvent(nsDocument * const 0x02753b80, nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x0012f954, unsigned int 2, nsEventStatus & nsEventStatus_eIgnore) line 2381 nsHTMLHtmlElement::HandleDOMEvent(nsHTMLHtmlElement * const 0x0275657c, nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x0012f954, unsigned int 2, nsEventStatus & nsEventStatus_eIgnore) line 191 + 41 bytes nsGenericElement::HandleDOMEvent(nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x0012f954, unsigned int 2, nsEventStatus & nsEventStatus_eIgnore) line 797 + 39 bytes nsHTMLBodyElement::HandleDOMEvent(nsHTMLBodyElement * const 0x0301a05c, nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x0012f954, unsigned int 2, nsEventStatus & nsEventStatus_eIgnore) line 720 nsGenericDOMDataNode::HandleDOMEvent(nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x0012f954, unsigned int 1, nsEventStatus & nsEventStatus_eIgnore) line 798 + 39 bytes nsTextNode::HandleDOMEvent(nsTextNode * const 0x030327fc, nsIPresContext & {...}, nsEvent * 0x0012fbd0, nsIDOMEvent * * 0x00000000, unsigned int 1, nsEventStatus & nsEventStatus_eIgnore) line 207 PresShell::HandleEvent(PresShell * const 0x03019094, nsIView * 0x03033840, nsGUIEvent * 0x0012fbd0, nsEventStatus & nsEventStatus_eIgnore) line 2410 + 39 bytes nsView::HandleEvent(nsView * const 0x03033840, nsGUIEvent * 0x0012fbd0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 840 nsView::HandleEvent(nsView * const 0x03033f70, nsGUIEvent * 0x0012fbd0, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 825 nsView::HandleEvent(nsView * const 0x030194b0, nsGUIEvent * 0x0012fbd0, unsigned int 28, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 825 nsViewManager::DispatchEvent(nsViewManager * const 0x03019680, nsGUIEvent * 0x0012fbd0, nsEventStatus & nsEventStatus_eIgnore) line 1724 HandleEvent(nsGUIEvent * 0x0012fbd0) line 69 nsWindow::DispatchEvent(nsWindow * const 0x03033e34, nsGUIEvent * 0x0012fbd0, nsEventStatus & nsEventStatus_eIgnore) line 410 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fbd0) line 431 nsWindow::DispatchKeyEvent(unsigned int 131, unsigned short 0, unsigned int 13) line 2133 + 15 bytes nsWindow::OnChar(unsigned int 13, unsigned int 13, unsigned char 1) line 2442 nsWindow::ProcessMessage(unsigned int 258, unsigned int 13, long 1835009, long * 0x0012fdfc) line 2583 + 50 bytes nsWindow::WindowProc(HWND__ * 0x00020446, unsigned int 258, unsigned int 13, long 1835009) line 597 + 27 bytes USER32! 77e71250(
QA Contact: sujay → elig
Copy/Paste issue; QA Assigning to self.
Assignee: pinkerton → rickg
Taking this from pinkerton to find out why scanner has a problem.
Whiteboard: [PDT+]
Putting on the PDT+ radar.
Checked in a fix, on 11/16/99, for the infinite looping.
Assignee: rickg → akkana
With Harish's fix, the only remaining problem is that nsHTMLEditor::Paste()is passing a buffer that is n characters long, but is claiming the length is n+1 characters. Assuming that this is an off-by-1 error, I'm reassigning to akkana to verify the string length computation.
Target Milestone: M12
setting to M12 since this is a PDT+
The editor gets len, the length in bytes from the transferable (GetAnyTransferData), then (if it was unicode) puts it in an nsString with SetString ( text, len / 2 ) where text is the object the transferable returned as a nsISupportsWString. This is what Naoki and I both thought was the right thing to do in the unicode case. BTW, what's it doing now on Windows -- what's the failure mode? I'm passing this bug back to pinkerton (who owns the transferable code); if users of Transferable are supposed to do something other than divide by two for unicode strings, please explain and pass the bug back to me.
Assignee: akkana → pinkerton
Mike, what should the editor be doing with the length from the transferable if not dividing it by two and passing it in as the length of a new nsString?
if it's plain text, you shouldn't be dividing by two. if it's unicode, you should just pass the length into an nsAutoSTring as it because it's a PRUnichar*.
Nope, that doesn't work. For instance, if I copy "http://www.mozilla.org" (22 chars) in the 4.5 urlbar, then when I call GetAnyTransferData(), it returns a len of 48 (the actual number of bytes, plus four extra). But I need to turn this into an nsString, and nsString::SetString wants the number of doublewide characters, not the number of bytes, so the divide by two in the editor code is necessary. Even with the divide by two, though, len is coming through four bytes (two characters) too long, which results in a warning about embedded nulls. If you dismiss the warning, the string appears to paste okay (which is not the case if I get rid of the divide by two -- then I get extra garbage characters appended to the end of the string, because I'm giving it a length that's way too long).
Ok, sorry about my misunderstanding about what SetString() wanted. That makes sense. I wonder, though, why we are getting extra nulls from 4.5. How many bytes is it if you copy the text from the mozilla url bar? Is it still 48 bytes? Maybe this is just a bug in 4.5 ;)
Status: NEW → ASSIGNED
Whiteboard: [PDT+] → [PDT+] Fix in hand, waiting for tree.
Ok, i have a fix. waiting for the tree to open. Tested with unicode copied from wordPad and plain jane text copied from NotePad.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Whiteboard: [PDT+] Fix in hand, waiting for tree. → [PDT+]
fix checked in.
Status: RESOLVED → VERIFIED
Verified fixed using: Mac OS - 1999112208 Win NT 4.0 SP5 - 1999111909 Linux RH 6.0/GNOME - 1999112208 (Copied text from 4.5/4.7, and also copied from a plaintext editor on Win32/Mac.)
You need to log in before you can comment on or make changes to this bug.