Closed
Bug 163874
Opened 22 years ago
Closed 22 years ago
crash on www.xoip.com
Categories
(SeaMonkey :: General, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 159256
People
(Reporter: patoche.smart+mozilla, Assigned: asa)
References
()
Details
(Keywords: crash)
Attachments
(4 files)
Screen shot of crash window
Browser version 20020818 crashes at that address.
|
||
Comment 2•22 years ago
|
||
WFM, 1.1 RC (20020818) - WinXP
|
||
Comment 3•22 years ago
|
||
Confirming bug, 2002-08-21-04 trunk Windows 2000. TB 9654983X
|
||
Comment 4•22 years ago
|
||
worksforme, linux trunk build 20020821
|
||
Comment 5•22 years ago
|
||
WFM 2002082008/trunk/W2K Stephen, should I ask you for TB9654983X?
ntdll.dll + 0x491b6 (0x77fc91b6) ntdll.dll + 0x4a1c1 (0x77fca1c1) ntdll.dll + 0x4a47f (0x77fca47f) MSVCRT.DLL + 0x1089 (0x78001089) MSVCRT.DLL + 0x1026 (0x78001026) NewParseNode [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 145] Statement [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 1183] Statement [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 1448] Statement [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 1195] Statements [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 887] FunctionBody [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 558] FunctionDef [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 722] FunctionStmt [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 857] Statement [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 1172] Statements [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 887] js_CompileTokenStream [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 394] CompileTokenStream [c:/builds/seamonkey/mozilla/js/src/jsapi.c, line 2851] JS_CompileUCScriptForPrincipals [c:/builds/seamonkey/mozilla/js/src/jsapi.c, line 2931] JS_EvaluateUCScriptForPrincipals [c:/builds/seamonkey/mozilla/js/src/jsapi.c, line 3380] nsJSContext::EvaluateString [c:/builds/seamonkey/mozilla/dom/src/base/nsJSEnvironment.cpp, line 702] nsScriptLoader::EvaluateScript [c:/builds/seamonkey/mozilla/content/base/src/nsScriptLoader.cpp, line 570] nsScriptLoader::ProcessRequest [c:/builds/seamonkey/mozilla/content/base/src/nsScriptLoader.cpp, line 478] nsScriptLoader::OnStreamComplete [c:/builds/seamonkey/mozilla/content/base/src/nsScriptLoader.cpp, line 781] nsStreamLoader::OnStopRequest [c:/builds/seamonkey/mozilla/netwerk/base/src/nsStreamLoader.cpp, line 163] nsStreamListenerTee::OnStopRequest [c:/builds/seamonkey/mozilla/netwerk/base/src/nsStreamListenerTee.cpp, line 66] nsHttpChannel::OnStopRequest [c:/builds/seamonkey/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp, line 2972] nsOnStopRequestEvent::HandleEvent [c:/builds/seamonkey/mozilla/netwerk/base/src/nsRequestObserverProxy.cpp, line 213] PL_HandleEvent [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 597] PL_ProcessPendingEvents [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 530] _md_EventReceiverProc [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 1078] nsAppShellService::Run [c:/builds/seamonkey/mozilla/xpfe/appshell/src/nsAppShellService.cpp, line 452] main1 [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1523] main [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1874] WinMain [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1892] WinMainCRTStartup() KERNEL32.DLL + 0x7903 (0x77e87903)
Keywords: stackwanted
|
||
Comment 7•22 years ago
|
||
Crash on 2002082109 trunk with WinXP Talkback: TB9678971M OS -> All
OS: Windows NT → All
|
|
||
Comment 8•22 years ago
|
||
Also crashing on 1.0 branch: 2002082109/1.0branch/W2K -> TB9723975E, TB9723622Y, TB9723619M 2002082208/trunk/W2K -> TB9724191K
|
|
||
Comment 9•22 years ago
|
||
Based on the filename "jsparse.c" I'm guessing --> JavaScript Engine.
Assignee: asa → rogerl
Component: Browser-General → JavaScript Engine
QA Contact: asa → pschwartau
|
||
Comment 10•22 years ago
|
||
|
|
||
Comment 11•22 years ago
|
||
Note: some stack traces are unreliable because so much heap corruption has occurred: you have corrupted memory running through the entire stack. With a Mozilla debug build, one tipoff is the presence of function calls like this in the stack: _free_dbg_lk(void * 0x04fa6ba0, int 1) line 1062 + 11 bytes _free_dbg(void * 0x04fa6ba0, int 1) line 970 + 13 bytes free(void * 0x04fa6ba0) line 926 + 11 bytes I'm seeing that in a (non-current) debug Mozilla build. Also note that the Talkback stack traces are, for the most part, completely different from each other. Reassigning back to Browser-General. I think that to progress further, we need to run Purify on the site. cc'ing Stephen: do you have Purify available by any chance?
Assignee: rogerl → asa
Component: JavaScript Engine → Browser-General
QA Contact: pschwartau → asa
|
|
||
Comment 12•22 years ago
|
||
Win NT + Win XP = Win NT (All means more than just Windows) valgrind under linux shows bad things, but nothing that would result in heap corruption or a crash. filed bug 164381
OS: All → Windows NT
Under Purify, I get:
[E] ABW: Array bounds write in memcpy {2 occurrences}
Writing 8 bytes to 0x0f3c37c0 (8 bytes at 0x0f3c37c0 illegal)
Address 0x0f3c37c0 is 8 bytes before the beginning of a 496 byte block
at 0x0f3c37c8
Address 0x0f3c37c0 points to a C++ new block in heap 0x02770000
Thread ID: 0x58c
Error location
memcpy [memcpy.asm:109]
gfxImageFrame::SetAlphaData(BYTE const*,UINT,int)
[gfxImageFrame.cpp:385]
nsICODecoder::SetAlphaData(void) [nsICODecoder.cpp:118]
nsICODecoder::Flush(void) [nsICODecoder.cpp:187]
imgRequest::OnStopRequest(nsIRequest *,nsISupports *,UINT)
[imgRequest.cpp:635]
ProxyListener::OnStopRequest(nsIRequest *,nsISupports *,UINT)
[imgLoader.cpp:723]
nsStreamListenerTee::OnStopRequest(nsIRequest *,nsISupports *,UINT)
[nsStreamListenerTee.cpp:65]
nsHttpChannel::OnStopRequest(nsIRequest *,nsISupports *,UINT)
[nsHttpChannel.cpp:2971]
nsOnStopRequestEvent::HandleEvent(void) [nsRequestObserverProxy.cpp:212]
nsARequestObserverEvent::HandlePLEvent(PLEvent *)
[nsRequestObserverProxy.cpp:115]
Allocation location
new(UINT) [new.cpp:23]
nsImageWin::Init(int,int,int,nsMaskRequirements) [nsImageWin.cpp:218]
gfxImageFrame::Init(int,int,int,int,int) [gfxImageFrame.cpp:120]
nsICODecoder::ProcessData(char const*,UINT) [nsICODecoder.cpp:307]
nsICODecoder::ReadSegCb(nsIInputStream *,void *,char
const*,UINT,UINT,UINT *) [nsICODecoder.cpp:200]
nsInputStreamTee::WriteSegmentFun(nsIInputStream *,void *,char
const*,UINT,UINT,UINT *) [nsInputStreamTee.cpp:104]
nsPipe::nsPipeInputStream::ReadSegments((*)(nsIInputStream *,void
*,char const*,UINT,UINT,UINT *),void *,UINT,UINT *) [nsPipe2.cpp:419]
nsInputStreamTee::ReadSegments((*)(nsIInputStream *,void *,char
const*,UINT,UINT,UINT *),void *,UINT,UINT *) [nsInputStreamTee.cpp:158]
nsICODecoder::WriteFrom(nsIInputStream *,UINT,UINT *)
[nsICODecoder.cpp:205]
imgRequest::OnDataAvailable(nsIRequest *,nsISupports
*,nsIInputStream *,UINT,UINT) [imgRequest.cpp:752]
AND
[E] IPW: Invalid pointer write in memcpy {2 occurrences}
Writing 188 bytes to 0x0f3e1e8c (4 bytes at 0x0f3e1e8c illegal)
Address 0x0f3e1e8c points into a HeapAlloc'd block in unallocated region
of heap 0x02770000
Thread ID: 0x58c
Error location
memcpy [memcpy.asm:109]
gfxImageFrame::SetImageData(BYTE const*,UINT,int)
[gfxImageFrame.cpp:285]
nsICODecoder::SetImageData(void) [nsICODecoder.cpp:109]
nsICODecoder::Flush(void) [nsICODecoder.cpp:188]
imgRequest::OnStopRequest(nsIRequest *,nsISupports *,UINT)
[imgRequest.cpp:635]
ProxyListener::OnStopRequest(nsIRequest *,nsISupports *,UINT)
[imgLoader.cpp:723]
nsStreamListenerTee::OnStopRequest(nsIRequest *,nsISupports *,UINT)
[nsStreamListenerTee.cpp:65]
nsHttpChannel::OnStopRequest(nsIRequest *,nsISupports *,UINT)
[nsHttpChannel.cpp:2971]
nsOnStopRequestEvent::HandleEvent(void) [nsRequestObserverProxy.cpp:212]
nsARequestObserverEvent::HandlePLEvent(PLEvent *)
[nsRequestObserverProxy.cpp:115]
AND
[E] EXU: Unhandled exception in free_base {1 occurrence}
Exception code: 0xc0000005 [Error: access violation]
Exception address: RtlFreeHeap [ntdll.dll]
Filter: mainCRTStartup [crtexe.c:345]
Exception location
RtlFreeHeap [ntdll.dll]
RtlAllocateHeap [ntdll.dll]
free_base [free.c:92]
free_dbg [dbgheap.c:993]
free [dbgheap.c:955]
delete(void *) [delop.cpp:6]
nsCacheEntryDescriptor::nsOutputStreamWrapper::`vector deleting
destructor'(UINT) [nkcache.dll]
nsCacheEntryDescriptor::nsOutputStreamWrapper::Release(void)
[nsCacheEntryDescriptor.cpp:635]
nsCOMPtr<nsIOutputStream>::assign_assuming_AddRef(nsIOutputStream *)
[nsCOMPtr.h:472]
nsCOMPtr<nsIOutputStream>::assign_with_AddRef(nsISupports *)
[nsCOMPtr.h:914]
DISCLAIMER: I'm not totally sure the latter is valid (actually, or the others).
Purify can sometimes be quite erroneous. I'm clearing cache and rerunning to
verify.|
|
||
Comment 14•22 years ago
|
||
Loading http://www.xoip.com/content/home/home.jsp crashes on 2002082308, but saving it locally and opening = no crash. Something network related, or a timing issue? Nothing looks unusual in the headers. Document headers: HTTP/1.1 200 OK Date: Sat, 24 Aug 2002 06:53:40 GMT Server: Apache/1.3.14 (Unix) (Red-Hat/Linux) Set-Cookie: jsessionid=135391030172020899;path=/ Expires: Thu, 01 Dec 1994 16:00:00 GMT Connection: Keep-alive Cache-Control: no-cache="set-cookie,set-cookie2" Content-Length: 7102 Content-Type: text/html; charset=ISO-8859-1
|
|
||
Comment 15•22 years ago
|
||
OK guys! I figured it out. The problem is with the xoip.ico file that Mozilla tries to load when it loads that site. I will attach a testcase here.
|
|
||
Comment 16•22 years ago
|
||
Leaving text/plain as on original site (don't know if it's relevant)
|
|
||
Comment 17•22 years ago
|
||
This should crash Mozilla right away. The odd thing is that if I change the indentation of the HTML code, or if I get rid of the leading CRLFs, the crash is not a sure thing anymore.
|
|
||
Comment 18•22 years ago
|
||
If the MIME-type for the ico file is set to image/bmp, Mozilla promptly crashes upon accessing it directly.
|
|
||
Comment 19•22 years ago
|
||
This has been going on for awhile. Some of the traces on bug 159256 look similar. *** This bug has been marked as a duplicate of 159256 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
|
||
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•