Closed Bug 50960 Opened 24 years ago Closed 24 years ago

Crash while loading XML IRS test

Categories

(Core :: DOM: HTML Parser, defect, P3)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: hjtoi-bugzilla, Assigned: nisheeth_mozilla)

Details

(Keywords: crash, regression, Whiteboard: [nsbeta3+]) 

Load either Debug > Viwer Demos > #15 XML IRS or open file 
mozilla/layout/xml/tests/toc/rights.xml

We have bogus mRawPtr in nsCOMPtr, looks like it might have been deleted earlier 
(0xdddddddd). Not sure if this is a parser issue or nsCOMPtr or what, trying 
harishd first.

Stack trace:

nsQueryInterface::operator()(const nsID & {...}, void * * 0x0012f688) line 32 + 
23 bytes
nsCOMPtr<nsIAtom>::assign_from_helper(const nsCOMPtr_helper & {...}, const nsID 
& {...}) line 856 + 18 bytes
nsCOMPtr<nsIAtom>::nsCOMPtr<nsIAtom>(const nsQueryInterface & {...}) line 565
nsCOMPtr<nsIAtom>::Assert_NoQueryNeeded() line 500
nsGetterAddRefs<nsIAtom>::~nsGetterAddRefs<nsIAtom>() line 909
CWellFormedDTD::HandleStartToken(CToken * 0x03f7c968) line 641
CWellFormedDTD::HandleToken(CWellFormedDTD * const 0x04445c50, CToken * 
0x03f7c968, nsIParser * 0x03d391b0) line 521 + 12 bytes
CWellFormedDTD::BuildModel(CWellFormedDTD * const 0x04445c50, nsIParser * 
0x03d391b0, nsITokenizer * 0x044459d0, nsITokenObserver * 0x00000000, 
nsIContentSink * 0x03d3cd30) line 258 + 20 bytes
nsParser::BuildModel() line 1978 + 34 bytes
nsParser::ResumeParse(int 1, int 0) line 1859 + 11 bytes
nsParser::EnableParser(int 1) line 1496 + 15 bytes
CSSLoaderImpl::Cleanup(URLKey & {...}, SheetLoadData * 0x03af5e10) line 710
CSSLoaderImpl::SheetComplete(nsICSSStyleSheet * 0x00000000, SheetLoadData * 
0x03af5e10) line 833
CSSLoaderImpl::ParseSheet(nsIUnicharInputStream * 0x03af9fd0, SheetLoadData * 
0x03af5e10, int & 1, nsICSSStyleSheet * & 0x03af9f40) line 868
CSSLoaderImpl::DidLoadStyle(nsIStreamLoader * 0x03af5ca0, nsString * 0x03af9590 
{"/*
 * The contents of this file are subject to the Mozilla Public
 * License 
Version 1.1 (the "License"); you may not use this"}, SheetLoadData * 0x03af5e10, 
unsigned int 0) line 903 + 24 bytes
SheetLoadData::OnStreamComplete(SheetLoadData * const 0x03af5e10, 
nsIStreamLoader * 0x03af5ca0, nsISupports * 0x00000000, unsigned int 0, unsigned 
int 1802, const char * 0x03f27470) line 644
nsStreamLoader::OnStopRequest(nsStreamLoader * const 0x03af5ca4, nsIChannel * 
0x03af5ad0, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 
0x100a45e8 gCommonEmptyBuffer) line 121 + 78 bytes
nsHTTPFinalListener::OnStopRequest(nsHTTPFinalListener * const 0x03af58d0, 
nsIChannel * 0x03af5ad0, nsISupports * 0x00000000, unsigned int 0, const 
unsigned short * 0x100a45e8 gCommonEmptyBuffer) line 1155 + 42 bytes
InterceptStreamListener::OnStopRequest(InterceptStreamListener * const 
0x03aff2b0, nsIChannel * 0x03af5ad0, nsISupports * 0x00000000, unsigned int 0, 
const unsigned short * 0x100a45e8 gCommonEmptyBuffer) line 1186
nsHTTPChannel::ResponseCompleted(nsIStreamListener * 0x03aff2b0, unsigned int 0, 
const unsigned short * 0x100a45e8 gCommonEmptyBuffer) line 1778 + 42 bytes
nsHTTPServerListener::OnStopRequest(nsHTTPServerListener * const 0x03af39e0, 
nsIChannel * 0x03d30ee4, nsISupports * 0x03af5ad0, unsigned int 0, const 
unsigned short * 0x100a45e8 gCommonEmptyBuffer) line 726
nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x03af9530) line 
302
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x03af94e0) line 97 + 12 bytes
PL_HandleEvent(PLEvent * 0x03af94e0) line 587 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00b41150) line 528 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x020b0690, unsigned int 49427, unsigned int 0, 
long 11800912) line 1043 + 9 bytes
USER32! 77e71820()
00b41150()
Nominating for nsbeta3. This is a bad regression. We use this demo for a lot of 
testing and demoing. I'd even say this might be dogfood.
Severity: normal → critical
Keywords: crash, nsbeta3, regression
Nisheeth, this is something to do with mIDAttributeAtom that you added to the 
CStartToken.  When I tested my changes for token cache I did not take this into 
account. Now, it's haunting me. Might need some help from you ( though I'm 
asking you too early before actually exploring into the problem ). Anyway, will 
sleep first and then look into this bug.  Any input will be greatly appreciated.

Thanx
Status: NEW → ASSIGNED
Re-assigning to myself.
Assignee: harishd → nisheeth
Status: ASSIGNED → NEW
Marking bug nsbeta3+...

The getter for the ID attribute atom in the start toke, the parser node and the 
node info object was not addref'ing the returned atom.  The fix is checked in.  
Marking bug fixed.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Whiteboard: [nsbeta3+]
Not crashing anymore, verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.