Closed
Bug 40765
Opened 25 years ago
Closed 25 years ago
Crash when inserting an APPLET element in Composer in HTML source mode
Categories
(Core :: DOM: HTML Parser, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: rubydoo123, Assigned: serhunt)
Details
(Keywords: crash, Whiteboard: [nsbeta2+])
Crash when inserting an APPLET element in Composer in HTML source mode
using build 2000052608 on win98
1. open new document
2. select HTML Source mode, and enter the following HTML code:
<applet code="Bubbles.class" width="25" height="25">This APPLET element will not
work <PARAM name="param" value="howdy mate">This PARAM element is also
bogus</applet><br>
3. select any other mode
<<BOOM>> it crashes big time, no stack
Reporter | ||
Comment 1•25 years ago
|
||
Harish, there is something going amiss when we swap modes -- this is probably
related to the other bug that I gave you about swapping modes.
Here is the stack:
nsObjectFrame::InstantiatePlugin(nsIPresContext * 0x041f9b40,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, nsIPluginHost *
0x02ca59f4, const char * 0x043ea590, nsIURI * 0x00000000) line 873 + 34 bytes
nsObjectFrame::Reflow(nsObjectFrame * const 0x0316be04, nsIPresContext *
0x041f9b40, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 1227132) line 707 + 43 bytes
nsLineLayout::ReflowFrame(nsIFrame * 0x0316be04, nsIFrame * * 0x0012c3cc,
unsigned int & 1227132, nsHTMLReflowMetrics * 0x00000000, int & 0) line 971
nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineLayout &
{...}, nsLineBox * 0x0316bdb4, nsIFrame * 0x0316be04, unsigned char *
0x0012b92c) line 4327 + 29 bytes
nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState & {...}, nsLineLayout &
{...}, nsLineBox * 0x0316bdb4, int * 0x0012bfc0, unsigned char * 0x0012be0c, int
0, int 1) line 4211 + 28 bytes
nsBlockFrame::DoReflowInlineFramesAuto(nsBlockReflowState & {...}, nsLineBox *
0x0316bdb4, int * 0x0012bfc0, unsigned char * 0x0012be0c, int 0, int 1) line
4147 + 42 bytes
nsBlockFrame::ReflowInlineFrames(nsBlockReflowState & {...}, nsLineBox *
0x0316bdb4, int * 0x0012bfc0, int 1, int 0) line 4090 + 32 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x0316bdb4, int
* 0x0012bfc0, int 1) line 3220 + 29 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2909 + 27 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x0316bc4c, nsIPresContext *
0x041f9b40, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0) line 1727 + 15 bytes
nsBlockReflowContext::ReflowBlock(nsIFrame * 0x0316bc4c, const nsRect & {...},
int 1, int 0, int 1, nsMargin & {...}, unsigned int & 0) line 470 + 45 bytes
nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox *
0x0316bddc, int * 0x0012ca38) line 3838 + 56 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x0316bddc, int
* 0x0012ca38, int 1) line 3102 + 23 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2909 + 27 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x0316bc00, nsIPresContext *
0x041f9b40, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0) line 1727 + 15 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x0316bc00, nsIPresContext *
0x041f9b40, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0,
int 0, unsigned int 0, unsigned int & 0) line 693 + 31 bytes
CanvasFrame::Reflow(CanvasFrame * const 0x0316af8c, nsIPresContext * 0x041f9b40,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 306
nsBoxToBlockAdaptor::Reflow(nsBoxLayoutState & {...}, nsIPresContext *
0x041f9b40, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0, int 0, int 0, int 6915, int 4575, int 1) line 737
nsBoxToBlockAdaptor::Layout(nsBoxToBlockAdaptor * const 0x0316bba4,
nsBoxLayoutState & {...}) line 411 + 52 bytes
nsScrollPortFrame::Layout(nsScrollPortFrame * const 0x0316b0a0, nsBoxLayoutState
& {...}) line 334
nsContainerBox::LayoutChildAt(nsBoxLayoutState & {...}, nsIBox * 0x0316b0a0,
const nsRect & {...}) line 609 + 16 bytes
nsGfxScrollFrameInner::LayoutBox(nsBoxLayoutState & {...}, nsIBox * 0x0316b0a0,
const nsRect & {...}) line 1010 + 17 bytes
nsGfxScrollFrameInner::Layout(nsBoxLayoutState & {...}) line 1098
nsGfxScrollFrame::Layout(nsGfxScrollFrame * const 0x0316b000, nsBoxLayoutState &
{...}) line 1023 + 15 bytes
nsBoxFrame::Reflow(nsBoxFrame * const 0x0316afc8, nsIPresContext * 0x041f9b40,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 656
nsGfxScrollFrame::Reflow(nsGfxScrollFrame * const 0x0316afc8, nsIPresContext *
0x041f9b40, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0) line 709 + 25 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x0316afc8, nsIPresContext *
0x041f9b40, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0,
int 0, unsigned int 0, unsigned int & 0) line 693 + 31 bytes
ViewportFrame::Reflow(ViewportFrame * const 0x0316af50, nsIPresContext *
0x041f9b40, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0) line 546
nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x043e8ed0,
nsIPresContext * 0x041f9b40, nsHTMLReflowMetrics & {...}, const nsSize & {...},
nsIRenderingContext & {...}) line 145
PresShell::ProcessReflowCommands(int 0) line 3799
PresShell::FlushPendingNotifications(PresShell * const 0x041aba10) line 2942
nsDocument::FlushPendingNotifications(nsDocument * const 0x041f7b80) line 3362
nsHTMLDocument::FlushPendingNotifications(nsHTMLDocument * const 0x041f7b80)
line 1219 + 9 bytes
PresShell::SetCaretEnabled(PresShell * const 0x041aba20, int 1) line 1892
nsHTMLEditRules::AfterEdit(nsHTMLEditRules * const 0x0421e2d4, int 3008,
nsIEditor::EDirection eNext) line 200
nsHTMLEditor::EndOperation(nsHTMLEditor * const 0x0421d630, int 3008,
nsIEditor::EDirection eNext) line 5547 + 55 bytes
nsAutoRules::~nsAutoRules() line 92 + 48 bytes
nsHTMLEditor::InsertHTMLWithCharset(nsHTMLEditor * const 0x0421d6ac, const
nsString & {"<body><applet code="Bubbles.class" width="25" height="25">This
APPLET element will not
work <PARAM name="param" value="howdy"}, const nsString & {""}) line 2503 + 41
bytes
nsHTMLEditor::InsertHTML(nsHTMLEditor * const 0x0421d6ac, const nsString &
{"<body><applet code="Bubbles.class" width="25" height="25">This APPLET element
will not
work <PARAM name="param" value="howdy"}) line 2364 + 23 bytes
nsEditorShell::InsertSource(nsEditorShell * const 0x041be250, const unsigned
short * 0x043d75f0) line 2642 + 42 bytes
XPTC_InvokeByIndex(nsISupports * 0x041be250, unsigned int 52, unsigned int 1,
nsXPTCVariant * 0x0012e194) line 139
nsXPCWrappedNativeClass::CallWrappedMethod(JSContext * 0x016710c0,
nsXPCWrappedNative * 0x0419ea40, const XPCNativeMemberDescriptor * 0x03d72050,
nsXPCWrappedNativeClass::CallMode CALL_METHOD, unsigned int 1, long *
0x02fac738, long * 0x0012e344) line 914 + 43 bytes
WrappedNative_CallMethod(JSContext * 0x016710c0, JSObject * 0x030c90f8, unsigned
int 1, long * 0x02fac738, long * 0x0012e344) line 200 + 34 bytes
js_Invoke(JSContext * 0x016710c0, unsigned int 1, unsigned int 0) line 686 + 23
bytes
js_Interpret(JSContext * 0x016710c0, long * 0x0012ec78) line 2485 + 15 bytes
js_Invoke(JSContext * 0x016710c0, unsigned int 1, unsigned int 2) line 702 + 13
bytes
js_InternalInvoke(JSContext * 0x016710c0, JSObject * 0x02f94f48, long 51368872,
unsigned int 0, unsigned int 1, long * 0x0012ee10, long * 0x0012edb0) line 775 +
19 bytes
JS_CallFunctionValue(JSContext * 0x016710c0, JSObject * 0x02f94f48, long
51368872, unsigned int 1, long * 0x0012ee10, long * 0x0012edb0) line 2783 + 31
bytes
nsJSContext::CallEventHandler(nsJSContext * const 0x01671660, void * 0x02f94f48,
void * 0x030fd3a8, unsigned int 1, void * 0x0012ee10, int * 0x0012ee0c, int 0)
line 788 + 33 bytes
nsJSEventListener::HandleEvent(nsIDOMEvent * 0x043b2fb4) line 154 + 64 bytes
nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x03b3a6a0,
nsIDOMEvent * 0x043b2fb4, nsIDOMEventTarget * 0x038d5e10, unsigned int 4,
unsigned int 7) line 754 + 19 bytes
nsEventListenerManager::HandleEvent(nsIPresContext * 0x0168ab30, nsEvent *
0x0012f4f0, nsIDOMEvent * * 0x0012f468, nsIDOMEventTarget * 0x038d5e10, unsigned
int 7, nsEventStatus * 0x0012f7b0) line 897 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x038d5e00, nsIPresContext *
0x0168ab30, nsEvent * 0x0012f4f0, nsIDOMEvent * * 0x0012f468, unsigned int 1,
nsEventStatus * 0x0012f7b0) line 3591
PresShell::HandleEventInternal(nsEvent * 0x0012f4f0, nsIView * 0x00000000,
nsEventStatus * 0x0012f7b0) line 3607 + 45 bytes
PresShell::HandleEventWithTarget(PresShell * const 0x01e0e980, nsEvent *
0x0012f4f0, nsIFrame * 0x0308e2c8, nsIContent * 0x038d5e00, nsEventStatus *
0x0012f7b0) line 3588 + 18 bytes
nsEventStateManager::CheckForAndDispatchClick(nsEventStateManager * const
0x03b84370, nsIPresContext * 0x0168ab30, nsMouseEvent * 0x0012f8c0,
nsEventStatus * 0x0012f7b0) line 1738 + 50 bytes
nsEventStateManager::PostHandleEvent(nsEventStateManager * const 0x03b84378,
nsIPresContext * 0x0168ab30, nsEvent * 0x0012f8c0, nsIFrame * 0x0308e2c8,
nsEventStatus * 0x0012f7b0, nsIView * 0x0168d1c0) line 847 + 28 bytes
PresShell::HandleEventInternal(nsEvent * 0x0012f8c0, nsIView * 0x0168d1c0,
nsEventStatus * 0x0012f7b0) line 3627 + 43 bytes
PresShell::HandleEvent(PresShell * const 0x01e0e984, nsIView * 0x0168d1c0,
nsGUIEvent * 0x0012f8c0, nsEventStatus * 0x0012f7b0, int & 1) line 3542 + 23
bytes
nsView::HandleEvent(nsView * const 0x0168d1c0, nsGUIEvent * 0x0012f8c0, unsigned
int 28, nsEventStatus * 0x0012f7b0, int & 1) line 774
nsViewManager2::DispatchEvent(nsViewManager2 * const 0x0168b140, nsGUIEvent *
0x0012f8c0, nsEventStatus * 0x0012f7b0) line 1369
HandleEvent(nsGUIEvent * 0x0012f8c0) line 69
nsWindow::DispatchEvent(nsWindow * const 0x016883c4, nsGUIEvent * 0x0012f8c0,
nsEventStatus & nsEventStatus_eIgnore) line 560 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f8c0) line 581
nsWindow::DispatchMouseEvent(unsigned int 301, nsPoint * 0x00000000) line 3673 +
21 bytes
ChildWindow::DispatchMouseEvent(unsigned int 301, nsPoint * 0x00000000) line
3880
nsWindow::ProcessMessage(unsigned int 514, unsigned int 0, long 2654
Status: NEW → ASSIGNED
This should probably go to buster.
Harish, I have no idea why you think this would be mine. av owns object frame
and plugin issues.
Assignee: buster → av
Seems to be easy one. Looks like shaver added dereferencing a pointer which can
be null. It is in nsObjectFrame::InstantiatePlugin call:
aURL->GetSpec(getter_Copies(urlCString));
If it were nominated nsbeta2+ I could check in the fix, which would be just
if(aURL != nsnull)
Reporter | ||
Comment 7•25 years ago
|
||
due to the crash in Composer, I am nominating this as a nsbeta2 bug
Keywords: nsbeta2
av, do you know why the URL is null? Conditioning the pointer is good..but we
got to figure out the core of the problem.
Assignee | ||
Comment 10•25 years ago
|
||
Checked in.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 11•25 years ago
|
||
Harish, when it creates an absolute URL it passes "about:blank" as a base
URL, and AboutProtocolHandler complains about being relative to "about:" thus
returning null. I am not sure who should look at it.
Should we reopen the bug?
Comment 12•25 years ago
|
||
Probably you should talk to the network folks. CCing gagan for input.
If this is a real issue..we got to reopen this bug.
Comment 13•24 years ago
|
||
Verified
2000-07-17-09-M17 : Win98
(how surprising to have an option to go to HTML Source mode on the dropdown, but
then no way to get back using the dropdowns...)
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•