Closed Bug 108226 Opened 23 years ago Closed 23 years ago

Crash as this page loads

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: moshe, Assigned: dbradley)

References

(
URL
)

Details

(Keywords: crash)

Attachments

(2 files)

a very different crash stack from the same page
3.03 KB, text/plain
Details
This is stack traces for the access, allocation, and freeing of the memory in question
4.65 KB, text/plain
Details
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.5) Gecko/20011011 BuildID: 2001101117 I have attempted to load this page several times and it crashes each time. I can't find anything in the page source that looks particularly suspicious. I have not tried a reboot cycle. Reproducible: Always Steps to Reproduce: 1. Go to URL 2. Crash
Could reproduce this crash on 2001103003 Win98. Mozilla crashes when finished loading. My TalkbackID: TB37556672W
Reproduced this crash under Linux 2001110121. TB ID = TB37559742M
CC Stephend for Talkback TB37556672W (Thanks !)
Keywords: crash
Incident ID 37556672 Stack Signature XPCOM.DLL + 0x3a74b (0x60f0a74b) a7d94b34 Bug ID Trigger Time 2001-11-02 12:29:14 Email Address nine@detonation.org URL visited http://www.fonix.com/solutions/case_intel.php User Comments Crashed when finished loading this site Build ID 2001103013 Product ID MozillaTrunk Platform ID Win32 Trigger Reason Access violation Stack Trace XPCOM.DLL + 0x3a74b (0x60f0a74b) XPCOM.DLL + 0x3a68b (0x60f0a68b) GKGFX.DLL + 0x18f1 (0x60c818f1) GKGFXWIN.DLL + 0x592d (0x6032592d) GKGFX.DLL + 0x4380 (0x60c84380) GKGFX.DLL + 0x3b87 (0x60c83b87) GKLAYOUT.DLL + 0x16a22 (0x60356a22) GKLAYOUT.DLL + 0x1b1d9 (0x6035b1d9) GKLAYOUT.DLL + 0x2c4a4 (0x6036c4a4) GKLAYOUT.DLL + 0x15592 (0x60355592) GKLAYOUT.DLL + 0x153a5 (0x603553a5) GKLAYOUT.DLL + 0x152c2 (0x603552c2) GKLAYOUT.DLL + 0x2c4a4 (0x6036c4a4) GKLAYOUT.DLL + 0x33bc9 (0x60373bc9) GKLAYOUT.DLL + 0x33a57 (0x60373a57) GKLAYOUT.DLL + 0x33931 (0x60373931) GKLAYOUT.DLL + 0x33812 (0x60373812) GKLAYOUT.DLL + 0x32a01 (0x60372a01) GKLAYOUT.DLL + 0x324ae (0x603724ae) GKLAYOUT.DLL + 0x317fb (0x603717fb) GKLAYOUT.DLL + 0x2e7a2 (0x6036e7a2) GKLAYOUT.DLL + 0x2e40a (0x6036e40a) GKLAYOUT.DLL + 0x3198f (0x6037198f) GKLAYOUT.DLL + 0x2e7a2 (0x6036e7a2) GKLAYOUT.DLL + 0x2e6b6 (0x6036e6b6) GKLAYOUT.DLL + 0x3158c (0x6037158c) GKLAYOUT.DLL + 0x24dce (0x60364dce) GKLAYOUT.DLL + 0xb5f7 (0x6034b5f7) GKLAYOUT.DLL + 0x8900d (0x603c900d) GKLAYOUT.DLL + 0x88c15 (0x603c8c15) GKLAYOUT.DLL + 0x8523a (0x603c523a) GKLAYOUT.DLL + 0x7fb06 (0x603bfb06) GKLAYOUT.DLL + 0x8523a (0x603c523a) GKLAYOUT.DLL + 0x86990 (0x603c6990) GKLAYOUT.DLL + 0x9bcd4 (0x603dbcd4) GKLAYOUT.DLL + 0x9be4c (0x603dbe4c) GKLAYOUT.DLL + 0x9bcff (0x603dbcff) GKLAYOUT.DLL + 0x8523a (0x603c523a) GKLAYOUT.DLL + 0x6b130 (0x603ab130) GKLAYOUT.DLL + 0x9b71f (0x603db71f) GKLAYOUT.DLL + 0x24dce (0x60364dce) GKLAYOUT.DLL + 0x9a84f (0x603da84f) GKLAYOUT.DLL + 0x2879b (0x6036879b) GKLAYOUT.DLL + 0x2245c (0x6036245c) GKLAYOUT.DLL + 0x22526 (0x60362526) GKLAYOUT.DLL + 0x2154e (0x6036154e) GKCONTENT.DLL + 0x18ab5 (0x01878ab5) GKCONTENT.DLL + 0x492ee (0x018a92ee) GKCONTENT.DLL + 0x420d2 (0x018a20d2) GKCONTENT.DLL + 0x4256c (0x018a256c) GKCONTENT.DLL + 0x41bcd (0x018a1bcd) XPCOM.DLL + 0x33c74 (0x60f03c74) XPC3250.DLL + 0x10791 (0x60c00791) XPC3250.DLL + 0x13e1b (0x60c03e1b) JS3250.DLL + 0x19cb5 (0x60ce9cb5) JS3250.DLL + 0x19f8c (0x60ce9f8c) JS3250.DLL + 0x269ee (0x60cf69ee) JS3250.DLL + 0x1e1b9 (0x60cee1b9) JS3250.DLL + 0x19cf2 (0x60ce9cf2) JS3250.DLL + 0x1ee3a (0x60ceee3a) JS3250.DLL + 0x19cf2 (0x60ce9cf2) JS3250.DLL + 0x1ee3a (0x60ceee3a) JS3250.DLL + 0x19cf2 (0x60ce9cf2) JS3250.DLL + 0x1ee3a (0x60ceee3a)
-> XPCOM (Talkback sucks the last 2 days - we need symbols)
Assignee: asa → dougt
Status: UNCONFIRMED → NEW
Component: Browser-General → XPCOM
Ever confirmed: true
QA Contact: doronr → scc
although, I do not believe that this is a xpconnect problem based on the current data. I am reassigning because default assignee/QA may know where to put this bug. _js_LookupProperty(JSContext * 0x05358570, JSObject * 0x01181280, long 94561024, JSObject * * 0x0012aa90, JSProperty * * 0x0012aa84, const char * 0x01871618, unsigned int 2365) line 2145 + 11 bytes js_GetProperty(JSContext * 0x05358570, JSObject * 0x01181280, long 94561024, long * 0x0012ab24) line 2365 + 35 bytes JS_GetProperty(JSContext * 0x05358570, JSObject * 0x01181280, const char * 0x05a2e3a6, long * 0x0012ab24) line 2353 + 27 bytes nsDOMClassInfo::PostCreate(nsDOMClassInfo * const 0x0549fab0, nsIXPConnectWrappedNative * 0x05a2eb50, JSContext * 0x05358570, JSObject * 0x05ab2058) line 1885 + 37 bytes nsElementSH::PostCreate(nsElementSH * const 0x0549fab0, nsIXPConnectWrappedNative * 0x05a2eb50, JSContext * 0x05358570, JSObject * 0x05ab2058) line 3357 + 21 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x057e4120, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012ae6c) line 404 XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012af74, nsISupports * 0x057e4120, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012af2c) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e4120, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012af74) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e4120, const nsID & {...}, long * 0x0012b008) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549faf0, nsISupports * 0x057e5d50, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012b150) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x057e5d50, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012b18c) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012b294, nsISupports * 0x057e5d50, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012b24c) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e5d50, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012b294) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e5d50, const nsID & {...}, long * 0x0012b328) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549fb30, nsISupports * 0x057e5bb0, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012b470) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x057e5bb0, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012b4ac) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012b5b4, nsISupports * 0x057e5bb0, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012b56c) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e5bb0, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012b5b4) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e5bb0, const nsID & {...}, long * 0x0012b648) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549fb70, nsISupports * 0x057e5a60, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012b790) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x057e5a60, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012b7cc) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012b8d4, nsISupports * 0x057e5a60, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012b88c) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e5a60, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012b8d4) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e5a60, const nsID & {...}, long * 0x0012b968) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549fab0, nsISupports * 0x057e5940, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012bab0) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x057e5940, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012baec) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012bbf4, nsISupports * 0x057e5940, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012bbac) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e5940, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012bbf4) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e5940, const nsID & {...}, long * 0x0012bc88) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549faf0, nsISupports * 0x057e5610, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012bdd0) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x057e5610, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012be0c) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012bf14, nsISupports * 0x057e5610, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012becc) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e5610, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012bf14) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e5610, const nsID & {...}, long * 0x0012bfa8) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549fb30, nsISupports * 0x057e75d0, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012c0f0) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x057e75d0, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012c12c) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012c234, nsISupports * 0x057e75d0, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012c1ec) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e75d0, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012c234) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057e75d0, const nsID & {...}, long * 0x0012c2c8) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549fb70, nsISupports * 0x05729c00, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012c410) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x05729c00, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012c44c) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012c554, nsISupports * 0x05729c00, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012c50c) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x05729c00, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012c554) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x05729c00, const nsID & {...}, long * 0x0012c5e8) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549fab0, nsISupports * 0x0579a9c0, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012c730) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x0579a9c0, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012c76c) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012c874, nsISupports * 0x0579a9c0, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012c82c) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x0579a9c0, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012c874) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x0579a9c0, const nsID & {...}, long * 0x0012c908) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549faf0, nsISupports * 0x057add70, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012ca50) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x057add70, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012ca8c) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012cb94, nsISupports * 0x057add70, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012cb4c) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057add70, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012cb94) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057add70, const nsID & {...}, long * 0x0012cc28) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549fb30, nsISupports * 0x057add10, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012cd70) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x057add10, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012cdac) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012ceb4, nsISupports * 0x057add10, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012ce6c) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057add10, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012ceb4) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057add10, const nsID & {...}, long * 0x0012cf48) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549fb70, nsISupports * 0x057adcb0, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012d090) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x057adcb0, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012d0cc) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012d1d4, nsISupports * 0x057adcb0, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012d18c) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057adcb0, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012d1d4) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057adcb0, const nsID & {...}, long * 0x0012d268) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549fab0, nsISupports * 0x057adb50, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012d3b0) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x057adb50, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012d3ec) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012d4f4, nsISupports * 0x057adb50, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012d4ac) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057adb50, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012d4f4) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x057adb50, const nsID & {...}, long * 0x0012d588) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549faf0, nsISupports * 0x054e94a0, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012d6d0) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x054e94a0, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012d70c) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012d814, nsISupports * 0x054e94a0, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012d7cc) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x054e94a0, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012d814) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x054e94a0, const nsID & {...}, long * 0x0012d8a8) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549fb30, nsISupports * 0x054ed660, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012d9f0) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x054ed660, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012da2c) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012db34, nsISupports * 0x054ed660, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012daec) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x054ed660, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012db34) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x054ed660, const nsID & {...}, long * 0x0012dbc8) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x0549fb70, nsISupports * 0x054fd4d0, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012dd10) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x054fd4d0, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012dd4c) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012de54, nsISupports * 0x054fd4d0, const nsID * 0x02181090 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012de0c) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x054fd4d0, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012de54) line 493 + 29 bytes nsDOMClassInfo::WrapNative(JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x054fd4d0, const nsID & {...}, long * 0x0012dee8) line 779 + 58 bytes nsNodeSH::PreCreate(nsNodeSH * const 0x05a2d430, nsISupports * 0x0572a9d0, JSContext * 0x05358570, JSObject * 0x01181280, JSObject * * 0x0012e030) line 3173 + 37 bytes XPCWrappedNative::GetNewOrUsed(XPCCallContext & {...}, nsISupports * 0x0572a9d0, XPCWrappedNativeScope * 0x05358290, XPCNativeInterface * 0x03989a90, XPCWrappedNative * * 0x0012e06c) line 275 + 58 bytes XPCConvert::NativeInterface2JSObject(XPCCallContext & {...}, nsIXPConnectJSObjectHolder * * 0x0012e24c, nsISupports * 0x0572a9d0, const nsID * 0x024c10d8 iid_NS_ISUPPORTS_IID, JSObject * 0x01181280, unsigned int * 0x0012e12c) line 809 + 30 bytes nsXPConnect::WrapNative(nsXPConnect * const 0x0354c5e0, JSContext * 0x05358570, JSObject * 0x01181280, nsISupports * 0x0572a9d0, const nsID & {...}, nsIXPConnectJSObjectHolder * * 0x0012e24c) line 493 + 29 bytes nsEventListenerManager::CompileEventHandlerInternal(nsIScriptContext * 0x05358ae0, nsISupports * 0x0572a9d0, nsIAtom * 0x03546bd0, nsListenerStruct * 0x057e8d50, unsigned int 16) line 1065 + 87 bytes nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x057e8d50, nsIDOMEvent * 0x05a2d044, nsIDOMEventTarget * 0x057760f0, unsigned int 16, unsigned int 2) line 1161 + 49 bytes nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x057e8e40, nsIPresContext * 0x0578b1e0, nsEvent * 0x0012f028, nsIDOMEvent * * 0x0012ef50, nsIDOMEventTarget * 0x057760f0, unsigned int 2, nsEventStatus * 0x0012f070) line 1381 + 36 bytes nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x0572a9d0, nsIPresContext * 0x0578b1e0, nsEvent * 0x0012f028, nsIDOMEvent * * 0x0012ef50, unsigned int 2, nsEventStatus * 0x0012f070) line 1863 nsGenericHTMLElement::HandleDOMEventForAnchors(nsIContent * 0x0572a9d0, nsIPresContext * 0x0578b1e0, nsEvent * 0x0012f028, nsIDOMEvent * * 0x0012ef50, unsigned int 2, nsEventStatus * 0x0012f070) line 1671 + 32 bytes nsHTMLAnchorElement::HandleDOMEvent(nsHTMLAnchorElement * const 0x0572a9d0, nsIPresContext * 0x0578b1e0, nsEvent * 0x0012f028, nsIDOMEvent * * 0x0012ef50, unsigned int 2, nsEventStatus * 0x0012f070) line 419 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x057e8ad0, nsIPresContext * 0x0578b1e0, nsEvent * 0x0012f028, nsIDOMEvent * * 0x0012ef50, unsigned int 1, nsEventStatus * 0x0012f070) line 1884 + 50 bytes nsHTMLImageElement::HandleDOMEvent(nsHTMLImageElement * const 0x057e8ad0, nsIPresContext * 0x0578b1e0, nsEvent * 0x0012f028, nsIDOMEvent * * 0x00000000, unsigned int 1, nsEventStatus * 0x0012f070) line 582 nsEventStateManager::GenerateMouseEnterExit(nsIPresContext * 0x0578b1e0, nsGUIEvent * 0x0012f8c8) line 2153 nsEventStateManager::PreHandleEvent(nsEventStateManager * const 0x05752d88, nsIPresContext * 0x0578b1e0, nsEvent * 0x0012f8c8, nsIFrame * 0x012e11b4, nsEventStatus * 0x0012f7bc, nsIView * 0x053647f0) line 361 PresShell::HandleEventInternal(nsEvent * 0x0012f8c8, nsIView * 0x053647f0, unsigned int 1, nsEventStatus * 0x0012f7bc) line 5788 + 43 bytes PresShell::HandleEvent(PresShell * const 0x05725284, nsIView * 0x053647f0, nsGUIEvent * 0x0012f8c8, nsEventStatus * 0x0012f7bc, int 0, int & 1) line 5719 + 25 bytes nsView::HandleEvent(nsView * const 0x053647f0, nsGUIEvent * 0x0012f8c8, unsigned int 8, nsEventStatus * 0x0012f7bc, int 0, int & 1) line 392 nsView::HandleEvent(nsView * const 0x053609d0, nsGUIEvent * 0x0012f8c8, unsigned int 8, nsEventStatus * 0x0012f7bc, int 0, int & 1) line 365 nsView::HandleEvent(nsView * const 0x05725990, nsGUIEvent * 0x0012f8c8, unsigned int 28, nsEventStatus * 0x0012f7bc, int 1, int & 1) line 365 nsViewManager::DispatchEvent(nsViewManager * const 0x05725b30, nsGUIEvent * 0x0012f8c8, nsEventStatus * 0x0012f7bc) line 2069 HandleEvent(nsGUIEvent * 0x0012f8c8) line 83 nsWindow::DispatchEvent(nsWindow * const 0x05363bd4, nsGUIEvent * 0x0012f8c8, nsEventStatus & nsEventStatus_eIgnore) line 744 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f8c8) line 765 nsWindow::DispatchMouseEvent(unsigned int 300, nsPoint * 0x00000000) line 4317 + 21 bytes ChildWindow::DispatchMouseEvent(unsigned int 300, nsPoint * 0x00000000) line 4569 nsWindow::ProcessMessage(unsigned int 512, unsigned int 0, long 4325645, long * 0x0012fce4) line 3229 + 24 bytes nsWindow::WindowProc(HWND__ * 0x00130398, unsigned int 512, unsigned int 0, long 4325645) line 1012 + 27 bytes USER32! 77e148dc() USER32! 77e14aa7() USER32! 77e266fd() nsAppShellService::Run(nsAppShellService * const 0x03a98940) line 303 main1(int 1, char * * 0x00480030, nsISupports * 0x00000000) line 1304 + 32 bytes main(int 1, char * * 0x00480030) line 1630 + 37 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 7
Assignee: dougt → dbradley
Component: XPCOM → XPConnect
QA Contact: scc → pschwartau
I see a completely different crash stack for this site. I'm doing a new build and will report further if I see it the same again.
Well, I'll go ahead and report what I saw... It crashed with a stack I'll attach. It crashed in js gc after finishing a call through xpconnect to a wrapped JS implmentation of nsIWebProgressListener::onStateChange. It crashed because cx->fp->down was non-null garbage. The cx in question was the same one we had just called JS on. It seems unlikely to me that it should have had an fp at all. cx->fp has stuff in it that indicates a getter call to a wrapped native nsHTMLDivElement. I don't know if this call happened inside the JS webprogresslistener or was left over on the cx from some time before. I'm not surewhy that frame is there, but it certainly should not have a garbage fp->down! I'll attach the stack and report what I see from a newer build.
I ran a release-with-symbols build and it crashed trying to do string assigns from a garbage string in a garbage font in the style system stuff. I'll try Purify.
Yeh, I just ran with Purify, It's not complete, but it's turning up bad writes in nsSpaceManager::Translate
Oh, I missed the Array Bounds Write. I'm not sure where this one is coming from. It occurs in LookupAccountNameW. The last function I have on Purify's stack is StgGetIFillLockBytesOnFile in ole32.dll. I'll see if I can get more stack info on this one.
I watched more closely this run, the Array bounds write, was caused by pasting the URL in. So it's probably not an issue for this bug. nsSpaceManager::Translate looks to be the culprit. The mSpaceManager has been free'd, Purify generates a Free memory read for this. I'll attack a stack trace from Purify
I'm going to reassign this to dbaron since it looks like he added the space manager code to the reflow logic.
Assignee: dbradley → dbaron
The nsSpaceManager FMR/FMW was fixed last week. See bug 108017. Back to you.
Assignee: dbaron → dbradley
(And I think bug 108017 would have been unlikely to cause a crash, anyway, since it was writing to the freed memory without any intervening allocations.)
Some heap implementations, and I believe VC++ does or did in the past, link the free'd blocks to together. Writing to the freed area overwrites those links, which can cause a wide range of problems. I'll rerun with a pull from today, to make sure I was running with dbaron's patch.
With a pull from the trunk today I'm no longer seeing crashes on this page. Either dbaron's patch fixed it or there was another fix. Could someone else double check this, reporter, with a current build?
This is also fixed for me (10 min old CVS/win2k)
The site also loads fine for me with a debug build 2001-11-06 WinNT. Marking WORKSFORME + VERIFIED based on this and the above comments.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
moshe@pobox.com: if for some reason the site still crashes for you with an up-to-date build, please reopen this bug - thanks.
Status: RESOLVED → VERIFIED
(1) I (the reporter) have verified that this page does not crash using the nightly build, 2001110703. (2) I will try to get Talkback fixed for use with autoproxies so that next time I can add the talkback ID#. (3) Finally, my thanks to everyone who worked on this bug. Frankly, I'm amazed at the enthusiasm; I have rarely seen such responsive and responsible behavior.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: