Closed Bug 1857 Opened 26 years ago Closed 26 years ago

Clicking on "blank" areas of page crashes

Categories

(Core :: Layout, defect, P1)

x86
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: angus, Assigned: mjudge)

Details

To reproduce: 1. Launch XPViewer 2. (it will load the start page) 3. Click on any are that is "white" (no links, text, etc.) You can also see this on Test 0 if you click in the "white" space, and then force a reflow. TextFrame::GetWidth(nsIRenderingContext & {...}, TextFrame::TextStyle & {...}, unsigned short * 0x00131000, int 1228857, int & 8) line 1171 + 3 bytes TextFrame::PaintTextSlowly(nsIPresContext & {...}, nsIRenderingContext & {...}, nsIStyleContext * 0x018292e0, TextFrame::TextStyle & {...}, int 0, int 0) line 1271 TextFrame::Paint(TextFrame * const 0x018291c0, nsIPresContext & {...}, nsIRenderingContext & {...}, const nsRect & {...}) line 523 nsContainerFrame::PaintChild(nsIPresContext & {...}, nsIRenderingContext & {...}, const nsRect & {...}, nsIFrame * 0x018291c0) line 306 nsBaseIBFrame::PaintChildren(nsIPresContext & {...}, nsIRenderingContext & {...}, const nsRect & {...}) line 3782 nsBaseIBFrame::Paint(nsBaseIBFrame * const 0x01829550, nsIPresContext & {...}, nsIRenderingContext & {...}, const nsRect & {...}) line 3741 nsContainerFrame::PaintChild(nsIPresContext & {...}, nsIRenderingContext & {...}, const nsRect & {...}, nsIFrame * 0x01829550) line 306 nsBaseIBFrame::PaintChildren(nsIPresContext & {...}, nsIRenderingContext & {...}, const nsRect & {...}) line 3782 nsBlockFrame::PaintChildren(nsIPresContext & {...}, nsIRenderingContext & {...}, const nsRect & {...}) line 4726 nsBaseIBFrame::Paint(nsBaseIBFrame * const 0x01829c60, nsIPresContext & {...}, nsIRenderingContext & {...}, const nsRect & {...}) line 3741 nsContainerFrame::PaintChild(nsIPresContext & {...}, nsIRenderingContext & {...}, const nsRect & {...}, nsIFrame * 0x01829c60) line 306 nsBaseIBFrame::PaintChildren(nsIPresContext & {...}, nsIRenderingContext & {...}, const nsRect & {...}) line 3782 nsBlockFrame::PaintChildren(nsIPresContext & {...}, nsIRenderingContext & {...}, const nsRect & {...}) line 4726 nsBaseIBFrame::Paint(nsBaseIBFrame * const 0x0184a9c0, nsIPresContext & {...}, nsIRenderingContext & {...}, const nsRect & {...}) line 3741 nsBodyFrame::Paint(nsBodyFrame * const 0x0184a9c0, nsIPresContext & {...}, nsIRenderingContext & {...}, const nsRect & {...}) line 194 + 21 bytes PresShell::Paint(PresShell * const 0x00f99974, nsIView * 0x0184a8e0, nsIRenderingContext & {...}, const nsRect & {...}) line 1147 + 27 bytes nsView::Paint(nsView * const 0x0184a8e0, nsIRenderingContext & {...}, const nsRect & {...}, unsigned int 0, int & 0) line 583 nsView::Paint(nsView * const 0x0184de20, nsIRenderingContext & {...}, const nsRect & {...}, unsigned int 0, int & 0) line 360 nsViewManager::Refresh(nsIView * 0x0184de20, nsIRenderingContext * 0x00000000, nsIRegion * 0x0184a680, unsigned int 1) line 322 nsViewManager::DispatchEvent(nsViewManager * const 0x00f99c90, nsGUIEvent * 0x0012fd14, nsEventStatus & nsEventStatus_eIgnore) line 652 HandleEvent(nsGUIEvent * 0x0012fd14) line 64 nsWindow::DispatchEvent(nsWindow * const 0x0184dd50, nsGUIEvent * 0x0012fd14, nsEventStatus & nsEventStatus_eIgnore) line 354 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fd14) line 370 nsWindow::OnPaint() line 1739 + 24 bytes nsWindow::ProcessMessage(unsigned int 15, unsigned int 0, long 0, long * 0x0012fe8c) line 1340 + 17 bytes nsWindow::WindowProc(HWND__ * 0x002a0256, unsigned int 15, unsigned int 0, long 0) line 413 + 27 bytes USER32! 77e71ab7() USER32! 77e71a77() NTDLL! 77f7624f()
Assignee: troy → mjudge
The problem appears to be that mjudge commented out the code in nsTextFrame::ComputeSelectionInfo() but didn't modify the code in nsTextFrame::PaintTextSlowly() and so the "si" struct has garbage for the mStartOffset and so we crash
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Fixed, selection is being rewritten shouldnt crash now, just wont allow contiguous selections between frames.
QA Contact: 4110
Status: RESOLVED → VERIFIED
Verified fixed/no longer relevant. (However, in the interests of promoting an anal-retentive QA environment, verified not present on the 2.3.99 Win32/Linux Viewer & Apprunner apps, as well as on 2.2.99 Mac.) [also just noticed that chrisd is actually the QA contact after doing that; chrisd, please do re-open if there are additional verifications you'd like to do.]
You need to log in before you can comment on or make changes to this bug.