Closed Bug 339683 Opened 18 years ago Closed 18 years ago

Phantom sheet and crash [@ DispatchEventToHandlers] with two alerts and a timer

Categories

(Core :: DOM: Core & HTML, defect, P1)

Product:
Core
Component:
DOM: Core & HTML
Platform:
PowerPC
macOS
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 339359
Milestone:
mozilla1.9alpha1

People

(Reporter: jruderman, Assigned: mark)

References

Details

(Keywords: crash, regression, testcase, Whiteboard: [sg:critical])

Crash Data

Attachments

(1 file)

testcase
(deleted), application/xhtml+xml
Details 
Testcase crashes with a stack trace like

0   <<00000000>> 	0x55a01f00 0 + 1436557056
1   com.apple.HIToolbox       	0x9321c794 DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 692
2   com.apple.HIToolbox       	0x9321beec SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 372

Random address at top ==> probably an exploitable security hole.
Attached file testcase (deleted) — 

    
  
Whiteboard: [sg:critical]

    
    

    
  
Regressed between a 2006-05-10 nightly and a 2006-05-11 nightly.  Guessing this is a regression from the nsIThreadManager landing (bug 326273).
Blocks: nsIThreadManager
Summary: Crash [@ DispatchEventToHandlers] with two alerts and a timer → Phantom sheet and crash [@ DispatchEventToHandlers] with two alerts and a timer

    
  
Flags: blocking1.9a1+

    
    

    
  
-> me
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → mozilla1.9alpha

    
  
Assignee: general → darin
Status: ASSIGNED → NEW

    
    

    
  
Mine.  Jesse, can you still reproduce this bug?  I bet you can't.  This sounds like a dup of 339359.
Assignee: darin → mark

    
    

    
  
WFM in a 2006-06-22 Mac trunk nightly.

Since this is a fixed trunk-only regression, I'm clearing the security-sensitive flag.

*** This bug has been marked as a duplicate of 339359 ***
Group: security
Status: NEW → RESOLVED
Closed: 18 years ago
Flags: blocking1.9a1+
Resolution: --- → DUPLICATE
Crash Signature: [@ DispatchEventToHandlers]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: