Closed
Bug 1434340
Opened 7 years ago
Closed 7 years ago
Crash in nsFrame::HandlePress
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1434273
People
(Reporter: julienw, Assigned: emilio)
References
Details
(Keywords: crash)
Crash Data
Attachments
(2 files)
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
text/html
|
Details |
This bug was filed from the Socorro interface and is
report bp-e467adf6-0f11-4795-bf3f-1ce850180130.
=============================================================
Top 10 frames of crashing thread:
0 @0xfffffffffffffff8
1 libxul.so nsFrame::HandlePress layout/generic/nsFrame.cpp:4167
2 libxul.so nsFrame::HandleEvent [clone .cold.932]
3 libxul.so nsImageFrame::HandleEvent layout/generic/nsImageFrame.cpp:2130
4 libxul.so mozilla::EventTargetChainItem::HandleEventTargetChain
5 libxul.so mozilla::EventDispatcher::Dispatch
6 libxul.so mozilla::PresShell::DispatchEventToDOM
7 libxul.so mozilla::PresShell::HandleEventInternal
8 libxul.so mozilla::PresShell::HandleEvent
9 libxul.so nsViewManager::DispatchEvent
=============================================================
Reporter | ||
Comment 1•7 years ago
|
||
This happened to me in google docs, adding a comment. This happens 100% of the time, I think.
Assignee | ||
Comment 2•7 years ago
|
||
I can repro, thanks, I can try to take a look.
Flags: needinfo?(emilio)
Reporter | ||
Updated•7 years ago
|
tracking-firefox60:
--- → ?
Comment 4•7 years ago
|
||
The duplicate bug has the regression range:
Possible regression range based on Build ID: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=474d58c9137360c0fa1c85cdd11e3313b33b7cad&tochange=9746e0a0a81cc089ff65e30ae902864846cd1b94
Bug 1433846 touched code in this area.
Assignee | ||
Comment 5•7 years ago
|
||
This is a regression from bug 1432977.
Comment 6•7 years ago
|
||
Adding Windows signature.
Updated•7 years ago
|
Crash Signature: [@ nsFrame::HandlePress] → [@ nsFrame::HandlePress]
[@ nsFrame::HandleEvent]
Assignee | ||
Comment 7•7 years ago
|
||
Actually this is a long time issue, and can be s-s I think.
Group: core-security
Assignee | ||
Comment 8•7 years ago
|
||
Alternative fix is making them inherit from nsGenericHTMLElement instead of nsXMLElement.
The cause of the regression is this diff:
diff --git a/accessible/generic/Accessible.cpp b/accessible/generic/Accessible.cpp
index 4188eb2b5848..2a021343000b 100644
--- a/accessible/generic/Accessible.cpp
+++ b/accessible/generic/Accessible.cpp
@@ -13,6 +13,7 @@
#include "nsAccUtils.h"
#include "nsAccessibilityService.h"
#include "ApplicationAccessible.h"
+#include "nsGenericHTMLElement.h"
#include "NotificationController.h"
#include "nsEventShell.h"
#include "nsTextEquivUtils.h"
@@ -1072,11 +1073,8 @@ Accessible::NativeAttributes()
nsAccUtils::SetAccAttr(attributes, nsGkAtoms::tag, tagName);
// Expose draggable object attribute.
- nsCOMPtr<nsIDOMHTMLElement> htmlElement = do_QueryInterface(mContent);
- if (htmlElement) {
- bool draggable = false;
- htmlElement->GetDraggable(&draggable);
- if (draggable) {
+ if (auto htmlElement = nsGenericHTMLElement::FromContent(mContent)) {
+ if (htmlElement->Draggable()) {
nsAccUtils::SetAccAttr(attributes, nsGkAtoms::draggable,
NS_LITERAL_STRING("true"));
}
Of course the bug was pre-existing.
Boris, this is a long-time-ago type confusion, I'm not sure I can assess whether it's too bad, or just bad.
Attachment #8946721 -
Flags: review?(bzbarsky)
Assignee | ||
Comment 9•7 years ago
|
||
Just (try to) drag the image around.
Assignee | ||
Updated•7 years ago
|
Attachment #8946723 -
Attachment mime type: text/plain → text/html
Assignee | ||
Comment 10•7 years ago
|
||
Comment on attachment 8946721 [details] [diff] [review]
Generated content for images shouldn't claim to be HTML elements.
Err, of course this won't work as is because we rely on this to find the right FCData. 1sec.
Attachment #8946721 -
Flags: review?(bzbarsky)
Assignee | ||
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Comment 12•7 years ago
|
||
clearing tracking flags in favour of bug 1434273
status-firefox60:
affected → ---
tracking-firefox60:
? → ---
Updated•4 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•