Closed Bug 240997 Opened 21 years ago Closed 21 years ago

crash on upload file (File->Upload File)

Categories

(Core Graveyard :: Networking: FTP, defect)

Product:
Core Graveyard
Component:
Networking: FTP
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: bogdan.stroe, Assigned: darin.moz)

References

Details

(Keywords: crash, verified1.7) 

As the new UI for ftp upload was checked into the trunk, I wanted to test it.

Steps to reproduce:
1. go to a ftp site so that File->Upload File is enabled.
2. try File->Upload File and watch Mozilla crash

No talkback report since Talkback is not present in the nightly builds (see bug
240234). Windows reports:
AppName: mozilla.exe	 AppVer: 1.8.20040.41908	 ModName: gkwidget.dll
ModVer: 0.0.0.0	 Offset: 00008790
Keywords: crash
Using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a) Gecko/20040419
maybe dupe of 
Bug 240798 crash when I try to use "Open File" and "Ctrl-O" to open file [@
nsFilePicker::ShowW ]
I get the following stacktrace for this crasher:
nsFilePicker::ShowW(nsFilePicker * const 0x076dd230, short * 0x0012e8e4) line
130 + 11 bytes
nsFilePicker::Show(nsFilePicker * const 0x076dd230, short * 0x0012e8e4) line 378
XPTC_InvokeByIndex(nsISupports * 0x076dd230, unsigned int 0x00000011, unsigned
int 0x00000001, nsXPTCVariant * 0x0012e8e4) line 102
XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode
0x010b4df8) line 2027 + 22 bytes
XPC_WN_CallMethod(JSContext * 0x00f89e90, JSObject * 0x060b4df8, unsigned int
0x00000000, long * 0x08943420, long * 0x08943390) line 1287 + 10 bytes
js_Invoke(JSContext * 0x00000001, unsigned int 0x00000000, unsigned int
0x00000000) line 1281 + 17 bytes
js_Interpret(JSContext * 0x00f89e90, long * 0x0012edb4) line 3367
js_Invoke(JSContext * 0x00000001, unsigned int 0x00000001, unsigned int
0x00000002) line 1301 + 10 bytes
js_InternalInvoke(JSContext * 0x00f89ebc, JSObject * 0x030e60b0, long
0x060b4dc0, unsigned int 0x00000000, unsigned int 0x00000001, long * 0x0012ef7c,
long * 0x0012ef88) line 1378 + 13 bytes
JS_CallFunctionValue(JSContext * 0x00f89e90, JSObject * 0x030e60b0, long
0x060b4dc0, unsigned int 0x00000001, long * 0x0012ef7c, long * 0x0012ef88) line
3618 + 26 bytes
nsJSContext::CallEventHandler(nsJSContext * const 0x0012e69c, JSObject *
0x030e60b0, JSObject * 0x060b4dc0, unsigned int 0x00000001, long * 0x0012ef7c,
long * 0x0012ef88) line 1292 + 24 bytes
nsJSEventListener::HandleEvent(nsJSEventListener * const 0x00000000, nsIDOMEvent
* 0x072c4c48) line 183 + 73 bytes
nsEventListenerManager::HandleEventSubType(nsEventListenerManager * const
0x0012e69c, nsListenerStruct * 0x00fb87b4, nsIDOMEvent * 0x072c4c48,
nsIDOMEventTarget * 0x046ee5c8, unsigned int 0x072c4c54, unsigned int
0x0024ee80) line 1434 + 11 bytes
nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x00fb87d8,
nsIPresContext * 0x00000000, nsEvent * 0x00000000, nsIDOMEvent * * 0x0012f380,
nsIDOMEventTarget * 0x046ee5c8, unsigned int 0x00000007, nsEventStatus *
0x0012f7c8) line 1512
nsXULElement::HandleDOMEvent(nsXULElement * const 0x0012e69c, nsIPresContext *
0x01120cd8, nsEvent * 0x0012f76c, nsIDOMEvent * * 0x0012f380, unsigned int
0x00000007, nsEventStatus * 0x0012f7c8) line 2790
nsXULElement::HandleDOMEvent(nsXULElement * const 0x0012e69c, nsIPresContext *
0x01120cd8, nsEvent * 0x0012f76c, nsIDOMEvent * * 0x00fb874c, unsigned int
0x00fb8740, nsEventStatus * 0x0012f7c8) line 2622 + 17 bytes
PresShell::HandleDOMEventWithTarget(PresShell * const 0x00f0a328, nsIContent *
0x00f0a328, nsEvent * 0x0012f76c, nsEventStatus * 0x0012f7c8) line 6108
nsMenuFrame::Execute(nsMenuFrame * const 0x0012e69c, nsGUIEvent * 0x0012f9e0)
line 1644 + 20 bytes
nsMenuFrame::HandleEvent(nsMenuFrame * const 0x03d4fe38, nsIPresContext *
0x01120cd8, nsGUIEvent * 0x0012f9e0, nsEventStatus * 0x0012f930) line 443
PresShell::HandleEventInternal(PresShell * const 0x0012e69c, nsEvent *
0x00000000, nsIView * 0x03586fd8, unsigned int 0x00000001, nsEventStatus *
0x0012f930) line 6072 + 19 bytes
PresShell::HandleEvent(PresShell * const 0x00000000, nsIView * 0x03586fd8,
nsGUIEvent * 0x0012f9e0, nsEventStatus * 0x0012f930, int 0x00000000, int &
0x016ad3c0) line 5921 + 19 bytes
nsViewManager::HandleEvent(nsViewManager * const 0x0012e69c, nsView *
0x00000000, nsGUIEvent * 0x0012f9e0, int 0x00000000) line 2236
nsViewManager::DispatchEvent(nsViewManager * const 0x011209c8, nsGUIEvent *
0x036a7060, nsEventStatus * 0x0012f99c) line 1976 + 30 bytes
HandleEvent(nsGUIEvent * 0x0012f9e0) line 79
nsWindow::DispatchEvent(nsWindow * const 0x0380e58c, nsGUIEvent * 0x0012f9e0,
nsEventStatus & nsEventStatus_eIgnore) line 1067 + 3 bytes
nsWindow::DispatchWindowEvent(nsWindow * const 0x0012e69c, nsGUIEvent *
0x00000000) line 1088
nsWindow::DispatchMouseEvent(nsWindow * const 0x0012e69c, unsigned int
0x0000012d, unsigned int 0x00000000, nsPoint * 0x00000000) line 5191
ChildWindow::DispatchMouseEvent(ChildWindow * const 0x0012e69c, unsigned int
0x0000012d, unsigned int 0x00000000, nsPoint * 0x00000000) line 5443 + 19 bytes
nsWindow::ProcessMessage(nsWindow * const 0x0012e69c, unsigned int 0x00000202,
unsigned int 0x00000000, long 0x00c50053, long * 0x0012fce4) line 4020 + 16 bytes
nsWindow::WindowProc(HWND__ * 0x000800da, unsigned int 0x00000202, unsigned int
0x00000000, long 0x0380e58c) line 1349 + 16 bytes
USER32! 77e01ef0()
USER32! 77e0204c()
USER32! 77e021af()
nsAppShellService::Run(nsAppShellService * const 0x0101b050) line 524
main1(int 0x00000000, char * * 0x00242538, nsISupports * 0x00000000) line 1302 +
9 bytes
main(int 0x00000001, char * * 0x00242538) line 1779 + 22 bytes
WinMain(HINSTANCE__ * 0x00400000, HINSTANCE__ * 0x00400000, char * 0x001331cb,
HINSTANCE__ * 0x00400000) line 1807 + 23 bytes
MOZILLA! WinMainCRTStartup + 308 bytes
KERNEL32! 77e81af6()
Darin, this is all you.  The relevant code in navigator.js is:

1211   // use a pref to remember the displayDirectory selected by the user.
1212   var dir = null;
1213   try {
1214     dir = pref.getComplexValue(lastDirPref,
Components.interfaces.nsILocalFile);
1215   } catch (ex) {
1216   }
1217   fp.displayDirectory = dir;

That will null out the display dir if the pref is not set.  Then line 130 in the
Windows filepicker dereferences it, and crashes.

I'd think you want to let the filepicker default to whatever it wants to if the
pref is not set, no?

I'd also think that SetDisplayDirectory would throw on a bogus arg... or at
least ignore it.
Assignee: general → dougt
Component: Browser-General → Networking: FTP
QA Contact: general → benc
Though note bug 24867 comment 190
Assignee: dougt → darin
Depends on: 24867
this has been fixed.  see bug 24867 comment 196 for details.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
That fix took on 1.7 branch.
V/1.7 allplats.
Keywords: verified1.7
Verified FIXED for the crash ONLY, using build 2004-11-18-05 on Windows XP with
the Seamonkey trunk.
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.