Closed Bug 437417 Opened 16 years ago Closed 6 years ago

crash on view source for page on cgi-script [@ nsDocShell::ConfirmRepost]

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: rcoe, Unassigned)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008052912 Firefox/3.0
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008052912 Firefox/3.0

I have a cgi-script which produces an html page.
The cgi-script completed successfully. 
I selected to view page source.  
FF spins, and does not display the source.
I pressed 'cancel' and FF crashes.

I captured the traceback.  It appears that FF is crashing
attempting to put up the 'repost script parameter values' dialogue.

I'm not sure what local variable is null, but I think it's 'prompter'.

Reproducible: Always




Program received signal SIGSEGV, Segmentation fault.
nsDocShell::ConfirmRepost (this=0xb2d7240, aRepost=0xbfcb2f58)
    at /usr/local/src/moz/cvs/mozilla/docshell/base/nsDocShell.cpp:8873
8873                       button0Title.get(), nsnull, nsnull, nsnull, nsnull, &buttonPressed);
(gdb) bt
#0  nsDocShell::ConfirmRepost (this=0xb2d7240, aRepost=0xbfcb2f58)
    at /usr/local/src/moz/cvs/mozilla/docshell/base/nsDocShell.cpp:8873
#1  0xb788fdd2 in nsWebShell::EndPageLoad (this=0xb2d7240, aProgress=0xb2d7254, channel=0xe60ace0,
    aStatus=2152398918) at /usr/local/src/moz/cvs/mozilla/docshell/base/nsWebShell.cpp:1212
#2  0xb7887250 in nsDocShell::OnStateChange (this=0xb2d7240, aProgress=0xb2d7254, aRequest=0xe60ace0,
    aStateFlags=131088, aStatus=2152398918) at /usr/local/src/moz/cvs/mozilla/docshell/base/nsDocShell.cpp:4973
#3  0xb7899f6c in nsDocLoader::FireOnStateChange (this=0xb2d7240, aProgress=0xb2d7254, aRequest=0xe60ace0,
    aStateFlags=131088, aStatus=2152398918)
    at /usr/local/src/moz/cvs/mozilla/uriloader/base/nsDocLoader.cpp:1235
#4  0xb789a145 in nsDocLoader::doStopDocumentLoad (this=0xb2d7240, request=0xe60ace0, aStatus=2152398918)
    at /usr/local/src/moz/cvs/mozilla/uriloader/base/nsDocLoader.cpp:858
#5  0xb789a3dc in nsDocLoader::DocLoaderIsEmpty (this=0xb2d7240)
    at /usr/local/src/moz/cvs/mozilla/uriloader/base/nsDocLoader.cpp:763
#6  0xb789a52c in nsDocLoader::OnStopRequest (this=0xb2d7240, aRequest=0xe60ace0, aCtxt=0x0,
    aStatus=2152398918) at /usr/local/src/moz/cvs/mozilla/uriloader/base/nsDocLoader.cpp:679
#7  0xb7269ca4 in nsLoadGroup::RemoveRequest (this=0x9e51d60, request=0xe60ace0, ctxt=0x0, aStatus=2152398918)
    at /usr/local/src/moz/cvs/mozilla/netwerk/base/src/nsLoadGroup.cpp:688
#8  0xb72e7022 in nsViewSourceChannel::OnStopRequest (this=0xe60ace0, aRequest=0x9ff384c, aContext=0x0,
    aStatus=2152398918)
    at /usr/local/src/moz/cvs/mozilla/netwerk/protocol/viewsource/src/nsViewSourceChannel.cpp:493
#9  0xb72d6173 in nsHttpChannel::DoNotifyListener (this=0x9ff3820)
    at /usr/local/src/moz/cvs/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp:385
#10 0xb72e377c in nsRunnableMethod<nsHttpChannel>::Run (this=0x895b8c0)
    at ../../../../dist/include/xpcom/nsThreadUtils.h:261
#11 0xb7b56f95 in nsThread::ProcessNextEvent (this=0x8180f60, mayWait=1, result=0xbfcb3264)
    at /usr/local/src/moz/cvs/mozilla/xpcom/threads/nsThread.cpp:510
#12 0xb7b1c83c in NS_ProcessNextEvent_P (thread=0xffffffff, mayWait=1) at nsThreadUtils.cpp:227
#13 0xb7a6861b in nsBaseAppShell::Run (this=0x819f830)
    at /usr/local/src/moz/cvs/mozilla/widget/src/xpwidgets/nsBaseAppShell.cpp:170
#14 0xb78fe870 in nsAppStartup::Run (this=0x82b9ca0)
    at /usr/local/src/moz/cvs/mozilla/toolkit/components/startup/src/nsAppStartup.cpp:181
#15 0xb7201847 in XRE_main (argc=3, argv=0xbfcb3974, aAppData=0x8111380)
    at /usr/local/src/moz/cvs/mozilla/toolkit/xre/nsAppRunner.cpp:3170
#16 0x08048ae0 in main (argc=3, argv=0xbfcb3974)
    at /usr/local/src/moz/cvs/mozilla/browser/app/nsBrowserApp.cpp:158
(gdb) f
#0  nsDocShell::ConfirmRepost (this=0xb2d7240, aRepost=0xbfcb2f58)
    at /usr/local/src/moz/cvs/mozilla/docshell/base/nsDocShell.cpp:8873
8873                       button0Title.get(), nsnull, nsnull, nsnull, nsnull, &buttonPressed);
(gdb) l 8870,8873
8870             ConfirmEx(nsnull, msgString.get(),
8871                       (nsIPrompt::BUTTON_POS_0 * nsIPrompt::BUTTON_TITLE_IS_STRING) +
8872                       (nsIPrompt::BUTTON_POS_1 * nsIPrompt::BUTTON_TITLE_CANCEL),
8873                       button0Title.get(), nsnull, nsnull, nsnull, nsnull, &buttonPressed);
(gdb) info local
rv = 0
prompter = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
stringBundleService = {<nsCOMPtr_base> = {mRawPtr = 0x822d660}, <No data fields>}
appBundle = {<nsCOMPtr_base> = {mRawPtr = 0x898c7c0}, <No data fields>}
brandBundle = {<nsCOMPtr_base> = {mRawPtr = 0x861d0a0}, <No data fields>}
brandName = {<nsString> = {<nsAString_internal> = {<nsSubstring_base> = {<No data fields>}, mData = 0x85da160,
      mLength = 9, mFlags = 9}, <No data fields>}, <No data fields>}
msgString = {<nsString> = {<nsAString_internal> = {<nsSubstring_base> = {<No data fields>}, mData = 0x9df9b20,
      mLength = 150, mFlags = 9}, <No data fields>}, <No data fields>}
button0Title = {<nsString> = {<nsAString_internal> = {<nsSubstring_base> = {<No data fields>},
      mData = 0x8b71360, mLength = 6, mFlags = 9}, <No data fields>}, <No data fields>}
buttonPressed = <value optimized out>
(gdb) x/i $pc
0xb78810f7 <_ZN10nsDocShell13ConfirmRepostEPi+679>:     mov    (%edx),%eax
(gdb) p/x $edx
$1 = 0x0

0xb7880e61 <_ZN10nsDocShell13ConfirmRepostEPi+17>:      pop    %ebx
0xb7880e62 <_ZN10nsDocShell13ConfirmRepostEPi+18>:      add    $0x6125ff,%ebx
0xb7880e68 <_ZN10nsDocShell13ConfirmRepostEPi+24>:      mov    0x8(%ebp),%esi
0xb7880e6b <_ZN10nsDocShell13ConfirmRepostEPi+27>:      movl   $0x0,-0x14(%ebp)
0xb7880e72 <_ZN10nsDocShell13ConfirmRepostEPi+34>:      lea    -0x14(%ebp),%eax
0xb7880e75 <_ZN10nsDocShell13ConfirmRepostEPi+37>:      mov    %eax,-0xd0(%ebp)
0xb7880e7b <_ZN10nsDocShell13ConfirmRepostEPi+43>:
    call   0xb7b16600 <_ZN13nsCOMPtr_base16begin_assignmentEv>
[...]
0xb78810f4 <_ZN10nsDocShell13ConfirmRepostEPi+676>:     mov    -0x14(%ebp),%edx
0xb78810f7 <_ZN10nsDocShell13ConfirmRepostEPi+679>:     mov    (%edx),%eax
0xb78810f9 <_ZN10nsDocShell13ConfirmRepostEPi+681>:     mov    0x1c(%eax),%ecx
0xb78810fc <_ZN10nsDocShell13ConfirmRepostEPi+684>:     testb  $0x2,-0x78(%ebp)
0xb7881100 <_ZN10nsDocShell13ConfirmRepostEPi+688>:
    je     0xb78811d0 <_ZN10nsDocShell13ConfirmRepostEPi+896>
The script didn't actually successfully complete.
http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/docshell/base/nsDocShell.cpp&rev=1.907&mark=8832,8847,8874#8828
Assignee: nobody → jwalden+bmo
Component: General → Embedding: Docshell
Keywords: crash
Product: Firefox → Core
Summary: crash on view source for page on cgi-script → crash on view source for page on cgi-script [@ nsDocShell::ConfirmRepost]
Version: unspecified → Trunk
QA Contact: general → docshell
Looks like prompter is indeed null.  How did that happen?

Rich, is this reliably reproducible?  Are there any extensions installed?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee: jwalden+bmo → nobody
Crash Signature: [@ nsDocShell::ConfirmRepost]
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.