Closed Bug 8329 Opened 25 years ago Closed 25 years ago

[CRASHER] Looks like JavaScript write causes crash during document load

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 9035

People

(Reporter: kmcclusk, Assigned: mike+mozilla)

References

(
URL
)

Details

When I try to load http://www.stroud.com/ on WINNT with June 16 10:00am build it
dies with the following stack trace:

NTDLL! 77f76148()
nsDebug::PreCondition(char * 0x01d785f4, char * 0x01d785e4, char * 0x01d785b4,
int 147) line 126 + 13 bytes
nsContentList::Release(nsContentList * const 0x0130b4a0) line 147 + 41 bytes
nsHTMLDocument::Reset(nsIURL * 0x01332450) line 245 + 36 bytes
nsHTMLDocument::OpenCommon(nsIURL * 0x01332450) line 1248 + 18 bytes
nsHTMLDocument::Open(nsHTMLDocument * const 0x0127c628, JSContext * 0x010b6ac0,
long * 0x013fccc4, unsigned int 1) line 1326 + 18 bytes
nsHTMLDocument::ScriptWriteCommon(JSContext * 0x010b6ac0, long * 0x013fccc4,
unsigned int 1, int 0) line 1404 + 34 bytes
nsHTMLDocument::Write(nsHTMLDocument * const 0x0127c628, JSContext * 0x010b6ac0,
long * 0x013fccc4, unsigned int 1) line 1443
NSHTMLDocumentWrite(JSContext * 0x010b6ac0, JSObject * 0x01416668, unsigned int
1, long * 0x013fccc4, long * 0x0012f5ac) line 1148 + 24 bytes
js_Invoke(JSContext * 0x010b6ac0, unsigned int 1, int 0) line 655 + 26 bytes
js_Interpret(JSContext * 0x010b6ac0, long * 0x0012fdbc) line 2206 + 15 bytes
js_Execute(JSContext * 0x010b6ac0, JSObject * 0x01415000, JSScript * 0x013f6e20,
JSFunction * 0x00000000, JSStackFrame * 0x00000000, int 0, long * 0x0012fdbc)
line 820 + 13 bytes
JS_EvaluateUCScriptForPrincipals(JSContext * 0x010b6ac0, JSObject * 0x01415000,
JSPrincipals * 0x00000000, unsigned short * 0x02313038, unsigned int 4970, char
* 0x01278a60, unsigned int 0, long * 0x0012fdbc) line 2507 + 27 bytes
nsJSContext::EvaluateString(nsJSContext * const 0x010b6a80, const nsString &
{"<!--
isOpera = (navigator.userAgent.indexOf("Opera") != -1)
isNOp = ((parseInt(navigator.appVersion) < 4) | (isOpera))
isN3"}, char * 0x01278a60, unsigned int 0, nsString & {""}, int * 0x0012fde8)
line 138 + 64 bytes
HTMLContentSink::EvaluateScript(nsString & {"<!--
isOpera = (navigator.userAgent.indexOf("Opera") != -1)
isNOp = ((parseInt(navigator.appVersion) < 4) | (isOpera))
isN3"}, int 0) line 2810
nsDoneLoadingScript(nsIUnicharStreamLoader * 0x01234440, nsString & {"<!--
isOpera = (navigator.userAgent.indexOf("Opera") != -1)
isNOp = ((parseInt(navigator.appVersion) < 4) | (isOpera))
isN3"}, void * 0x0128b670, unsigned int 0) line 2835
nsUnicharStreamLoader::OnStopBinding(nsUnicharStreamLoader * const 0x01234444,
nsIURL * 0x01234240, unsigned int 0, unsigned short * 0x012931c0) line 156 + 31
bytes
nsDocumentBindInfo::OnStopBinding(nsDocumentBindInfo * const 0x012344c0, nsIURL
* 0x01234240, unsigned int 0, unsigned short * 0x012931c0) line 1539 + 30 bytes
OnStopBindingProxyEvent::HandleEvent(OnStopBindingProxyEvent * const 0x01293890)
line 593 + 45 bytes
StreamListenerProxyEvent::HandlePLEvent(PLEvent * 0x01293894) line 473 + 12
bytes
PL_HandleEvent(PLEvent * 0x01293894) line 491 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00ff24d0) line 452 + 9 bytes
_md_EventReceiverProc(void * 0x00530364, unsigned int 49332, unsigned int 0,
long 16721104) line 877 + 9 bytes
USER32! 77e71250()
Assignee: leger → mccabe
Component: JavaScript → Javascript Engine
QA Contact: leger → cbegle
Moving to Javascript Engine component.
kmcclusk...Javascript component is being retired shortly.  Please use Javascript
Engine for JS component bugs.

cbegle, is this for your folks?
QA Contact: cbegle → gerardok
i'll let mccabe re-componentize this, but it looks like a dom thing.
QA Contact: gerardok → desale
gerardok out...moving QA Contact to desale
Actually I'm not able to create this application crash so kinda tough to
generate talkback report. Application is not crashing.
Kevin McCluskey, can you see this crash ? If so please let me know talkback
report "Incident ID".
mike, the url for this bug longer crashes the browser. however the stack trace
is eerily similar to http://bugzilla.mozilla.org/show_bug.cgi?id=9035.  check
it out feel free to this a duplicate if you agree.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
Christine - Thanks for looking at this!

Seems likely to be a dup.  Marking it so.

*** This bug has been marked as a duplicate of 9035 ***
Status: RESOLVED → VERIFIED
Verified Duplicate
You need to log in before you can comment on or make changes to this bug.