Closed
Bug 3758
Opened 26 years ago
Closed 26 years ago
Drag selecting entire content, then deleting, causes crash
Categories
(Core :: DOM: Selection, defect, P1)
Core
DOM: Selection
Tracking
()
VERIFIED
FIXED
M3
People
(Reporter: kinmoz, Assigned: kinmoz)
Details
To reproduce:
1. Start apprunner -editor
2. Drag select all the text on the page.
3. Hit the backspace key
We crash with the following stack trace:
TextFrame::GetWidth(nsIRenderingContext & {...}, TextFrame::TextStyle & {...},
unsigned short * 0x00131000, int 20384564, int & 0) line 1220 + 3 bytes
TextFrame::GetPointFromOffset(TextFrame * const 0x013f23c0, nsIPresContext *
0x01373bd0, nsIRenderingContext * 0x01421250, int 0, nsPoint * 0x0012f520) line
1899
nsCaret::DrawCaret() line 340
nsCaret::StartBlinking() line 234
nsCaret::NotifySelectionChanged(nsCaret * const 0x013ad994) line 184
nsRangeList::NotifySelectionListeners() line 1128 + 23 bytes
nsRangeList::EndBatchChanges(nsRangeList * const 0x013ad864) line 1089
nsEditor::Do(nsEditor * const 0x01368fb0, nsITransaction * 0x014206d0) line 668
nsEditor::DeleteSelection(nsEditor * const 0x01368fb0, nsIEditor::Direction
eRTL) line 1280 + 16 bytes
nsTextEditor::DeleteSelection(nsTextEditor * const 0x01368fb0,
nsIEditor::Direction eRTL) line 412 + 13 bytes
nsHTMLEditor::DeleteSelection(nsHTMLEditor * const 0x01368fb0,
nsIEditor::Direction eRTL) line 117
nsTextEditorKeyListener::KeyDown(nsIDOMEvent * 0x01420650) line 140
nsEventListenerManager::HandleEvent(nsIPresContext & {...}, nsEvent *
0x0012fa74, nsIDOMEvent * * 0x0012f7a8, nsEventStatus & nsEventStatus_eIgnore)
line 379 + 17 bytes
nsDocument::HandleDOMEvent(nsDocument * const 0x013724c0, nsIPresContext &
{...}, nsEvent * 0x0012fa74, nsIDOMEvent * * 0x0012f7a8, unsigned int 1,
nsEventStatus & nsEventStatus_eIgnore) line 1751
nsHTMLHtmlElement::HandleDOMEvent(nsHTMLHtmlElement * const 0x0137327c,
nsIPresContext & {...}, nsEvent * 0x0012fa74, nsIDOMEvent * * 0x00000000,
unsigned int 1, nsEventStatus & nsEventStatus_eIgnore) line 173 + 41 bytes
PresShell::HandleEvent(PresShell * const 0x013ad794, nsIView * 0x013f0b20,
nsGUIEvent * 0x0012fa74, nsEventStatus & nsEventStatus_eIgnore) line 1930 + 34
bytes
nsView::HandleEvent(nsView * const 0x013f0b20, nsGUIEvent * 0x0012fa74, unsigned
int 8, nsEventStatus & nsEventStatus_eIgnore) line 825
nsView::HandleEvent(nsView * const 0x013f01f0, nsGUIEvent * 0x0012fa74, unsigned
int 8, nsEventStatus & nsEventStatus_eIgnore) line 808
nsView::HandleEvent(nsView * const 0x013f0120, nsGUIEvent * 0x0012fa74, unsigned
int 8, nsEventStatus & nsEventStatus_eIgnore) line 808
nsScrollingView::HandleEvent(nsScrollingView * const 0x013f0120, nsGUIEvent *
0x0012fa74, unsigned int 8, nsEventStatus & nsEventStatus_eIgnore) line 875
nsView::HandleEvent(nsView * const 0x013ad3a0, nsGUIEvent * 0x0012fa74, unsigned
int 28, nsEventStatus & nsEventStatus_eIgnore) line 808
nsViewManager::DispatchEvent(nsViewManager * const 0x013adc70, nsGUIEvent *
0x0012fa74, nsEventStatus & nsEventStatus_eIgnore) line 1709
HandleEvent(nsGUIEvent * 0x0012fa74) line 64
nsWindow::DispatchEvent(nsWindow * const 0x013f02d0, nsGUIEvent * 0x0012fa74,
nsEventStatus & nsEventStatus_eIgnore) line 399 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fa74) line 415
nsWindow::OnKey(unsigned int 133, unsigned int 8, unsigned int 1, unsigned int
14) line 1362 + 24 bytes
nsWindow::ProcessMessage(unsigned int 256, unsigned int 8, long 917505, long *
0x0012fe64) line 1774 + 55 bytes
nsWindow::WindowProc(void * 0x003204b2, unsigned int 256, unsigned int 8, long
917505) line 458 + 27 bytes
USER32! 77e71250()
This crash is caused by some code that was added to
TextFrame::GetPointFromOffset() (nsTextFrame.cpp revision numbers 1.93 and
1.94). The code does not take into account that mContentLength might be zero.
Reassigning bug to kin@netscape.com.
I have a fix for this, just waiting for chofmann@netscape.com approval to
checkin.
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Fix checked in.
Index: nsTextFrame.cpp
===================================================================
RCS file: /cvsroot/mozilla/layout/html/base/src/nsTextFrame.cpp,v
retrieving revision 1.95
diff -c -r1.95 nsTextFrame.cpp
*** nsTextFrame.cpp 1999/03/16 19:36:49 1.95
--- nsTextFrame.cpp 1999/03/16 22:50:52
***************
*** 1854,1861 ****
NS_IMETHODIMP
TextFrame::GetPointFromOffset(nsIPresContext* inPresContext,
nsIRenderingContext* inRendContext, PRInt32 inOffset, nsPoint* outPoint)
{
! if (!inPresContext || !inRendContext)
return NS_ERROR_NULL_POINTER;
inOffset-=mContentOffset;
if (inOffset < 0){
NS_ASSERTION(0,"offset less than this frame has in GetPointFromOffset");
--- 1854,1868 ----
NS_IMETHODIMP
TextFrame::GetPointFromOffset(nsIPresContext* inPresContext,
nsIRenderingContext* inRendContext, PRInt32 inOffset, nsPoint* outPoint)
{
! if (!inPresContext || !inRendContext || !outPoint)
return NS_ERROR_NULL_POINTER;
+
+ if (mContentLength <= 0) {
+ outPoint->x = 0;
+ outPoint->y = 0;
+ return NS_OK;
+ }
+
inOffset-=mContentOffset;
if (inOffset < 0){
NS_ASSERTION(0,"offset less than this frame has in GetPointFromOffset");
Updated•26 years ago
|
Status: RESOLVED → VERIFIED
Comment 5•26 years ago
|
||
verified fixed with Mar18 build
Per a request from Selection and Search component eng (mjudge) and qa (elig),
moving all "Selection and Search" bugs to new "Selection" component. Original
"Selection and Search" component will be retired.
You need to log in
before you can comment on or make changes to this bug.
Description
•