Closed
Bug 28208
Opened 26 years ago
Closed 25 years ago
BGSound and poorly balanced tags Crashes Mozilla
Categories
(Core :: DOM: HTML Parser, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: elevatorsout, Assigned: rickg)
References
()
Details
(Keywords: crash, Whiteboard: [PDT+] for fix in hand w/b minus on 3/7 - 3/7 builds crash on launch)
No description provided.
|
||
Comment 1•26 years ago
|
||
It's not really a crash but an assertion in UndisplayedMap::AppendNodeFor ("node
in map twice").
The stack trace is
NTDLL! 77f9f9df()
nsDebug::Assertion(const char * 0x01ee5f4c, const char * 0x01ee5ee4, const char
* 0x01ee5ea8, int 1779) line 189 + 13 bytes
UndisplayedMap::AppendNodeFor(UndisplayedNode * 0x02f749c0, nsIContent *
0x02d3a8e4) line 1779 + 60 bytes
UndisplayedMap::AddNodeFor(nsIContent * 0x02d3a8e4, nsIContent * 0x02e99674,
nsIStyleContext * 0x02d99740) line 1801
FrameManager::SetUndisplayedContent(FrameManager * const 0x02cbfcc0, nsIContent
* 0x02e99674, nsIStyleContext * 0x02d99740) line 544 + 23 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x02d72f08, nsIPresContext
* 0x02d377a0, nsFrameConstructorState & {...}, nsIContent * 0x02e99674, nsIFrame
* 0x0308da34, nsFrameItems & {...}) line 5564
nsCSSFrameConstructor::ProcessBlockChildren(nsIPresShell * 0x02d72f08,
nsIPresContext * 0x02d377a0, nsFrameConstructorState & {...}, nsIContent *
0x02d3a8e4, nsIFrame * 0x0308da34, int 1, nsFrameItems & {...}, int 1) line
10106 + 37 bytes
nsCSSFrameConstructor::ConstructBlock(nsIPresShell * 0x02d72f08, nsIPresContext
* 0x02d377a0, nsFrameConstructorState & {...}, const nsStyleDisplay *
0x02ec7034, nsIContent * 0x02d3a8e4, nsIFrame * 0x02c9ddb4, nsIStyleContext *
0x02ec6df0, nsIFrame * 0x0308da34) line 10059 + 36 bytes
nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x02d72f08,
nsIPresContext * 0x02d377a0, nsFrameConstructorState & {...}, const
nsStyleDisplay * 0x02ec7034, nsIContent * 0x02d3a8e4, nsIFrame * 0x02c9ddb4,
nsIStyleContext * 0x02ec6df0, nsFrameItems & {...}) line 5053 + 43 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x02d72f08, nsIPresContext
* 0x02d377a0, nsFrameConstructorState & {...}, nsIContent * 0x02d3a8e4, nsIFrame
* 0x02c9ddb4, nsFrameItems & {...}) line 5600 + 45 bytes
nsCSSFrameConstructor::ContentAppended(nsCSSFrameConstructor * const 0x02d4f518,
nsIPresContext * 0x02d377a0, nsIContent * 0x02db3cd4, int 0) line 6205
StyleSetImpl::ContentAppended(StyleSetImpl * const 0x02d4f468, nsIPresContext *
0x02d377a0, nsIContent * 0x02db3cd4, int 0) line 957
PresShell::ContentAppended(PresShell * const 0x02d72f10, nsIDocument *
0x02daf560, nsIContent * 0x02db3cd4, int 0) line 2584 + 46 bytes
nsDocument::ContentAppended(nsDocument * const 0x02daf560, nsIContent *
0x02db3cd4, int 0) line 1590
nsHTMLDocument::ContentAppended(nsHTMLDocument * const 0x02daf560, nsIContent *
0x02db3cd4, int 0) line 1120
HTMLContentSink::NotifyAppend(nsIContent * 0x02db3cd4, int 0) line 3929
SinkContext::CloseContainer(const nsIParserNode & {...}) line 1400
HTMLContentSink::CloseContainer(HTMLContentSink * const 0x02db3550, const
nsIParserNode & {...}) line 2910 + 18 bytes
CNavDTD::CloseContainer(const nsIParserNode * 0x02f4cc50, nsHTMLTag
eHTMLTag_center, int 0) line 2975 + 31 bytes
CNavDTD::CloseContainersTo(int 4, nsHTMLTag eHTMLTag_center, int 0) line 3011 +
20 bytes
CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_center, int 0) line 3166 + 20
bytes
CNavDTD::DidBuildModel(CNavDTD * const 0x021b6ab8, unsigned int 0, int 1,
nsIParser * 0x02db30b8, nsIContentSink * 0x02db3550) line 560
nsParser::DidBuildModel(unsigned int 0) line 594 + 55 bytes
nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 1024
nsParser::EnableParser(int 1) line 691 + 15 bytes
HTMLContentSink::ResumeParsing() line 4032 + 19 bytes
HTMLContentSink::OnStreamComplete(HTMLContentSink * const 0x02db3554,
nsIStreamLoader * 0x02c4d7d8, nsISupports * 0x00000000, unsigned int 0, unsigned
int 4135, const char * 0x02f1c018) line 4128 + 11 bytes
nsStreamLoader::OnStopRequest(nsStreamLoader * const 0x02c4d7dc, nsIChannel *
0x02d7ac28, nsISupports * 0x00000000, unsigned int 0, const unsigned short *
0x00000000) line 111 + 75 bytes
InterceptStreamListener::OnStopRequest(InterceptStreamListener * const
0x02de4b78, nsIChannel * 0x02d7ac28, nsISupports * 0x00000000, unsigned int 0,
const unsigned short * 0x00000000) line 1117
nsHTTPChannel::ResponseCompleted(nsIChannel * 0x02da5e1c, nsIStreamListener *
0x02de4b78, unsigned int 0, const unsigned short * 0x00000000) line 1318 + 36
bytes
nsHTTPResponseListener::OnStopRequest(nsHTTPResponseListener * const 0x02ee01d8,
nsIChannel * 0x02da5e1c, nsISupports * 0x02d7ac28, unsigned int 0, const
unsigned short * 0x00000000) line 255
nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x02bf2f40) line
279
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x02d70ae8) line 93 + 12 bytes
PL_HandleEvent(PLEvent * 0x02d70ae8) line 526 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00e316c0) line 487 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x00200b90, unsigned int 49508, unsigned int 0,
long 14882496) line 975 + 9 bytes
USER32! 77e13eb0()
USER32! 77e1401a()
USER32! 77e192da()
nsAppShellService::Run(nsAppShellService * const 0x00e31138) line 401
main1(int 1, char * * 0x00b770c0, nsISplashScreen * 0x00000000) line 651 + 32
bytes
main(int 1, char * * 0x00b770c0) line 770 + 17 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e87903()
Assignee: rickg → troy
Severity: normal → critical
Status: UNCONFIRMED → NEW
Component: HTML Element → Layout
Ever confirmed: true
Changing component to Style System. This is probably a DUP of an existing bug
Assignee: troy → pierre
Component: Layout → Style System
QA Contact: petersen → chrisd
|
|
||
Comment 3•25 years ago
|
||
This is a crash bug. I see it crash every time in the parser (dereferencing a
null ptr) after a dozen or so assertions about putting duplicate undisplayed
node in the undisplayed map (nsFrameManager).
I'll take this one over, narrow it down, and assess the severity and impact.
Assignee: pierre → attinasi
Keywords: crash
|
|
||
Comment 4•25 years ago
|
||
This is a crash bug. I see it crash every time in the parser / content sink
(dereferencing a null ptr.
I narrowed it down to the following crappy HTML (the real pages is much worse
in terms of correctness, and causes other unrelated assertions that will be
reported seperately):
<html>
<TITLE><B>Where Errors Begat Crashes</TITLE>
<HEAD>
</HEAD>
<BODY>
<font size=+3 face="helvetica">
<i><B></P>
<bgsound src="http://www.angelfire.com/nh/naomiruth/images/angel.mid" loop="-1">
Rick, I am sending this to you now that it is narrowed down...
Assignee: attinasi → rickg
Component: Style System → Parser
Summary: Two BGSound Tags Crashes Mozilla → BGSound and poorly balanced tags Crashes Mozilla
Fix in hand -- awaiting approval from PDT.
Hey guys: this is a crasher, and easy fix, and I have a safe fix in hand.
Status: NEW → ASSIGNED
Keywords: beta1
|
|
||
Comment 6•25 years ago
|
||
PDT+ for the fix in hand (stop the crash).
Whiteboard: [PDT+] for fix in hand w/b minus on 3/7
Fixed by disabling BGSound() for beta1.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
|
|
||
Comment 8•25 years ago
|
||
Can't test due to crashing builds:
Win98 2000-03-08-09 Commercial
MacOS9 2000-03-08-08 Commercial
Whiteboard: [PDT+] for fix in hand w/b minus on 3/7 → [PDT+] for fix in hand w/b minus on 3/7 - 3/7 builds crash on launch
No longer crashing with 2000-03-09-09 build. Looks good. marking Verified.
Status: RESOLVED → VERIFIED
|
|
||
Comment 10•24 years ago
|
||
Mozilla (builds 2001041304 and 2001041804) is again crashing when I go to the
URL given.
|
|
||
Updated•24 years ago
|
QA Contact: chrisd → bsharma
|
|
||
Comment 11•24 years ago
|
||
Mozilla recently has not been crashing when I go to the URL.
|
|
||
Comment 12•22 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•