Closed
Bug 133669
Opened 23 years ago
Closed 22 years ago
[PATCH]Crash (stack overflow) when loading this site [@ nsEventListenerManager::HandleEvent][@ nsString::nsString][@ nsXULElement::HandleDOMEvent]
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
VERIFIED
FIXED
mozilla1.0
People
(Reporter: nallen, Assigned: john)
References
()
Details
(Keywords: crash, testcase, topcrash+, Whiteboard: [FIX][adt2])
Crash Data
Attachments
(1 file)
|
851 bytes,
patch
|
harishd
:
review+
jst
:
superreview+
asa
:
approval+
|
Details | Diff | Splinter Review |
Was trying to reproduce the hang doing "save page as" in bug 133593 but instead crash immediately upon loading the site. This happens every time I try to load the page. Build 2002032203 on Win2k. This is probably related to what's going on in bug 133593 but didn't want to potentially confuse two seperate issues. Dupe as necessary. TB 4522145M Stack dump: GKCONTENT! 602f451d() JSDOM! 606c7f99() JSDOM! 606b5822() GKCONTENT! 602c6748() GKCONTENT! 602ba459() GKCONTENT! 602ba43b() GKCONTENT! 602ba43b() GKCONTENT! 602ba43b() GKCONTENT! 602ba43b() GKCONTENT! 602ba43b() GKCONTENT! 602ba43b() GKCONTENT! 602ba43b() GKCONTENT! 602bc5b1() JSDOM! 606b5822() GKCONTENT! 60243dfd() GKCONTENT! 602379e5() GKCONTENT! 602379c7() GKCONTENT! 602379c7() GKCONTENT! 602379c7() GKCONTENT! 602379c7() GKCONTENT! 602379c7() GKCONTENT! 602379c7() GKCONTENT! 602379c7() GKCONTENT! 602379c7() GKCONTENT! 602379c7() GKCONTENT! 602379c7() GKCONTENT! 602379c7() GKCONTENT! 603209ba() GKCONTENT! 602379c7() GKCONTENT! 60314d80() GKCONTENT! 602fc1e5() GKCONTENT! 602f6370() GKCONTENT! 60235f77() GKCONTENT! 6031431c() GKCONTENT! 60313388() GKCONTENT! 60313691() GKCONTENT! 603131e3() GKCONTENT! 60277277() GKCONTENT! 6027b545() GKCONTENT! 603315ac() GKCONTENT! 6026e906() 8510758b()
|
Reporter | |
Comment 1•23 years ago
|
||
Adding crash keyword and cc'ing bug 133593 reporter.
Keywords: crash
|
||
Comment 3•23 years ago
|
||
Here's the stack that shows the deadly recursion:
SinkContext::FlushTags(int 1) line 2135
HTMLContentSink::BeginUpdate(HTMLContentSink * const 0x03412360, nsIDocument *
0x03484168) line 4888 + 16 bytes
nsDocument::BeginUpdate(nsDocument * const 0x03484168) line 1759
nsGenericDOMDataNode::SetText(nsGenericDOMDataNode * const 0x03873170, const
unsigned short * 0x00051308, int 8, int 1) line 1246
nsComboboxControlFrame::ActuallyDisplayText(nsAString & {...}, int 1) line 1981
+ 81 bytes
nsComboboxControlFrame::RedisplayText(int 725) line 1952 + 20 bytes
nsComboboxControlFrame::OnOptionSelected(nsComboboxControlFrame * const
0x03871c68, nsIPresContext * 0x036f3858, int 725, int 1) line 2628
nsHTMLSelectElement::OnOptionSelected(nsISelectControlFrame * 0x03871c68,
nsIPresContext * 0x036f3858, int 725, int 1, int 1) line 1059
nsHTMLSelectElement::InsertOptionsIntoList(nsIContent * 0x038751a0, int 725, int
0) line 474
nsHTMLSelectElement::WillAddOptions(nsHTMLSelectElement * const 0x0387174c,
nsIContent * 0x038751a0, nsIContent * 0x03871710, int 0) line 672
nsHTMLSelectElement::AppendChildTo(nsHTMLSelectElement * const 0x03871710,
nsIContent * 0x038751a0, int 0, int 0) line 381
SinkContext::FlushTags(int 1) line 2135Status: UNCONFIRMED → NEW
Ever confirmed: true
|
Assignee | |
Comment 4•23 years ago
|
||
We can't have jailbabes crashing! Taking, I know what to do with this one.
Assignee: jst → jkeiser
Component: DOM Level 0 → Parser
|
|
Assignee | |
Comment 5•23 years ago
|
||
This is a recursion problem: content sink flushes and does not update the flag that says not to flush this stuff anymore, calls AppendChild, which ends up calling BeginUpdate, which flushes ... Bug 133867 had a similar recursion problem in FlushText(). This fixes FlushTags().
|
|
||
Comment 6•22 years ago
|
||
Comment on attachment 76688 [details] [diff] [review] Patch sr=jst
Attachment #76688 -
Flags: superreview+
Attachment #76688 -
Flags: review+
|
||
Comment 8•22 years ago
|
||
Comment on attachment 76688 [details] [diff] [review] Patch a=asa (on behalf of drivers) for checkin to the 1.0 trunk
Attachment #76688 -
Flags: approval+
|
||
Updated•22 years ago
|
Summary: Crash (stack overflow) when loading this site → [PATCH]Crash (stack overflow) when loading this site
|
||
Comment 11•22 years ago
|
||
adt1.0.0+ (on ADT's behalf) approval for checkin to 1.0.
|
|
Assignee | |
Comment 12•22 years ago
|
||
*** Bug 135194 has been marked as a duplicate of this bug. ***
|
||
Comment 13•22 years ago
|
||
Moving over keywords and data from bug 133593. Here are a couple of Talkback incidents for this crash: Incident ID 4752723 Stack Signature nsString::nsString 3abca528 Trigger Time 2002-04-02 16:52:11 Email Address jpatel@netscape.com URL visited http://www.jailbabes.com/home.db Build ID 2002040110 Product ID MozillaTrunk Platform Operating System Win32 Module Trigger Reason Stack overflow User Comments just loading http://www.jailbabes.com/home.db in a new tab... Stack Trace nsString::nsString [d:\builds\seamonkey\mozilla\string\obsolete\nsString2.cpp, line 68] nsWindowRoot::HandleChromeEvent [d:\builds\seamonkey\mozilla\dom\src\base\nsWindowRoot.cpp, line 182] GlobalWindowImpl::HandleDOMEvent [d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 693] nsXULDocument::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\document\src\nsXULDocument.cpp, line 2449] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3449] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3442] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3442] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3442] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3442] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3442] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3442] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3442] nsXULElement::HandleChromeEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 4690] GlobalWindowImpl::HandleDOMEvent [d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 693] nsDocument::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsDocument.cpp, line 3230] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1636] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1630] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1630] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1630] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1630] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1630] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1630] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1630] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1630] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1630] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1630] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1630] nsHTMLFormElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLFormElement.cpp, line 605] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1630] nsHTMLSelectElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLSelectElement.cpp, line 1798] nsEventStateManager::DispatchNewEvent [d:\builds\seamonkey\mozilla\content\events\src\nsEventStateManager.cpp, line 4073] nsEventListenerManager::DispatchEvent [d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line 2661] nsDOMEventRTTearoff::DispatchEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 545] nsHTMLSelectElement::SetOptionsSelectedByIndex [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLSelectElement.cpp, line 1327] nsHTMLSelectElement::InsertOptionsIntoList [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLSelectElement.cpp, line 467] nsHTMLSelectElement::WillAddOptions [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLSelectElement.cpp, line 668] nsHTMLSelectElement::AppendChildTo [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLSelectElement.cpp, line 377] SinkContext::FlushTags [d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp, line 2147] HTMLContentSink::BeginUpdate [d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp, line 4891] nsDocument::BeginUpdate [d:\builds\seamonkey\mozilla\content\base\src\nsDocument.cpp, line 1628] nsGenericDOMDataNode::SetText [d:\builds\seamonkey\mozilla\content\base\src\nsGenericDOMDataNode.cpp, line 1251] FindChar1 [d:\builds\seamonkey\mozilla\string\obsolete\bufferRoutines.h, line 427] nsFSURLEncoded::AddRef [d:\builds\seamonkey\mozilla\content\html\content\src\nsFormSubmission.cpp, line 403] nsDocument::CloneNode [d:\builds\seamonkey\mozilla\content\base\src\nsDocument.cpp, line 3115] nsDocument::CloneNode [d:\builds\seamonkey\mozilla\content\base\src\nsDocument.cpp, line 3115] nsGenericDOMDataNode::SetText [d:\builds\seamonkey\mozilla\content\base\src\nsGenericDOMDataNode.cpp, line 1284] SheetLoadData::AddRef [d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp, line 501] SheetLoadData::AddRef [d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp, line 501] nsSelection::Release [d:\builds\seamonkey\mozilla\content\base\src\nsSelection.cpp, line 1037] nsSelection::RepaintSelection [d:\builds\seamonkey\mozilla\content\base\src\nsSelection.cpp, line 2940] nsSelection::GetFrameForNodeOffset [d:\builds\seamonkey\mozilla\content\base\src\nsSelection.cpp, line 2951] nsSelection::WordMove [d:\builds\seamonkey\mozilla\content\base\src\nsSelection.cpp, line 3090] Another user crashes at the same site, but with a different stack signature: Incident ID 4522145 Stack Signature nsEventListenerManager::HandleEvent f88a8ab2 Trigger Time 2002-03-26 23:10:21 Email Address ac_gyrefalcon@hotmail.com URL visited http://www.jailbabes.com/home.db Build ID 2002032211 Product ID MozillaTrunk Platform Operating System Win32 Module Trigger Reason Stack overflow User Comments Crashed trying to repro hang in bug 133593. oops! Stack Trace nsEventListenerManager::HandleEvent [d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line 1243] nsWindowRoot::HandleChromeEvent [d:\builds\seamonkey\mozilla\dom\src\base\nsWindowRoot.cpp, line 182] GlobalWindowImpl::HandleDOMEvent [d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 693] nsXULDocument::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\document\src\nsXULDocument.cpp, line 2449] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3445] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3438] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3438] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3438] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3438] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3438] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3438] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3438] nsXULElement::HandleChromeEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 4686] GlobalWindowImpl::HandleDOMEvent [d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 693] nsDocument::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsDocument.cpp, line 3232] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1635] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1629] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1629] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1629] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1629] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1629] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1629] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1629] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1629] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1629] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1629] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1629] nsHTMLFormElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLFormElement.cpp, line 605] nsGenericElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1629] nsHTMLSelectElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLSelectElement.cpp, line 1790] nsEventStateManager::DispatchNewEvent [d:\builds\seamonkey\mozilla\content\events\src\nsEventStateManager.cpp, line 4049] nsEventListenerManager::DispatchEvent [d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line 2661] nsDOMEventRTTearoff::DispatchEvent [d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 545] nsHTMLSelectElement::SetOptionsSelectedByIndex [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLSelectElement.cpp, line 1324] nsHTMLSelectElement::InsertOptionsIntoList [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLSelectElement.cpp, line 464] nsHTMLSelectElement::WillAddOptions [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLSelectElement.cpp, line 665] nsHTMLSelectElement::AppendChildTo [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLSelectElement.cpp, line 374] SinkContext::FlushTags [d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp, line 2123] HTMLContentSink::BeginUpdate [d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp, line 4868] nsDocument::BeginUpdate [d:\builds\seamonkey\mozilla\content\base\src\nsDocument.cpp, line 1628] nsGenericDOMDataNode::SetText [d:\builds\seamonkey\mozilla\content\base\src\nsGenericDOMDataNode.cpp, line 1246] FindChar1 [d:\builds\seamonkey\mozilla\string\obsolete\bufferRoutines.h, line 427] nsHTMLFrameElement::AddRef [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLFrameElement.cpp, line 136] nsDocument::CloneNode [d:\builds\seamonkey\mozilla\content\base\src\nsDocument.cpp, line 3117] nsHTMLLegendElement::SubmitNamesValues [d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLLegendElement.cpp, line 255] 0x8510758b
|
||
Comment 14•22 years ago
|
||
*** Bug 133593 has been marked as a duplicate of this bug. ***
|
|
Assignee | |
Comment 15•22 years ago
|
||
Fix checked in.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
|
||
Comment 16•22 years ago
|
||
*** Bug 135009 has been marked as a duplicate of this bug. ***
|
|
||
Comment 17•22 years ago
|
||
Adding [@ nsXULElement::HandleDOMEvent] from duped bug 135009 for future reference. Verifying fixed...http://www.jailbabes.com/home.db no longer crashes for me...and Talkback data shows this last crashed on 4/5.
Status: RESOLVED → VERIFIED
Summary: [PATCH]Crash (stack overflow) when loading this site [@ nsEventListenerManager::HandleEvent][@ nsString::nsString] → [PATCH]Crash (stack overflow) when loading this site [@ nsEventListenerManager::HandleEvent][@ nsString::nsString][@ nsXULElement::HandleDOMEvent]
|
|
||
Updated•22 years ago
|
Keywords: fixed1.0.0
|
||
Comment 18•22 years ago
|
||
*** Bug 137376 has been marked as a duplicate of this bug. ***
|
||
Updated•13 years ago
|
Crash Signature: [@ nsEventListenerManager::HandleEvent]
[@ nsString::nsString]
[@ nsXULElement::HandleDOMEvent]
You need to log in
before you can comment on or make changes to this bug.
Description
•