Bugzilla@Mozilla – Bug 506838
Crash bug when moving mouse between fields [@AllowedToAct(JSContext*, int) ]
Last modified: 2009-09-12 14:01:32 PDT
Summon comment box
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (.NET CLR 3.5.30729) Fx crashes when moving mouse between fields. The file is an example that is an attachment to another bug report I am interested in, though I think this crashing is unrelated. Reproducible: Always Steps to Reproduce: 1. go to https://bug418280.bugzilla.mozilla.org/attachment.cgi?id=304082 2. Move the mouse between fields quickly Actual Results: Crash Expected Results: No crash If you install and activate firebug to receive the console.log calls, it does not crash.
bp-119f6969-6019-4697-812b-e53e12090727 Signature AllowedToAct(JSContext*, int) bp-119f6969-6019-4697-812b-e53e12090727 Time 2009-07-27 20:32:58.513851 Uptime 27 Last Crash 34 seconds before submission Product Firefox Version 3.5.1 Build ID 20090715094852 Branch 1.9.1 OS Windows NT OS Version 5.1.2600 Service Pack 2 CPU x86 CPU Info GenuineIntel family 15 model 2 stepping 9 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x20 User Comments Processor Notes 0 xul.dll AllowedToAct js/src/xpconnect/src/XPCSystemOnlyWrapper.cpp:205 1 xul.dll XPC_SOW_toString js/src/xpconnect/src/XPCSystemOnlyWrapper.cpp:669 2 js3250.dll js_Invoke js/src/jsinterp.cpp:1386 3 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1447 4 js3250.dll js_TryMethod js/src/jsobj.cpp:5517 5 js3250.dll js_DefaultValue js/src/jsobj.cpp:4742 6 js3250.dll js_ValueToString js/src/jsstr.cpp:2966 7 js3250.dll js_ReportUncaughtException js/src/jsexn.cpp:1263 8 js3250.dll js3250.dll@0x83a03 9 xul.dll nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:247 10 xul.dll nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1098 11 xul.dll nsEventListenerManager::HandleEvent content/events/src/nsEventListenerManager.cpp:1206 12 xul.dll nsEventTargetChainItem::HandleEvent content/events/src/nsEventDispatcher.cpp:236 13 xul.dll nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:300 14 xul.dll nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:514 15 xul.dll nsEventStateManager::DispatchMouseEvent content/events/src/nsEventStateManager.cpp:3697 16 xul.dll xul.dll@0x2e3c47 17 xul.dll nsEventStateManager::NotifyMouseOver content/events/src/nsEventStateManager.cpp:3810 18 xul.dll nsEventStateManager::GenerateMouseEnterExit content/events/src/nsEventStateManager.cpp:3851 19 xul.dll nsEventStateManager::PreHandleEvent content/events/src/nsEventStateManager.cpp:999 20 xul.dll PresShell::HandleEventInternal layout/base/nsPresShell.cpp:6307 21 xul.dll PresShell::HandlePositionedEvent layout/base/nsPresShell.cpp:6205 22 xul.dll PresShell::HandleEvent layout/base/nsPresShell.cpp:6065 23 xul.dll nsViewManager::HandleEvent view/src/nsViewManager.cpp:1400 24 xul.dll nsViewManager::DispatchEvent view/src/nsViewManager.cpp:1359 25 xul.dll HandleEvent view/src/nsView.cpp:168 26 xul.dll nsWindow::DispatchEvent widget/src/windows/nsWindow.cpp:1051 27 nssutil3.dll nssutil3.dll@0x1bb 28 xul.dll nsWindow::DispatchMouseEvent widget/src/windows/nsWindow.cpp:6605 29 xul.dll ChildWindow::DispatchMouseEvent widget/src/windows/nsWindow.cpp:6752 30 xul.dll nsWindow::ProcessMessage widget/src/windows/nsWindow.cpp:4618 31 xul.dll nsWindow::WindowProc widget/src/windows/nsWindow.cpp:1267 32 user32.dll InternalCallWinProc 33 user32.dll UserCallWinProcCheckWow 34 user32.dll DispatchMessageWorker 35 user32.dll DispatchMessageW 36 xul.dll nsAppShell::ProcessNextNativeEvent widget/src/windows/nsAppShell.cpp:165 37 winmm.dll timeGetTime
Just on 3.5 branch, it seems.
regression range: http://hg.mozilla.org/releases/mozilla-1.9.1/pushloghtml?fromchange=c11e41845954&tochange=5b61f163f2fd
CCing mrbkap/smaug/John by Bug 418280 comment 10.
fwiw, on 1.8.1/1.9.0 branch and MC there are just uncaught exceptions listed in error console output: Error: uncaught exception: null Error: uncaught exception: [object HTMLBodyElement] Error: uncaught exception: [object HTMLInputElement] Error: uncaught exception: [object HTMLHtmlElement] and i failed finding a MC build that crashes which is weird.
As they are related, it would be awesome to close these as part of the fix: https://bugzilla.mozilla.org/show_bug.cgi?id=418280 https://bugzilla.mozilla.org/show_bug.cgi?id=101197 https://bugzilla.mozilla.org/show_bug.cgi?id=208427 #208427 is the bug that jquery, extjs, dojo, mootools, etc reference, though that bug is technically about originalTarget not relatedTarget. It would have been better to reference #101197 from 2001. #418280 is more specific about the input element rather than the textarea, and gave the example I used as the test case for the crashing bug in Fx 3.5.x. At any rate, user JS code should not get the internal anonymous div in relatedTarget as that causes a permissions exception on accessing chrome objects when this crashing bug gets fixed. Thanks, Steven Roussey
Created attachment 393060 [details] [review] Proposed fix GetCxSubjectPrincipalAndFrame returns a non-scripted frame if there is only a native frame running but we got the principal off of the context's global object. So we have to deal with that.
Which bug regressed this? Is this needed on the 1.9.0 branch also?
smaller regression range: http://hg.mozilla.org/releases/mozilla-1.9.1/pushloghtml?fromchange=84d3c65a9680&tochange=b96cdb8210fe
Blake: Where are we on getting this landed on m-c? Code freeze for 1.9.1.3 is tomorrow at midnight. Also, please answer Dan's comment 8.
http://hg.mozilla.org/mozilla-central/rev/5d308b3a25a3
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/606e25f1066e (the second hunk wasn't needed.)
Verified fixed for 1.9.1 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3pre) Gecko/20090817 Shiretoko/3.5.3pre (.NET CLR 3.5.30729). No longer crashes as it does with 1.9.1.2 with testcase.
regression from bug 475864 which isn't going to land on the 1.9.0 branch.