Closed
Bug 68576
Opened 24 years ago
Closed 24 years ago
Browser crashed when loading an advogato page
Categories
(Core :: DOM: Navigation, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: gtr, Assigned: adamlock)
References
()
Details
From Bugzilla Helper: User-Agent: Mozilla/4.76 [en] (X11; U; SunOS 5.8 sun4u) BuildID: 20001020721 I clicked on a link to the URL above in a slashdot article. The browser dumped core before the advogato page appeared. When I restarted and went back there, it worked properly. Reproducible: Couldn't Reproduce Actual Results: Document http://www.slashdot.org/ loaded successfully Illegal Instruction - core dumped Expected Results: Page loads normally. This is the information at the crash site, taken from the SUN Workshop debugger: Thread R state root function 1 a active <none> 0xff0537b4 2 b active <none> _signotifywait 3 sleep <none> _reap_wait 4 a active 0xff0537b4 _libc_poll 5 a sleep 0xff0537b4 __lwp_sema_wait 0x168c8(0x0, 0xff2d7ef0, 0x0, 0x5, 0x100d4, 0x0) Run__17nsAppShellService(0xdf548, 0xfe11ed30, 0xdf548, 0xfe11e08c, 0x3f8, 0x1) Run__10nsAppShell(0x37e50, 0xfe02693c, 0x37e50, 0x142940, 0x0, 0xffe) gtk_main(0x2c00, 0x2c00, 0x86d88, 0xfdc5d8d0, 0x21fb0, 0x0) g_main_run(0x177ea0, 0xfdffae3c, 0xfdf9a140, 0x868e0, 0x0, 0x0) g_main_iterate(0x4d4, 0xa98, 0x64, 0xa98, 0x4d4, 0x470) g_main_dispatch(0x4d4, 0xa98, 0x470, 0x4d4, 0xa98, 0xfddcca48) g_io_unix_dispatch(0x185168, 0xffbee3a0, 0x177ed0, 0xfddccb08, 0x0, 0xffbee300) 0xfe02609c(0x1709e0, 0x1, 0x177ed0, 0xfe026078, 0x1, 0x0) 0xfe02638c(0x733d0, 0x5, 0x1, 0xfe026370, 0x0, 0x0) ProcessPendingEvents__16nsEventQueueImpl(0x733d0, 0xff21b388, 0x1, 0x0, 0x0, 0x0) PL_ProcessPendingEvents(0xdf8d0, 0x0, 0x0, 0x0, 0x0, 0x0) PL_HandleEvent(0x963690, 0x362e0, 0x0, 0x0, 0x0, 0x0) HandlePLEvent__21nsStreamObserverEventP7PLEvent(0x963690, 0xfd7e2e24, 0x64, 0xa98, 0x4d4, 0x470) HandleEvent__22nsOnDataAvailableEvent(0x963690, 0xfd7e38ac, 0xfef9e000, 0x1, 0xa98, 0xfddcca48) OnDataAvailable__20nsHTTPServerListenerP10nsIChannelP11nsISupportsP14nsIInputStreamUiUi (0xa37248, 0xa3e334, 0x527d10, 0x80c314, 0xa3e334, 0x4b6) FinishedResponseHeaders__20nsHTTPServerListener(0xa37248, 0xffbede5c, 0x4b8, 0xffbede60, 0x1, 0x0) OnStartRequest__23InterceptStreamListenerP10nsIChannelP11nsISupports (0xa660b0, 0x527d10, 0x0, 0xfd8077f4, 0xa660b0, 0xff203b3c) OnStartRequest__19nsHTTPFinalListenerP10nsIChannelP11nsISupports (0x6c7e60, 0x527d10, 0x0, 0xfd82ac0c, 0xffffffff, 0xffbedd34) OnStartRequest__18nsDocumentOpenInfoP10nsIChannelP11nsISupports (0x898360, 0x527d10, 0x0, 0xfd66d9b0, 0x2, 0xa3e542) DispatchContent__18nsDocumentOpenInfoP10nsIChannelP11nsISupports (0xffbedba8, 0xffbedbb0, 0x0, 0x898360, 0x527d10, 0x1898) DoContent__22nsDSURIContentListenerPCciT1P10nsIChannelPP17nsIStreamListenerPi (0x4dcc18, 0xffbedb68, 0x7, 0xff2ad47c, 0x527d10, 0xffbedbd0) CreateContentViewer__10nsDocShellPCcP10nsIChannelPP17nsIStreamListener (0x4e1708, 0xffbedb68, 0x527d10, 0xffbedbd0, 0xfd6c7ae4, 0xff00) Embed__10nsWebShellP16nsIContentViewerPCcP11nsISupports(0x4e1708, 0x7738c0, 0xfd6e87e8, 0x0, 0xfd6ce2a4, 0xffbed9f0) Embed__10nsDocShellP16nsIContentViewerPCcP11nsISupports(0x4e1708, 0x7738c0, 0xfd6e87e8, 0x0, 0xfd6cac58, 0x4e1728) SetupNewViewer__10nsWebShellP16nsIContentViewer(0x4e1708, 0x7738c0, 0xfd6ce164, 0xfd6cae80, 0xfd6cb7e8, 0xfd3e5bc8) SetupNewViewer__10nsDocShellP16nsIContentViewer(0x4e1708, 0x7738c0, 0x4e1828, 0xfc6c5640, 0x7a0c50, 0xec31030f) Init__18DocumentViewerImplP9nsIWidgetP16nsIDeviceContextRC6nsRect (0xff2d7ef0, 0x4e1be8, 0x4eb400, 0xffbed7b0, 0xfd049390, 0xfd6d18ac) SetNewDocument__16GlobalWindowImplP14nsIDOMDocument(0x4eb690, 0x67b08c, 0x4eb690, 0xfe1d51c4, 0x67b08c, 0xffbed7ac) GC__11nsJSContext(0x4eb788, 0xfe1c6100, 0x4eb788, 0xff223c34, 0xfdc5e420, 0xaac4a9) JS_GC(0x4eb7c8, 0x2, 0xffbed498, 0xfe1178a0, 0x67b088, 0x0) js_ForceGC(0x4eb7c8, 0x4eb7e0, 0x4e148c, 0xff22f4d8, 0x3326c, 0x0) js_GC(0x4eb7c8, 0x0, 0x10, 0xff100864, 0x0, 0x0) js_FinalizeObject(0x4eb7c8, 0x513d60, 0xff0c44c8, 0x4eb7c8, 0x57f190, 0xfdba1c84) 0xfe21d950(0x4eb7c8, 0x513d60, 0xfe21d948, 0x8dfc0, 0x0, 0x90180) nsGenericFinalize__9nsJSUtilsP9JSContextP8JSObject(0x685480, 0x513d60, 0x8dfc0, 0xff0b1100, 0x752a0, 0x57f250) Release__17nsHTMLHtmlElement(0x685458, 0xfcebb098, 0x68545c, 0xfd05f584, 0xbff98, 0xfdbadf5c) Release__16nsGenericElement(0x685458, 0x1, 0xfce2f854, 0x76d0e8, 0xe9, 0x7f52c0) _17nsHTMLHtmlElement(0x685458, 0x3, 0xfcebb030, 0x7f52c8, 0x6587c8, 0xe8) _29nsGenericHTMLContainerElement(0x685458, 0x3, 0xfe3622ec, 0x1, 0x917100, 0x60) Release__17nsHTMLBodyElement(0x812188, 0xfcea8d34, 0xfd05e254, 0xff100864, 0x0, 0x0) Release__16nsGenericElement(0x812188, 0x2, 0x3, 0x4eb7c8, 0x57f190, 0xfdba1c84) _17nsHTMLBodyElement(0x812188, 0x3, 0xfceaa1a8, 0x8dfc0, 0x0, 0x90180) _11nsBodySuper(0x812188, 0x3, 0x8dfc0, 0x0, 0x752a0, 0x57f250) 0x91d5c(0x812188, 0x3, 0x6838a0, 0xfef38000, 0xbff98, 0xfdbadf5c) A few pages before the crash, the browser had loaded a page that is known to have bad Javascript and _sometimes_ crashes mozilla directly (separate bug report is on bugzilla somewhere...). It may be that page that corrupted mozilla, not the advogato page.
Comment 1•24 years ago
|
||
No JS Engine issues apparent in stack trace. Reassigning to Embedding:Docshell for further triage. Note bug occured on Solaris -
Assignee: rogerl → adamlock
Status: UNCONFIRMED → NEW
Component: Javascript Engine → Embedding: Docshell
Ever confirmed: true
QA Contact: pschwartau → adamlock
I've reproduced this one now; it turns out to be nothing to do with the advogato page. To reproduce: 1. Go to http://www.roadwaffles.com/ 2. Target page renders in part, then _seems_ to do a (slow) redirect to some other site. 3. Think "sod that", press Back to try to get back to the target site. 4. Browser dumps core. On the console, it now says JavaScript error: http://www.roadwaffles.com/banners/bert.js line 143: missing ; before statement Error loading URL http://www.roadwaffles.com/: 804b0002 Segmentation Fault
It looks like it could be a JS issue, but I'm unable to reproduce the problem. From the stack trace it looks like an HTML element is being held by a script context, but when garbage collection occurs the element has already been destroyed causing a crash when the pointer is accessed. Marking this WORKSFORME. If the problem is still reproduceable (in some easier fashion) preferably. Re open this bug/
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•