Closed Bug 4383 Opened 26 years ago Closed 26 years ago

nsIDOMHTMLImageElement::SetSrc crashes

Categories

(Core :: DOM: Editor, defect, P2)

defect

Tracking

()

VERIFIED FIXED

People

(Reporter: akkzilla, Assigned: nisheeth_mozilla)

Details

Inserting an image in the editor (place the cursor somewhere, and then selection Insert->Image) crashes. The editor creates an IMG node, but when it calls SetSrc on it with a path of "http://www.mozilla.org/editor/images/pensplat.gif" (as an nsString), nsGenericHTMLElement tries to call a notification on the document that the attribute has changed (nsGenericHTMLElement.cpp:665), which eventually calls mImageLoader.StartLoadImage(), and the app crashes. When we get to NS_MakeAbsoluteURL, the URL is null. aBaseURL is an empty nsString. Perhaps all the attributes have to be set at once on an image? #0 0x4023646b in NS_MakeAbsoluteURL (aURL=0x0, aBaseURL=@0xbfffdc5c, aSpec=@0x828fbb8, aResult=@0xbfffdc6c) at /builds/mon/mozilla/network/module/nsNetService.cpp:1128 #1 0x40461cde in nsHTMLImageLoader::StartLoadImage (this=0x829005c, aPresContext=0x822c080, aForFrame=0x8290028, aCallBack=0, aNeedSizeUpdate=0, aLoadStatus=@0xbfffdd0c) #2 0x40463df8 in nsImageFrame::AttributeChanged (this=0x8290028, aPresContext=0x822c080, aChild=0x828fd9c, aAttribute=0x81bd958, aHint=2) at /builds/mon/mozilla/layout/html/base/src/nsImageFrame.cpp:1075 #3 0x405525ea in nsCSSFrameConstructor::AttributeChanged (this=0x8249a90, aPresContext=0x822c080, aContent=0x828fd9c, aAttribute=0x81bd958, aHint=2) at /builds/mon/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp:3945 #4 0x4042be41 in StyleSetImpl::AttributeChanged (this=0x8249a48, aPresContext=0x822c080, aContent=0x828fd9c, aAttribute=0x81bd958, aHint=-1) at /builds/mon/mozilla/layout/base/src/nsStyleSet.cpp:793 #5 0x40475c07 in PresShell::AttributeChanged (this=0x8249ad8, aDocument=0x822b568, aContent=0x828fd9c, aAttribute=0x81bd958, aHint=-1) at /builds/mon/mozilla/layout/html/base/src/nsPresShell.cpp:1626 #6 0x40416f48 in nsDocument::AttributeChanged (this=0x822b568, aChild=0x828fd9c, aAttribute=0x81bd958, aHint=-1) at /builds/mon/mozilla/layout/base/src/nsDocument.cpp:1362 #7 0x40485b64 in nsGenericHTMLElement::SetHTMLAttribute (this=0x828fda8, aAttribute=0x81bd958, aValue=@0xbfffe070, aNotify=1) at /builds/mon/mozilla/layout/html/content/src/nsGenericHTMLElement.cpp:665 #8 0x40485768 in nsGenericHTMLElement::SetAttribute (this=0x828fda8, aNameSpaceID=3, aAttribute=0x81bd958, aValue=@0xbfffe288, aNotify=1) at /builds/mon/mozilla/layout/html/content/src/nsGenericHTMLElement.cpp:578 #9 0x404b9d4e in nsHTMLImageElement::SetSrc (this=0x828fd90, aValue=@0xbfffe288) at /builds/mon/mozilla/layout/html/content/src/nsHTMLImageElement.cpp:179 #10 0x40f0ce4c in nsHTMLEditor::InsertImage (this=0x822c338, aURL=@0xbfffe288, aWidth=@0xbfffe278, aHeight=@0xbfffe268, aHspace=@0xbfffe258, aVspace=@0xbfffe258, aBorder=@0xbfffe248, aAlt=@0xbfffe238, aAlignment=@0xbfffe228) at /builds/mon/mozilla/editor/base/nsHTMLEditor.cpp:451 #11 0x40d31025 in nsEditorAppCore::InsertImage (this=0x8210bf8) at /builds/mon/mozilla/xpfe/AppCores/src/nsEditorAppCore.cpp:759
Status: NEW → ASSIGNED
OS: Linux → All
Priority: P3 → P2
Hardware: PC → All
This is an XP issue, or at least, I see it on both Linux and NT. Changing platform.
Adding nisheeth and vidur to cc list, since they're the experts in AttributeChanged issues.
Assignee: akkana → nisheeth
Status: ASSIGNED → NEW
Target Milestone: M4
Hoping we can get this by M4. Assigning to Nisheeth but I'm available to help track it down.
Cc'ing kin, who's helping me look at this.
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Looks like this problem fixed itself sometime last night. Today, we had a problem crashing on the *second* image insertion (with a different trace from that given in this bug report) but it went away when I reordered the setting of the various image attributes. There are some layout problems with insert image (it's ignoring width and height tags) but those will be addressed in a separate bug. Closing this one.
Status: RESOLVED → VERIFIED
verified in 4/7 build...
You need to log in before you can comment on or make changes to this bug.