Closed Bug 110395 Opened 23 years ago Closed 23 years ago

N620 crash [@ nsStyleContext::CalcStyleDifference ]

Categories

(Core :: CSS Parsing and Computation, defect, P3)

Product:
Core
Component:
CSS Parsing and Computation
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Milestone:
mozilla0.9.9

People

(Reporter: jcarpenter0524, Assigned: dbaron)

Details

(Keywords: crash, topcrash, Whiteboard: [bae:20011129])

Crash Data

This bug is a topcrasher for N620. Crash data range: 2001-11-04 to 2001-11-14 Keyword List : netscape(6), Stack Trace: nsStyleContext::CalcStyleDifference [d:\builds\seamonkey\mozilla\content\base\src\nsStyleContext.cpp line 623] CaptureChange [d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrameManager.cpp line 1600] FrameManager::ReResolveStyleContext [d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrameManager.cpp line 1690] FrameManager::ReResolveStyleContext [d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrameManager.cpp line 1839] FrameManager::ComputeStyleChangeFor [d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrameManager.cpp line 2086] nsCSSFrameConstructor::AttributeChanged [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp line 10244] StyleSetImpl::AttributeChanged [d:\builds\seamonkey\mozilla\content\base\src\nsStyleSet.cpp line 1230] PresShell::AttributeChanged [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 5013] nsDocument::AttributeChanged [d:\builds\seamonkey\mozilla\content\base\src\nsDocument.cpp line 1718] nsHTMLDocument::AttributeChanged [d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLDocument.cpp line 1289] nsXULElement::UnsetAttr [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp line 3349] nsGfxScrollFrameInner::SetScrollbarVisibility [d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp line 1464] nsGfxScrollFrameInner::AddRemoveScrollbar [d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp line 967] nsGfxScrollFrameInner::AddVerticalScrollbar [d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp line 923] nsGfxScrollFrameInner::Layout [d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp line 1144] nsGfxScrollFrame::DoLayout [d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp line 1020] nsBox::Layout [d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBox.cpp line 975] nsBoxFrame::Reflow [d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp line 903] nsGfxScrollFrame::Reflow [d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp line 738] nsContainerFrame::ReflowChild [d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp line 723] ViewportFrame::Reflow [d:\builds\seamonkey\mozilla\layout\html\base\src\nsViewportFrame.cpp line 538] PresShell::InitialReflow [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 2673] HTMLContentSink::StartLayout [d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp line 3861] HTMLContentSink::OpenBody [d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp line 3146] CNavDTD::OpenBody [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp line 3119] CNavDTD::OpenContainer [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp line 3373] CNavDTD::HandleDefaultStartToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp line 1293] CNavDTD::HandleStartToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp line 1707] CNavDTD::HandleToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp line 884] CNavDTD::BuildModel [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp line 515] nsParser::BuildModel [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp line 2220] nsParser::ResumeParse [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp line 2084] nsParser::OnStopRequest [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp line 2715] nsDocumentOpenInfo::OnStopRequest [d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp line 256] nsStreamIOChannel::OnStopRequest [d:\builds\seamonkey\mozilla\netwerk\base\src\nsInputStreamChannel.cpp line 462] nsOnStopRequestEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsRequestObserverProxy.cpp line 162] PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 591] PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 524] _md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 1072] KERNEL32.DLL + 0x24407 (0xbff94407) 0x00688b5e Source File : http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/content/base/src/nsStyleContext.cpp line : 623 COMMENTS/URLs: (37989630) URL: www.mutualofamerica.com (37989390) URL: www.mutualofamerica.com (37988975) URL: www.mutualofamerica.com (37988807) URL: www.usb (37988807) Comments: opening netscape (37988687) URL: www.usb (37988687) Comments: trying to go to www.usbank.com got as far as www.usb (37976602) URL: Http://www.pickuplines-for-monks.org/BigGeorgeW/myfriendbillyC.exe.org.sys.nav.net.cc.hey.how.zit.go.ini (37976210) URL: Http://www.pickuplines-for-monks.org/BigGeorgeW/myfriendbillyC.exe.org.sys.nav.net.cc.hey.how.zit.go.ini (37974039) URL: Http://www.pickuplines-for-monks.org/BigGeorgeW/myfriendbillyC.exe.org.sys.nav.net.cc.hey.how.zit.go.ini (37974039) Comments: I was hitting the computer with a sledge hammer while zapping the chips inside the computer with volts of static electricity--at the same time my dog came in and marked the computer HIS TERRITORY you know how that goes. But anyway thanks a million (37974039) Comments: yo. (37970152) URL: www.omahasteaks.com (37956465) Comments: typing a url in the url box (37952238) URL: www.clarin.com (37940615) URL: www.sportsmanguide.com (37940516) URL: www.cooking.com (37940516) Comments: trying to run n6.2 (37940495) URL: www.cooking.com (37934768) Comments: I was opening netmeeting when it crashed..(rather repeatedly) (37920487) Comments: on netscape 6.2 trying to use mail multiple failures unlocked with norton. (37911181) Comments: just downloaded it and now it will not work (37907233) Comments: going to a site locked my computer- unlocked with norton crash guard. (37901602) URL: www.zdnet.com (37891054) URL: www.dslreports.com (37891040) URL: www.dslreports.com (37890092) URL: www.ronssmokeshop.com (37861585) Comments: tried to send an instant message. clicked on a person on my buddy list. netscape 6.2 crashed. (37857709) URL: www.wellsfargo.com (37846675) Comments: I was trying to activate instant messenger and the program failed. I will be attempting to restart. (37839539) Comments: NETSCP6 causou uma falha de pagina invalida nomodulo GKCONTENT.DLL em 0167:6021fb3b.Registros:EAX=01cd8c94 CS=0167 EIP=6021fb3b EFLGS=00010297EBX=01db98dc SS=016f ESP=0068dd60 EBP=0068dd6cECX=01d18c50 DS=016f ESI=0068dd84 FS=0eafEDX=01d18cd8 (37839539) Comments: ES=016f EDI=01d18c50 GS=0000Bytes em CS:EIP:3e 07 7d 29 8b 03 6a 03 8b cb ff 50 48 89 45 0c Esvaziamento da pilha:01fed2c0 01d18eb4 00000000 0068dd88 6037ece1 01db98dc 01cd8c94 0068dd84 00000000 00000000 0068dde4 6037e7a8 01d18c50 01db98dc (37839539) Comments: 01d18eb4 02a23f70 (37805301) Comments: how can I connect to netscape srvere and how much does it cost (37804731) Comments: I was openig netscape (37804718) Comments: I was trying to start Netscape (37777277) Comments: startup (37769088) Comments: Deleting Mail (37769004) Comments: Reading Email just opened a piece of mail and bam...crash (37751974) URL: c/net.com (37751974) Comments: system scan (37750087) URL: www.zdnet.com (37749667) URL: www.clarin.com (37728984) Comments: signing on (37711526) Comments: playing games (37675427) URL: BET.com (37675427) Comments: Browsing the above listed site. (37646462) URL: www.download.com (37646462) Comments: I was just going to the site (37620944) Comments: typing in a urli have 550 meg of ram30 gig hdwhy did this happenj thompson (37601087) Comments: Won't load.
Keywords: crash, topcrash
changing topcrash bugs to critical
Severity: normal → critical
moving this into the current bucket to get on Marc's radar
Priority: -- → P2
Whiteboard: [bae:20011129]
Target Milestone: --- → mozilla0.9.7
Stack looks more like a style issue than a layout issue - over to Style to check it out.
Assignee: attinasi → dbaron
Component: Layout → Style System
QA Contact: petersen → ian
This seems like stack pointer corruption. The crash is occurring at the first of the following instructions: 6021fb3b 3e07 pop es 6021fb3d 7d29 jge 6021fb68 6021fb3f 8b03 mov eax,[ebx] 6021fb41 6a03 push 0x3 6021fb43 8bcb mov ecx,ebx 6021fb45 ff5048 call dword ptr [eax+0x48] 6021fb48 89450c mov [ebp+0xc],eax 6021fb4b 8b07 mov eax,[edi] 6021fb4d 6a03 push 0x3 6021fb4f 8bcf mov ecx,edi 6021fb51 ff5048 call dword ptr [eax+0x48] 6021fb54 39450c cmp [ebp+0xc],eax 6021fb57 740f jz 6021fb68 6021fb59 8b4db9 mov ecx,[ebp-0x47] with registers: EAX: 021eb668 EBX: 021db924 ECX: 0068ec70 EDX: 00000000 ESI: 0068ecfc EDI: 021dbbb4 ESP: 0068ecd8 EBP: 0068ece4 EIP: 6021fb3b CF PF AF zf SF of IF df nt RF vm IOPL: 0 CS: 015f DS: 0167 SS: 0167 ES: 0167 FS: 107f GS: 0000
So it looks like it's actually that the instruction pointer is wrong, since "pop es" doesn't really make sense as an instruction that would be here. The diassembly does look like it corresponds to: : if (aHint < NS_STYLE_HINT_MAX) { : const nsStyleBackground* background = (const nsStyleBackground*)GetStyleData(eStyleStruct_Background); : const nsStyleBackground* otherBackground = (const nsStyleBackground*)aOther->GetStyleData(eStyleStruct_Background); : if (background != otherBackground) {
I don't see this in current topcrash reports or reports for 0.9.5 or 0.9.6, so lowering priority since this bug has probably been fixed already. (Any ideas what might have fixed it?)
Priority: P2 → P3
Target Milestone: mozilla0.9.7 → mozilla0.9.8
CVS blame says that this part of the code was changed by Hyatt on Nov 14 (it wouldn't account for it being fixed in 0.9.5 and 0.9.6, though). Hyatt added a boolean to "stop at the first difference" so if there was a problem, maybe the code isn't even executed anymore because the background structure is amongst the last ones to be checked for a difference.
Target Milestone: mozilla0.9.8 → mozilla0.9.9
Marking as WORKSFORME since this hasn't shown up recently, at least as far as I can tell based on the public reports.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
checked talkback for similar stack signature. I have listed a few Incident IDs that show similar stack trace :- 5629343 5625502 5583692 reopening for further evaluation.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
I just did a search for recent crashes with this stack signature, and all were on N6.2x versions. None were on the trunk or on any more recent Mozilla or Netscape releases. I don't think it's worth working on bugs that appear only in such an old branch (especially one that is the #17 ranking crash in the Windows reports and doesn't show up in the Mac, Linux, or All platforms reports). If you disagree with this, please reopen the bug. (It was also interesting to note that the crash was reported by a small number of users and many of the users reported it a bunch of times in a row.) If you see this signature again on builds newer than N6.2x, please file a new bug that refers to this one rather than reopening this one.
Status: REOPENED → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → WORKSFORME
Crash Signature: [@ nsStyleContext::CalcStyleDifference ]
You need to log in before you can comment on or make changes to this bug.