Closed Bug 111994 Opened 23 years ago Closed 23 years ago

Crash on reload of XSLT-styled document

Categories

(Core :: XSLT, defect)

x86
Windows 98
defect
Not set
critical

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: xyzzy, Assigned: keith)

Details

(Keywords: crash, testcase, Whiteboard: dupeme)

Attachments

(2 files)

sicking, here's one for you... Talkback Incident TB38524291H Can reproduce 100%: 1) load test.xml 2) reload it Expected result: reload Actual result: crash
Attached file testcase (test.xml)
Attached file testcase(test.xsl)
Keywords: crash, testcase
The result of this is <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html> <body> <img src="name"> </body> </html> which on first load gives a Error reading file /home/ah/source/XSLT/tmp/name and on reload segfaults with the stacktrace below. CC'ing pavlov, I don't think that's us. Pav, is that stacktrace familiar to you? #0 0xfb5b85bc in nsImageListener::OnStartDecode (this=0xa83828, aRequest=0xa51f28, aContext=0x9ed5c8) at /tmp/mozilla/layout/html/base/src/nsImageFrame.cpp:2198 #1 0xfbd4f248 in imgRequestProxy::OnStartDecode (this=0xa51f28) at /tmp/mozilla/modules/libpr0n/src/imgRequestProxy.cpp:287 #2 0xfbd4bd20 in imgRequest::OnStartDecode (this=0xa725e0, request=0x0, cx=0x0) at /tmp/mozilla/modules/libpr0n/src/imgRequest.cpp:336 #3 0xfbca6318 in BeginGIF (aClientData=0x94cb18, aLogicalScreenWidth=14, aLogicalScreenHeight=16, aBackgroundRGBIndex=0 '\000') at /tmp/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:249 #4 0xfbca3e40 in gif_write (gs=0x823968, buf=0xa99c40 "GIF89a\016", len=157) at /tmp/mozilla/modules/libpr0n/decoders/gif/GIF2.cpp:1005 #5 0xfbca6164 in nsGIFDecoder2::ProcessData (this=0x94cb18, data=0xa99c40 "GIF89a\016", count=157) at /tmp/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:199 #6 0xfbca5dbc in ReadDataOut (in=0x9a0d20, closure=0x94cb18, fromRawSegment=0xa99c40 "GIF89a\016", toOffset=0, count=157, writeCount=0xffbeec6c) at /tmp/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:149 #7 0xff063fec in nsPipe::nsPipeInputStream::ReadSegments (this=0x9a0d20, writer=0xfbca5d84 <ReadDataOut(nsIInputStream *, void *, char const *, unsigned int, unsigned int, unsigned int *)>, closure=0x94cb18, count=157, readCount=0xffbeedac) at /tmp/mozilla/xpcom/io/nsPipe2.cpp:426 #8 0xfbca6238 in nsGIFDecoder2::WriteFrom (this=0x94cb18, inStr=0x9a0d20, count=157, _retval=0xffbeedac) at /tmp/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:219 #9 0xfbd4dbe8 in imgRequest::OnDataAvailable (this=0xa725e0, aRequest=0x9a6950, ctxt=0x0, inStr=0x9a0d20, sourceOffset=0, count=157) at /tmp/mozilla/modules/libpr0n/src/imgRequest.cpp:720 #10 0xfbd4a2e0 in ProxyListener::OnDataAvailable (this=0xa6ba08, aRequest=0x9a6950, ctxt=0x0, inStr=0x9a0d20, sourceOffset=0, count=157) at /tmp/mozilla/modules/libpr0n/src/imgLoader.cpp:500 #11 0xfda1fe84 in nsFileChannel::OnDataAvailable (this=0x9a6950, request=0xa86edc, context=0x0, aIStream=0x9a0d20, aSourceOffset=0, aLength=157) at /tmp/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp:508 #12 0xfd9bb8f8 in nsOnDataAvailableEvent::HandleEvent (this=0xa710c0) at /tmp/mozilla/netwerk/base/src/nsStreamListenerProxy.cpp:193 #13 0xfd99faa4 in nsARequestObserverEvent::HandlePLEvent (plev=0xa710c0) at /tmp/mozilla/netwerk/base/src/nsRequestObserverProxy.cpp:79 #14 0xff091020 in PL_HandleEvent (self=0xa710c0) at /tmp/mozilla/xpcom/threads/plevent.c:590
sounds like the frame is being destroyed for some reason, but Destroy() is not being called on the frame.
There are some known bugs on this.. not sure the #s tho.
I think this is a dupe of bug 93657
Whiteboard: dupeme
works for me now. Was probably fixed together with whatever fixed bug 93657
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
v
Status: RESOLVED → VERIFIED
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: