Closed Bug 198301 Opened 21 years ago Closed 21 years ago

Crashing when loading standalone image when images disabled in mailnews - Trunk [@ nsImgManager::GetRootDocShell]

Categories

(Core Graveyard :: Image: Painting, defect)

defect
Not set
critical

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: fredbezies, Assigned: bzbarsky)

References

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030319
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030319

It looks like bug 198181. It should be a duplicate of it (sorry if it is the
case), but I am facing a crash everytime I want to click (left or wheel click)
on a picture.

See details to reproduce it.

Reproducible: Always

Steps to Reproduce:
1.go here (it is one of my sites) : http://frederic.bezies.free.fr/
2.In the right frame, click on the big image


Actual Results:  
Mozilla freezing then crashing :-/

Expected Results:  
opening the image in a new window.

Modern theme, clean install of my homemade build.

Here are my buildconfig data :

Build platform
target
i686-pc-cygwin

Build tools
Compiler 	Version 	Compiler flags
cl 	12.00.8804 for 80x86 	-TC -nologo -W3 -nologo -Gy -Fd$(PDBFILE)
cl 	12.00.8804 for 80x86 	-TP -nologo -W3 -nologo -Gy -Fd$(PDBFILE)

Configure arguments
--enable-extensions --enable-crypto --disable-debug --enable-optimize
--enable-calendar --disable-pedantic --disable-installer --enable-strip
--disable-tests

Also, when I want to launch debugging, VC++ said me there is an access violation
in cookie.dll.

Or, I do not set any cookies on my site :-|

I just customized cookies managing in Prefs/Privacy & Security/View.
This bug is weird. it only happens with my main profile. I created a blank new
one, did not touch to cookies advanced settings and it crashes again.

I will download a nightly with talkback and send a TB ID.
At what _exact_ time did you pull?  You have no image settings under privacy &
security?
Here is a talkback ID : TB18262739Y

This bug is driving me crazy. I remember I tweaked p3p settings. Is this related ?

Is this bug a duplicate of bug 198270 ?
I pulled 2 or 3 hours ago.

Crash also happens with build 2003031908, see talkback datas.

Only settings I modified for images is "Do not load remote images in Mail &
Newsgroups messages".
Just as a hint, since you're building yourself, build with symbols and use a
debugger....
Keywords: stackwanted
Whiteboard: TB18262739Y
Got it !

Try my test case with "Do not load remote images in Mail..." and you will crash.

Uncheck it, and all will be fine !

Weird !

Security related problem, isn't it ?

Setting "?" for 1.4a blocking.
Flags: blocking1.4a?
Keywords: stackwanted
Whiteboard: TB18262739Y
Thanks for the tip, I will use it. Modifying summary to make bug more "speaking".

Summary: Crashing when clicking on an image link. → Crashing when clicking on an image link and when "Do not load remote image" option is checked.
This is mine....  biesi, this is the bug you were seeing:

#0  nsImgManager::GetRootDocShell (this=0x81da520, aWindow=0x0, result=0xbfffe564)
    at /home/bzbarsky/mozilla/profile/mozilla/extensions/cookie/nsImgManager.cpp:171
#1  0x41debf2c in nsImgManager::ShouldLoad (this=0x81da520, aContentType=2, 
    aContentLoc=0x8a5ee90, aContext=0x8a5e168, aWindow=0x0, _retval=0xbfffe67c)
    at /home/bzbarsky/mozilla/profile/mozilla/extensions/cookie/nsImgManager.cpp:129
#2  0x40f78f97 in nsContentPolicy::CheckPolicy (this=0x81dca58, policyType=0, 
    contentType=2, contentLocation=0x8a5ee90, context=0x8a5e168, window=0x0, 
    shouldProceed=0xbfffe67c)
    at
/home/bzbarsky/mozilla/profile/mozilla/content/base/src/nsContentPolicy.cpp:143
#3  0x40f79011 in nsContentPolicy::ShouldLoad (this=0x81dca58, contentType=2, 
    contentLocation=0x8a5ee90, context=0x8a5e168, window=0x0, shouldLoad=0xbfffe67c)
    at
/home/bzbarsky/mozilla/profile/mozilla/content/base/src/nsContentPolicy.cpp:166
#4  0x4122f520 in NS_CheckContentLoadPolicy (contentType=2, aURI=0x8a5ee90, 
    context=0x8a5e168, window=0x0, shouldLoad=0xbfffe67c)
    at ../../../dist/include/content/nsContentPolicyUtils.h:56
#5  0x40ff1500 in nsImageLoadingContent::CanLoadImage (this=0x8a5e168,
aURI=0x8a5ee90, 
    aDocument=0x8a5e858)
    at
/home/bzbarsky/mozilla/profile/mozilla/content/base/src/nsImageLoadingContent.cpp:440

Note the null DOM window being passed around....
Assignee: jdunn → bzbarsky
OS: Windows XP → All
Hardware: PC → All
Summary: Crashing when clicking on an image link and when "Do not load remote image" option is checked. → Crashing when loading standalone image when images disabled in mailnews
Blocks: 83774
Attached patch Proposed patchSplinter Review
So the problem is that nsImageDocument::CreateSyntheticDocument gets called
before the document has a scriptglobalobject....  The resulting call into the
content policy code with a null domwindow crashes.

The best solution, imo, is to move the CreateSyntheticDocument call.  One issue
is that now we will not be erroring out of StartDocumentLoad but rather out of
SetScriptGlobalObject on out-of-memory and such....  I don't think this is a
big deal.

Other solutions that would work: make content policy handle null windows
(should maybe still do that), make GetScriptGlobalObject go to the docshell if
mScriptGlobalObject is null (seems a little risky).
Comment on attachment 117791 [details] [diff] [review]
Proposed patch

jst?  What do you think?
Attachment #117791 - Flags: superreview?(jst)
Attachment #117791 - Flags: review?(jkeiser)
Comment on attachment 117791 [details] [diff] [review]
Proposed patch

sr=jst
Attachment #117791 - Flags: superreview?(jst) → superreview+
Attachment #117791 - Flags: superreview?(jst)
Attachment #117791 - Flags: superreview+
Attachment #117791 - Flags: review?(jkeiser)
Attachment #117791 - Flags: review+
fixed.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Added Trunk [@ nsImgManager::GetRootDocShell] and crash, topcrash keywords for
future reference.  This has been a topcrash for the last couple of days on the
MozillaTrunk.
Keywords: crash, topcrash
Summary: Crashing when loading standalone image when images disabled in mailnews → Crashing when loading standalone image when images disabled in mailnews - Trunk [@ nsImgManager::GetRootDocShell]
*** Bug 198367 has been marked as a duplicate of this bug. ***
Flags: blocking1.4a?
*** Bug 198709 has been marked as a duplicate of this bug. ***
v.fixed per Talkback data.  no crashes since 3/19.
Status: RESOLVED → VERIFIED
Attachment #117791 - Flags: superreview?(jst)
Product: Core → Core Graveyard
Crash Signature: [@ nsImgManager::GetRootDocShell]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: