Bug 669767: Add scriptblocker to EditorInitializer::Run() so our frame doesn't get killed before we finish. r=ehsan
authorRandell Jesup <rjesup@wgate.com>
Wed, 13 Jul 2011 16:57:41 -0400
changeset 72726 2b9a669880dfa2eb38fdb75a429d9c5812382139
parent 72725 b15049c3afbb52aefc7fdab5e733664c611270ef
child 72743 4162bda16a6a30cd4ffd95b1ac047dcdd915df0e
push id20764
push userrjesup@wgate.com
push dateWed, 13 Jul 2011 20:59:55 +0000
treeherdermozilla-central@2b9a669880df [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersehsan
bugs669767
milestone8.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 669767: Add scriptblocker to EditorInitializer::Run() so our frame doesn't get killed before we finish. r=ehsan
layout/forms/crashtests/669767.html
layout/forms/crashtests/crashtests.list
layout/forms/nsTextControlFrame.h
new file mode 100644
--- /dev/null
+++ b/layout/forms/crashtests/669767.html
@@ -0,0 +1,14 @@
+<html>
+<head>
+<title>Untitled</title>
+
+
+</head>
+<body>
+<iframe src="data:text/html;charset=utf-8,%3Chtml%3E%3Chead%3E%3C/head%3E%3Cbody%3E%0A%3Ctextarea%3E%3C/textarea%3E%0A%0A%0A%3Cstyle%3E%0A@font-face%20%7B%0A%20%20%20%20%20%20font-family%3A%20%22cutabovetherest%22%3B%0A%20%20%20%20%20%20src%3A%20url%28%22http%3A//www.webpagepublicity.com/free-fonts/a/A%2520Cut%2520Above%2520The%2520Rest.ttf%22%29%3B%0A%7D%20%20%20%20%0A%0A%3C/style%3E%0A%0A%3Coptgroup%20contenteditable%3D%22true%22%20style%3D%22display%3A%20inline%3B%22%3E%3C/optgroup%3E%0A%0A%3C/body%3E%3C/html%3E"></iframe>
+<script>
+
+
+</script>
+</body>
+</html>
--- a/layout/forms/crashtests/crashtests.list
+++ b/layout/forms/crashtests/crashtests.list
@@ -41,8 +41,9 @@ load 478219-1.xhtml
 load 513113-1.html
 load 538062-1.xhtml
 load 570624-1.html
 load 498698-1.html
 asserts(1) load 578604-1.html # bug 584564
 asserts(3-5) load 590302-1.xhtml # bug 584564
 load 626014.xhtml
 load 639733.xhtml
+load 669767.html
--- a/layout/forms/nsTextControlFrame.h
+++ b/layout/forms/nsTextControlFrame.h
@@ -290,22 +290,28 @@ protected:
 
   class EditorInitializer : public nsRunnable {
   public:
     EditorInitializer(nsTextControlFrame* aFrame) :
       mFrame(aFrame) {}
 
     NS_IMETHOD Run() {
       if (mFrame) {
+        // need to block script to avoid bug 669767
+        nsAutoScriptBlocker scriptBlocker;
+
         nsCOMPtr<nsIPresShell> shell =
           mFrame->PresContext()->GetPresShell();
         PRBool observes = shell->ObservesNativeAnonMutationsForPrint();
         shell->ObserveNativeAnonMutationsForPrint(PR_TRUE);
+        // This can cause the frame to be destroyed (and call Revoke()
         mFrame->EnsureEditorInitialized();
         shell->ObserveNativeAnonMutationsForPrint(observes);
+
+        NS_ASSERTION(mFrame,"Frame destroyed even though we had a scriptblocker");
         mFrame->FinishedInitializer();
       }
       return NS_OK;
     }
 
     // avoids use of nsWeakFrame
     void Revoke() {
       mFrame = nsnull;