Closed Bug 68576 Opened 24 years ago Closed 24 years ago

Browser crashed when loading an advogato page

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Platform:
Sun
Solaris
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: gtr, Assigned: adamlock)

References

(
URL
)

Details

From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (X11; U; SunOS 5.8 sun4u)
BuildID:    20001020721

I clicked on a link to the URL above in a slashdot article.  The browser dumped
core before the advogato page appeared.  When I restarted and went back there,
it worked properly.



Reproducible: Couldn't Reproduce

Actual Results:  Document http://www.slashdot.org/ loaded successfully
Illegal Instruction - core dumped

Expected Results:  Page loads normally.

This is the information at the crash site, taken from the SUN Workshop debugger:

Thread R state   root       function
1      a active  <none>     0xff0537b4
2      b active  <none>     _signotifywait
3        sleep   <none>     _reap_wait
4      a active  0xff0537b4 _libc_poll
5      a sleep   0xff0537b4 __lwp_sema_wait

   0x168c8(0x0, 0xff2d7ef0, 0x0, 0x5, 0x100d4, 0x0)
   Run__17nsAppShellService(0xdf548, 0xfe11ed30, 0xdf548, 0xfe11e08c,
 0x3f8, 0x1)
   Run__10nsAppShell(0x37e50, 0xfe02693c, 0x37e50, 0x142940, 0x0,
 0xffe)
   gtk_main(0x2c00, 0x2c00, 0x86d88, 0xfdc5d8d0, 0x21fb0, 0x0)
   g_main_run(0x177ea0, 0xfdffae3c, 0xfdf9a140, 0x868e0, 0x0, 0x0)
   g_main_iterate(0x4d4, 0xa98, 0x64, 0xa98, 0x4d4, 0x470)
   g_main_dispatch(0x4d4, 0xa98, 0x470, 0x4d4, 0xa98, 0xfddcca48)
   g_io_unix_dispatch(0x185168, 0xffbee3a0, 0x177ed0, 0xfddccb08, 0x0,
 0xffbee300)
   0xfe02609c(0x1709e0, 0x1, 0x177ed0, 0xfe026078, 0x1, 0x0)
   0xfe02638c(0x733d0, 0x5, 0x1, 0xfe026370, 0x0, 0x0)
   ProcessPendingEvents__16nsEventQueueImpl(0x733d0, 0xff21b388, 0x1,
 0x0, 0x0, 0x0)
   PL_ProcessPendingEvents(0xdf8d0, 0x0, 0x0, 0x0, 0x0, 0x0)
   PL_HandleEvent(0x963690, 0x362e0, 0x0, 0x0, 0x0, 0x0)
   HandlePLEvent__21nsStreamObserverEventP7PLEvent(0x963690,
 0xfd7e2e24, 0x64, 0xa98, 0x4d4, 0x470)
   HandleEvent__22nsOnDataAvailableEvent(0x963690, 0xfd7e38ac,
 0xfef9e000, 0x1, 0xa98, 0xfddcca48)
   
OnDataAvailable__20nsHTTPServerListenerP10nsIChannelP11nsISupportsP14nsIInputStreamUiUi
(0xa37248, 0xa3e334, 0x527d10, 0x80c314, 0xa3e334, 0x4b6)
   FinishedResponseHeaders__20nsHTTPServerListener(0xa37248,
 0xffbede5c, 0x4b8, 0xffbede60, 0x1, 0x0)
   OnStartRequest__23InterceptStreamListenerP10nsIChannelP11nsISupports
(0xa660b0, 0x527d10, 0x0, 0xfd8077f4, 0xa660b0, 0xff203b3c)
   OnStartRequest__19nsHTTPFinalListenerP10nsIChannelP11nsISupports
(0x6c7e60, 0x527d10, 0x0, 0xfd82ac0c, 0xffffffff, 0xffbedd34)
   OnStartRequest__18nsDocumentOpenInfoP10nsIChannelP11nsISupports
(0x898360, 0x527d10, 0x0, 0xfd66d9b0, 0x2, 0xa3e542)
   DispatchContent__18nsDocumentOpenInfoP10nsIChannelP11nsISupports
(0xffbedba8, 0xffbedbb0, 0x0, 0x898360, 0x527d10, 0x1898)
   
DoContent__22nsDSURIContentListenerPCciT1P10nsIChannelPP17nsIStreamListenerPi
(0x4dcc18, 0xffbedb68, 0x7, 0xff2ad47c, 0x527d10, 0xffbedbd0)
   
CreateContentViewer__10nsDocShellPCcP10nsIChannelPP17nsIStreamListener
(0x4e1708, 0xffbedb68, 0x527d10, 0xffbedbd0, 0xfd6c7ae4, 0xff00)
   Embed__10nsWebShellP16nsIContentViewerPCcP11nsISupports(0x4e1708,
 0x7738c0, 0xfd6e87e8, 0x0, 0xfd6ce2a4, 0xffbed9f0)
   Embed__10nsDocShellP16nsIContentViewerPCcP11nsISupports(0x4e1708,
 0x7738c0, 0xfd6e87e8, 0x0, 0xfd6cac58, 0x4e1728)
   SetupNewViewer__10nsWebShellP16nsIContentViewer(0x4e1708, 0x7738c0,
 0xfd6ce164, 0xfd6cae80, 0xfd6cb7e8, 0xfd3e5bc8)
   SetupNewViewer__10nsDocShellP16nsIContentViewer(0x4e1708, 0x7738c0,
 0x4e1828, 0xfc6c5640, 0x7a0c50, 0xec31030f)
   Init__18DocumentViewerImplP9nsIWidgetP16nsIDeviceContextRC6nsRect
(0xff2d7ef0, 0x4e1be8, 0x4eb400, 0xffbed7b0, 0xfd049390, 0xfd6d18ac)
   SetNewDocument__16GlobalWindowImplP14nsIDOMDocument(0x4eb690,
 0x67b08c, 0x4eb690, 0xfe1d51c4, 0x67b08c, 0xffbed7ac)
   GC__11nsJSContext(0x4eb788, 0xfe1c6100, 0x4eb788, 0xff223c34,
 0xfdc5e420, 0xaac4a9)
   JS_GC(0x4eb7c8, 0x2, 0xffbed498, 0xfe1178a0, 0x67b088, 0x0)
   js_ForceGC(0x4eb7c8, 0x4eb7e0, 0x4e148c, 0xff22f4d8, 0x3326c, 0x0)
   js_GC(0x4eb7c8, 0x0, 0x10, 0xff100864, 0x0, 0x0)
   js_FinalizeObject(0x4eb7c8, 0x513d60, 0xff0c44c8, 0x4eb7c8,
 0x57f190, 0xfdba1c84)
   0xfe21d950(0x4eb7c8, 0x513d60, 0xfe21d948, 0x8dfc0, 0x0, 0x90180)
   nsGenericFinalize__9nsJSUtilsP9JSContextP8JSObject(0x685480,
 0x513d60, 0x8dfc0, 0xff0b1100, 0x752a0, 0x57f250)
   Release__17nsHTMLHtmlElement(0x685458, 0xfcebb098, 0x68545c,
 0xfd05f584, 0xbff98, 0xfdbadf5c)
   Release__16nsGenericElement(0x685458, 0x1, 0xfce2f854, 0x76d0e8,
 0xe9, 0x7f52c0)
   _17nsHTMLHtmlElement(0x685458, 0x3, 0xfcebb030, 0x7f52c8, 0x6587c8,
 0xe8)
   _29nsGenericHTMLContainerElement(0x685458, 0x3, 0xfe3622ec, 0x1,
 0x917100, 0x60)
   Release__17nsHTMLBodyElement(0x812188, 0xfcea8d34, 0xfd05e254,
 0xff100864, 0x0, 0x0)
   Release__16nsGenericElement(0x812188, 0x2, 0x3, 0x4eb7c8, 0x57f190,
 0xfdba1c84)
   _17nsHTMLBodyElement(0x812188, 0x3, 0xfceaa1a8, 0x8dfc0, 0x0,
 0x90180)
   _11nsBodySuper(0x812188, 0x3, 0x8dfc0, 0x0, 0x752a0, 0x57f250)
  0x91d5c(0x812188, 0x3, 0x6838a0, 0xfef38000, 0xbff98, 0xfdbadf5c)

A few pages before the crash, the browser had loaded a page that is known to
have bad Javascript and _sometimes_ crashes mozilla directly (separate bug
report is on bugzilla somewhere...). It may be that page that corrupted mozilla,
not the advogato page.
No JS Engine issues apparent in stack trace. Reassigning to Embedding:Docshell 
for further triage. Note bug occured on Solaris -
Assignee: rogerl → adamlock
Status: UNCONFIRMED → NEW
Component: Javascript Engine → Embedding: Docshell
Ever confirmed: true
QA Contact: pschwartau → adamlock
I've reproduced this one now; it turns out to be nothing to do with the advogato
page.

To reproduce:
1. Go to http://www.roadwaffles.com/
2. Target page renders in part, then _seems_ to do a (slow) redirect to some
other site.
3. Think "sod that", press Back to try to get back to the target site.
4. Browser dumps core.

On the console, it now says
JavaScript error: 
http://www.roadwaffles.com/banners/bert.js line 143: missing ; before statement

Error loading URL http://www.roadwaffles.com/: 804b0002 
Segmentation Fault

It looks like it could be a JS issue, but I'm unable to reproduce the 
problem. From the stack trace it looks like an HTML element is being held by a 
script context, but when garbage collection occurs the element has already been 
destroyed causing a crash when the pointer is accessed.

Marking this WORKSFORME. If the problem is still reproduceable (in some easier 
fashion) preferably. Re open this bug/
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.