Closed
Bug 163874
Opened 22 years ago
Closed 22 years ago
crash on www.xoip.com
Categories
(SeaMonkey :: General, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 159256
People
(Reporter: patoche.smart+mozilla, Assigned: asa)
References
()
Details
(Keywords: crash)
Attachments
(4 files)
Browser version 20020818 crashes at that address.
Comment 2•22 years ago
|
||
WFM, 1.1 RC (20020818) - WinXP
Comment 3•22 years ago
|
||
Confirming bug, 2002-08-21-04 trunk Windows 2000. TB 9654983X
Comment 4•22 years ago
|
||
worksforme, linux trunk build 20020821
Comment 5•22 years ago
|
||
WFM 2002082008/trunk/W2K Stephen, should I ask you for TB9654983X?
ntdll.dll + 0x491b6 (0x77fc91b6) ntdll.dll + 0x4a1c1 (0x77fca1c1) ntdll.dll + 0x4a47f (0x77fca47f) MSVCRT.DLL + 0x1089 (0x78001089) MSVCRT.DLL + 0x1026 (0x78001026) NewParseNode [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 145] Statement [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 1183] Statement [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 1448] Statement [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 1195] Statements [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 887] FunctionBody [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 558] FunctionDef [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 722] FunctionStmt [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 857] Statement [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 1172] Statements [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 887] js_CompileTokenStream [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 394] CompileTokenStream [c:/builds/seamonkey/mozilla/js/src/jsapi.c, line 2851] JS_CompileUCScriptForPrincipals [c:/builds/seamonkey/mozilla/js/src/jsapi.c, line 2931] JS_EvaluateUCScriptForPrincipals [c:/builds/seamonkey/mozilla/js/src/jsapi.c, line 3380] nsJSContext::EvaluateString [c:/builds/seamonkey/mozilla/dom/src/base/nsJSEnvironment.cpp, line 702] nsScriptLoader::EvaluateScript [c:/builds/seamonkey/mozilla/content/base/src/nsScriptLoader.cpp, line 570] nsScriptLoader::ProcessRequest [c:/builds/seamonkey/mozilla/content/base/src/nsScriptLoader.cpp, line 478] nsScriptLoader::OnStreamComplete [c:/builds/seamonkey/mozilla/content/base/src/nsScriptLoader.cpp, line 781] nsStreamLoader::OnStopRequest [c:/builds/seamonkey/mozilla/netwerk/base/src/nsStreamLoader.cpp, line 163] nsStreamListenerTee::OnStopRequest [c:/builds/seamonkey/mozilla/netwerk/base/src/nsStreamListenerTee.cpp, line 66] nsHttpChannel::OnStopRequest [c:/builds/seamonkey/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp, line 2972] nsOnStopRequestEvent::HandleEvent [c:/builds/seamonkey/mozilla/netwerk/base/src/nsRequestObserverProxy.cpp, line 213] PL_HandleEvent [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 597] PL_ProcessPendingEvents [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 530] _md_EventReceiverProc [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 1078] nsAppShellService::Run [c:/builds/seamonkey/mozilla/xpfe/appshell/src/nsAppShellService.cpp, line 452] main1 [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1523] main [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1874] WinMain [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1892] WinMainCRTStartup() KERNEL32.DLL + 0x7903 (0x77e87903)
Keywords: stackwanted
Comment 7•22 years ago
|
||
Crash on 2002082109 trunk with WinXP Talkback: TB9678971M OS -> All
OS: Windows NT → All
Comment 8•22 years ago
|
||
Also crashing on 1.0 branch: 2002082109/1.0branch/W2K -> TB9723975E, TB9723622Y, TB9723619M 2002082208/trunk/W2K -> TB9724191K
Comment 9•22 years ago
|
||
Based on the filename "jsparse.c" I'm guessing --> JavaScript Engine.
Assignee: asa → rogerl
Component: Browser-General → JavaScript Engine
QA Contact: asa → pschwartau
Comment 10•22 years ago
|
||
Comment 11•22 years ago
|
||
Note: some stack traces are unreliable because so much heap corruption has occurred: you have corrupted memory running through the entire stack. With a Mozilla debug build, one tipoff is the presence of function calls like this in the stack: _free_dbg_lk(void * 0x04fa6ba0, int 1) line 1062 + 11 bytes _free_dbg(void * 0x04fa6ba0, int 1) line 970 + 13 bytes free(void * 0x04fa6ba0) line 926 + 11 bytes I'm seeing that in a (non-current) debug Mozilla build. Also note that the Talkback stack traces are, for the most part, completely different from each other. Reassigning back to Browser-General. I think that to progress further, we need to run Purify on the site. cc'ing Stephen: do you have Purify available by any chance?
Assignee: rogerl → asa
Component: JavaScript Engine → Browser-General
QA Contact: pschwartau → asa
Comment 12•22 years ago
|
||
Win NT + Win XP = Win NT (All means more than just Windows) valgrind under linux shows bad things, but nothing that would result in heap corruption or a crash. filed bug 164381
OS: All → Windows NT
Under Purify, I get: [E] ABW: Array bounds write in memcpy {2 occurrences} Writing 8 bytes to 0x0f3c37c0 (8 bytes at 0x0f3c37c0 illegal) Address 0x0f3c37c0 is 8 bytes before the beginning of a 496 byte block at 0x0f3c37c8 Address 0x0f3c37c0 points to a C++ new block in heap 0x02770000 Thread ID: 0x58c Error location memcpy [memcpy.asm:109] gfxImageFrame::SetAlphaData(BYTE const*,UINT,int) [gfxImageFrame.cpp:385] nsICODecoder::SetAlphaData(void) [nsICODecoder.cpp:118] nsICODecoder::Flush(void) [nsICODecoder.cpp:187] imgRequest::OnStopRequest(nsIRequest *,nsISupports *,UINT) [imgRequest.cpp:635] ProxyListener::OnStopRequest(nsIRequest *,nsISupports *,UINT) [imgLoader.cpp:723] nsStreamListenerTee::OnStopRequest(nsIRequest *,nsISupports *,UINT) [nsStreamListenerTee.cpp:65] nsHttpChannel::OnStopRequest(nsIRequest *,nsISupports *,UINT) [nsHttpChannel.cpp:2971] nsOnStopRequestEvent::HandleEvent(void) [nsRequestObserverProxy.cpp:212] nsARequestObserverEvent::HandlePLEvent(PLEvent *) [nsRequestObserverProxy.cpp:115] Allocation location new(UINT) [new.cpp:23] nsImageWin::Init(int,int,int,nsMaskRequirements) [nsImageWin.cpp:218] gfxImageFrame::Init(int,int,int,int,int) [gfxImageFrame.cpp:120] nsICODecoder::ProcessData(char const*,UINT) [nsICODecoder.cpp:307] nsICODecoder::ReadSegCb(nsIInputStream *,void *,char const*,UINT,UINT,UINT *) [nsICODecoder.cpp:200] nsInputStreamTee::WriteSegmentFun(nsIInputStream *,void *,char const*,UINT,UINT,UINT *) [nsInputStreamTee.cpp:104] nsPipe::nsPipeInputStream::ReadSegments((*)(nsIInputStream *,void *,char const*,UINT,UINT,UINT *),void *,UINT,UINT *) [nsPipe2.cpp:419] nsInputStreamTee::ReadSegments((*)(nsIInputStream *,void *,char const*,UINT,UINT,UINT *),void *,UINT,UINT *) [nsInputStreamTee.cpp:158] nsICODecoder::WriteFrom(nsIInputStream *,UINT,UINT *) [nsICODecoder.cpp:205] imgRequest::OnDataAvailable(nsIRequest *,nsISupports *,nsIInputStream *,UINT,UINT) [imgRequest.cpp:752] AND [E] IPW: Invalid pointer write in memcpy {2 occurrences} Writing 188 bytes to 0x0f3e1e8c (4 bytes at 0x0f3e1e8c illegal) Address 0x0f3e1e8c points into a HeapAlloc'd block in unallocated region of heap 0x02770000 Thread ID: 0x58c Error location memcpy [memcpy.asm:109] gfxImageFrame::SetImageData(BYTE const*,UINT,int) [gfxImageFrame.cpp:285] nsICODecoder::SetImageData(void) [nsICODecoder.cpp:109] nsICODecoder::Flush(void) [nsICODecoder.cpp:188] imgRequest::OnStopRequest(nsIRequest *,nsISupports *,UINT) [imgRequest.cpp:635] ProxyListener::OnStopRequest(nsIRequest *,nsISupports *,UINT) [imgLoader.cpp:723] nsStreamListenerTee::OnStopRequest(nsIRequest *,nsISupports *,UINT) [nsStreamListenerTee.cpp:65] nsHttpChannel::OnStopRequest(nsIRequest *,nsISupports *,UINT) [nsHttpChannel.cpp:2971] nsOnStopRequestEvent::HandleEvent(void) [nsRequestObserverProxy.cpp:212] nsARequestObserverEvent::HandlePLEvent(PLEvent *) [nsRequestObserverProxy.cpp:115] AND [E] EXU: Unhandled exception in free_base {1 occurrence} Exception code: 0xc0000005 [Error: access violation] Exception address: RtlFreeHeap [ntdll.dll] Filter: mainCRTStartup [crtexe.c:345] Exception location RtlFreeHeap [ntdll.dll] RtlAllocateHeap [ntdll.dll] free_base [free.c:92] free_dbg [dbgheap.c:993] free [dbgheap.c:955] delete(void *) [delop.cpp:6] nsCacheEntryDescriptor::nsOutputStreamWrapper::`vector deleting destructor'(UINT) [nkcache.dll] nsCacheEntryDescriptor::nsOutputStreamWrapper::Release(void) [nsCacheEntryDescriptor.cpp:635] nsCOMPtr<nsIOutputStream>::assign_assuming_AddRef(nsIOutputStream *) [nsCOMPtr.h:472] nsCOMPtr<nsIOutputStream>::assign_with_AddRef(nsISupports *) [nsCOMPtr.h:914] DISCLAIMER: I'm not totally sure the latter is valid (actually, or the others). Purify can sometimes be quite erroneous. I'm clearing cache and rerunning to verify.
Comment 14•22 years ago
|
||
Loading http://www.xoip.com/content/home/home.jsp crashes on 2002082308, but saving it locally and opening = no crash. Something network related, or a timing issue? Nothing looks unusual in the headers. Document headers: HTTP/1.1 200 OK Date: Sat, 24 Aug 2002 06:53:40 GMT Server: Apache/1.3.14 (Unix) (Red-Hat/Linux) Set-Cookie: jsessionid=135391030172020899;path=/ Expires: Thu, 01 Dec 1994 16:00:00 GMT Connection: Keep-alive Cache-Control: no-cache="set-cookie,set-cookie2" Content-Length: 7102 Content-Type: text/html; charset=ISO-8859-1
Comment 15•22 years ago
|
||
OK guys! I figured it out. The problem is with the xoip.ico file that Mozilla tries to load when it loads that site. I will attach a testcase here.
Comment 16•22 years ago
|
||
Leaving text/plain as on original site (don't know if it's relevant)
Comment 17•22 years ago
|
||
This should crash Mozilla right away. The odd thing is that if I change the indentation of the HTML code, or if I get rid of the leading CRLFs, the crash is not a sure thing anymore.
Comment 18•22 years ago
|
||
If the MIME-type for the ico file is set to image/bmp, Mozilla promptly crashes upon accessing it directly.
Comment 19•22 years ago
|
||
This has been going on for awhile. Some of the traces on bug 159256 look similar. *** This bug has been marked as a duplicate of 159256 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•