Closed
Bug 205599
Opened 21 years ago
Closed 21 years ago
Crash when loading http://www.netlimiter.com/ due to JavaScript function named "onload"
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 201828
People
(Reporter: ghartwig, Unassigned)
References
()
Details
(Keywords: crash)
Attachments
(1 file)
20.80 KB,
text/plain
|
Details |
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.3) Gecko/20030312 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.3) Gecko/20030312 This problem may be similar to Bugzilla Bug 196385 (similar messages upon crash) but it's easily reproducable here. Page declares a fuction called "onload()" and then has '<body onload="onload();">' This might be causing an infinite loop. Changing the function name to "onload2" fixes the crash. Reproducible: Always Steps to Reproduce: 1. open http://www.netlimiter.com/ Actual Results: Browser crash. Camino 0.7 crashes also. IE and Safari load OK. Expected Results: No crash. From Camino crash: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0xbff7fff4 Thread 0 Crashed: #0 0x000a0664 in needsSecurityCheck(JSContext*, nsIXPConnectWrappedNative*) #1 0x00099204 in nsWindowSH::GetProperty(nsIXPConnectWrappedNative*, JSContext*, JSObject*, long, long*, int*) #2 0x0067796c in XPC_WN_Helper_GetProperty(JSContext*, JSObject*, long, long*) #3 0x0402f4e0 in js_Interpret #4 0x04027a08 in js_Invoke #5 0x0402ee78 in js_Interpret #6 0x04027a08 in js_Invoke #7 0x0402ee78 in js_Interpret #8 0x04027a08 in js_Invoke #9 0x0402ee78 in js_Interpret #10 0x04027a08 in js_Invoke #11 0x0402ee78 in js_Interpret #12 0x04027a08 in js_Invoke . . . (repeats these two lines 250 times or so)
Comment 1•21 years ago
|
||
this is my crash log from moz 2003051308/OS X... looks like an infinite loop between jsInvoke and jsInterpret as a side note Talkback didn't launch
Comment 2•21 years ago
|
||
confirming as I don't see any obvious dupes... a test case should be pretty easy this may be more appropriate in a DOM* component but I don't know where the root of the conflict lies, nor where it would be solved
Comment 3•21 years ago
|
||
All the ideas above are correct. The problem is caused by naming the <body> onload handler "onload", as discovered in bug 201828. In particular, see the stack in bug 201828 comment 2, and the explanation of the infinite loop in bug 201828 comment 3. Unfortunately, the summary of the bug makes it hard to find! I'm going to reassign to DOM Level 0 for parity with the other bug, and cc everyone on it so they can follow progress on this -
Assignee: rogerl → dom_bugs
Component: JavaScript Engine → DOM Level 0
QA Contact: pschwartau → ashishbhatt
Comment 4•21 years ago
|
||
*** This bug has been marked as a duplicate of 201828 ***
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•