Closed
Bug 267050
Opened 20 years ago
Closed 20 years ago
Crash in rdf_BlockingWrite() with a simple javascript: URI
Categories
(Core Graveyard :: RDF, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: WeirdAl, Assigned: axel)
References
()
Details
(Keywords: crash, regression, testcase)
Attachments
(1 file)
581 bytes,
patch
|
benjamin
:
review+
darin.moz
:
superreview+
|
Details | Diff | Splinter Review |
Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.8a5) Gecko/20041031 I ran a very simple JavaScript URI, and unfortunately crashed very quickly. Steps to reproduce: (1) Click on URL field in this bug. (2) An alert dialog pops up with a text of "0". Click the OK button. Expected results: A new dialog appears with a text of "1". Actual results: Crash. #0 0x407076f6 in nanosleep () from /lib/libc.so.6 #1 0x0000001c in ?? () #2 0x08060575 in ah_crap_handler(int) (signum=11) at nsSigHandlers.cpp:132 #3 0x41a7e939 in nsProfileLock::FatalSignalHandler(int) (signo=11) at nsProfileLock.cpp:208 #4 0x4028ec2d in __pthread_sighandler () from /lib/libpthread.so.0 #5 0x40682d58 in __libc_sigaction () from /lib/libc.so.6 #6 0x4187ddec in rdf_BlockingWrite (stream=0x88e9550, buf=0xbfff8540 "p;amp;gt&amp;gt&gt>lt; 2; j++) {alert(j)}", size=1631256628) at nsRDFXMLSerializer.cpp:189 #7 0x4187de60 in rdf_BlockingWrite (stream=0x88e9550, s=@0xbfff8528) at nsRDFXMLSerializer.cpp:201 #8 0x4188150f in nsRDFXMLSerializer::SerializeMember(nsIOutputStream*, nsIRDFResource*, nsIRDFNode*) (this=0x8413c60, aStream=0x88e9550, aContainer=0x82ba0f8, aMember=0x8880eb8) at nsRDFXMLSerializer.cpp:830 #9 0x41882072 in nsRDFXMLSerializer::SerializeContainer(nsIOutputStream*, nsIRDFResource*) (this=0x8413c60, aStream=0x88e9550, aContainer=0x82ba0f8) at nsRDFXMLSerializer.cpp:969 #10 0x4188302a in nsRDFXMLSerializer::Serialize(nsIOutputStream*) (this=0x8413c60, aStream=0x88e9550) at nsRDFXMLSerializer.cpp:1171 #11 0x41877797 in RDFXMLDataSourceImpl::Serialize(nsIOutputStream*) (this=0x81f8728, aStream=0x88e9550) at nsRDFXMLDataSource.cpp:1201 #12 0x41876603 in RDFXMLDataSourceImpl::rdfXMLFlush(nsIURI*) (this=0x81f8728, aURI=0x8246df8) at nsRDFXMLDataSource.cpp:832 #13 0x418768da in RDFXMLDataSourceImpl::Flush() (this=0x81f8728) at nsRDFXMLDataSource.cpp:885 #14 0x41885386 in LocalStoreImpl::Flush() (this=0x8241ef0) at nsLocalStore.cpp:354 #15 0x4142af17 in ~nsXULDocument (this=0x888a178) at nsXULDocument.cpp:404 #16 0x411cf1bb in nsDocument::Release() (this=0x888a178) at nsDocument.cpp:674 #17 0x413ef8d7 in nsXMLDocument::Release() (this=0x888a178) at nsXMLDocument.cpp:210 #18 0x4142b383 in nsXULDocument::Release() (this=0x888a178) at nsXULDocument.cpp:477 #19 0x4090ed83 in XPCJSRuntime::GCCallback(JSContext*, JSGCStatus) (cx=0x878fa80, status=JSGC_END) at xpcjsruntime.cpp:556 #20 0x4146d725 in DOMGCCallback (cx=0x878fa80, status=JSGC_END) at nsJSEnvironment.cpp:1994 #21 0x401b7126 in js_GC (cx=0x878fa80, gcflags=0) at jsgc.c:1440 #22 0x401b6396 in js_ForceGC (cx=0x878fa80, gcflags=0) at jsgc.c:1024 #23 0x40182f8a in JS_GC (cx=0x878fa80) at jsapi.c:1744 #24 0x4146d5be in nsJSContext::Notify(nsITimer*) (this=0x88847d8, timer=0x888d768) at nsJSEnvironment.cpp:1947 #25 0x4010e4ea in nsTimerImpl::Fire() (this=0x888d768) at nsTimerImpl.cpp:386 #26 0x4010e6b0 in handleTimerEvent(TimerEventType*) (event=0x42300570) at nsTimerImpl.cpp:448 #27 0x4010612c in PL_HandleEvent (self=0x42300570) at plevent.c:692 #28 0x4010687a in PL_ProcessEventsBeforeID (aSelf=0x8881ab0, aID=17344) at plevent.c:1697 #29 0x419dd93d in processQueue(void*, void*) (aElement=0x8881ab0, aData=0x43c0) at nsAppShell.cpp:417 #30 0x400ba4d0 in nsVoidArray::EnumerateForwards(int (*)(void*, void*), void*) (this=0x81430d0, aFunc=0x419dd910 <processQueue(void*, void*)>, aData=0x43c0) at nsVoidArray.cpp:648 #31 0x419dd97e in nsAppShell::ProcessBeforeID(unsigned long) (aID=17344) at nsAppShell.cpp:425 #32 0x419ebf32 in handle_gdk_event(_GdkEvent*, void*) (event=0x820cad4, data=0x0) at nsGtkEventHandler.cpp:871 This may be a smoketest blocker.
Reporter | ||
Comment 1•20 years ago
|
||
I did not crash with Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a5) Gecko/20041027 CTho did crash with: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a5) Gecko/20041028 OS -> All
OS: Linux → All
Comment 2•20 years ago
|
||
Using a CVS trunk debug build of firefox on Linux, I cannot reproduce this crash.
Reporter | ||
Comment 3•20 years ago
|
||
Correction to steps to reproduce: Clicking the URL link here apparently doesn't produce a crash. But entering the URL manually into the location bar does, and it does crash my 10/27 build.
Comment 4•20 years ago
|
||
I cannot recreate this with a 20041022 cvs build. Neither does it happen with an optimized 20041031 cvs build. Even when entering the javascript into the location bar.
Comment 5•20 years ago
|
||
I tried clicking the link and I also tried entering the URL manually into the URL bar. In both cases I did not experience a crash.
Assignee | ||
Comment 6•20 years ago
|
||
Assignee | ||
Updated•20 years ago
|
Assignee: nobody → axel
Status: NEW → ASSIGNED
Assignee | ||
Updated•20 years ago
|
Attachment #164286 -
Flags: superreview?(darin)
Attachment #164286 -
Flags: review?(bsmedberg)
Updated•20 years ago
|
Attachment #164286 -
Flags: review?(bsmedberg) → review+
Updated•20 years ago
|
Attachment #164286 -
Flags: superreview?(darin) → superreview+
Assignee | ||
Comment 7•20 years ago
|
||
Fix landed on the trunk. The offending code isn't on the branch, so no problem on that front.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Comment 8•20 years ago
|
||
Verified FIXED with build 2004-11-12-04 on Windows XP, even with the ammended steps in comment 3.
Status: RESOLVED → VERIFIED
Updated•6 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•