Closed
Bug 111994
Opened 23 years ago
Closed 23 years ago
Crash on reload of XSLT-styled document
Categories
(Core :: XSLT, defect)
Tracking
()
VERIFIED
WORKSFORME
People
(Reporter: xyzzy, Assigned: keith)
Details
(Keywords: crash, testcase, Whiteboard: dupeme)
Attachments
(2 files)
sicking, here's one for you...
Talkback Incident TB38524291H
Can reproduce 100%:
1) load test.xml
2) reload it
Expected result: reload
Actual result: crash
Comment 3•23 years ago
|
||
The result of this is
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/REC-html40/loose.dtd">
<html>
<body>
<img src="name">
</body>
</html>
which on first load gives a
Error reading file /home/ah/source/XSLT/tmp/name
and on reload segfaults with the stacktrace below.
CC'ing pavlov, I don't think that's us. Pav, is that stacktrace familiar to you?
#0 0xfb5b85bc in nsImageListener::OnStartDecode (this=0xa83828,
aRequest=0xa51f28, aContext=0x9ed5c8)
at /tmp/mozilla/layout/html/base/src/nsImageFrame.cpp:2198
#1 0xfbd4f248 in imgRequestProxy::OnStartDecode (this=0xa51f28)
at /tmp/mozilla/modules/libpr0n/src/imgRequestProxy.cpp:287
#2 0xfbd4bd20 in imgRequest::OnStartDecode (this=0xa725e0, request=0x0,
cx=0x0) at /tmp/mozilla/modules/libpr0n/src/imgRequest.cpp:336
#3 0xfbca6318 in BeginGIF (aClientData=0x94cb18, aLogicalScreenWidth=14,
aLogicalScreenHeight=16, aBackgroundRGBIndex=0 '\000')
at /tmp/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:249
#4 0xfbca3e40 in gif_write (gs=0x823968, buf=0xa99c40 "GIF89a\016", len=157)
at /tmp/mozilla/modules/libpr0n/decoders/gif/GIF2.cpp:1005
#5 0xfbca6164 in nsGIFDecoder2::ProcessData (this=0x94cb18,
data=0xa99c40 "GIF89a\016", count=157)
at /tmp/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:199
#6 0xfbca5dbc in ReadDataOut (in=0x9a0d20, closure=0x94cb18,
fromRawSegment=0xa99c40 "GIF89a\016", toOffset=0, count=157,
writeCount=0xffbeec6c)
at /tmp/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:149
#7 0xff063fec in nsPipe::nsPipeInputStream::ReadSegments (this=0x9a0d20,
writer=0xfbca5d84 <ReadDataOut(nsIInputStream *, void *, char const *,
unsigned int, unsigned int, unsigned int *)>, closure=0x94cb18, count=157,
readCount=0xffbeedac) at /tmp/mozilla/xpcom/io/nsPipe2.cpp:426
#8 0xfbca6238 in nsGIFDecoder2::WriteFrom (this=0x94cb18, inStr=0x9a0d20,
count=157, _retval=0xffbeedac)
at /tmp/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:219
#9 0xfbd4dbe8 in imgRequest::OnDataAvailable (this=0xa725e0,
aRequest=0x9a6950, ctxt=0x0, inStr=0x9a0d20, sourceOffset=0, count=157)
at /tmp/mozilla/modules/libpr0n/src/imgRequest.cpp:720
#10 0xfbd4a2e0 in ProxyListener::OnDataAvailable (this=0xa6ba08,
aRequest=0x9a6950, ctxt=0x0, inStr=0x9a0d20, sourceOffset=0, count=157)
at /tmp/mozilla/modules/libpr0n/src/imgLoader.cpp:500
#11 0xfda1fe84 in nsFileChannel::OnDataAvailable (this=0x9a6950,
request=0xa86edc, context=0x0, aIStream=0x9a0d20, aSourceOffset=0,
aLength=157)
at /tmp/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp:508
#12 0xfd9bb8f8 in nsOnDataAvailableEvent::HandleEvent (this=0xa710c0)
at /tmp/mozilla/netwerk/base/src/nsStreamListenerProxy.cpp:193
#13 0xfd99faa4 in nsARequestObserverEvent::HandlePLEvent (plev=0xa710c0)
at /tmp/mozilla/netwerk/base/src/nsRequestObserverProxy.cpp:79
#14 0xff091020 in PL_HandleEvent (self=0xa710c0)
at /tmp/mozilla/xpcom/threads/plevent.c:590
Comment 4•23 years ago
|
||
sounds like the frame is being destroyed for some reason, but Destroy() is not
being called on the frame.
Comment 5•23 years ago
|
||
There are some known bugs on this.. not sure the #s tho.
works for me now. Was probably fixed together with whatever fixed bug 93657
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
Comment 9•16 years ago
|
||
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/54417ebbaea2
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•