Crash on reload of XSLT-styled document

VERIFIED WORKSFORME

Status

()

--
critical
VERIFIED WORKSFORME
17 years ago
10 years ago

People

(Reporter: xyzzy, Assigned: keith)

Tracking

({crash, testcase})

Trunk
x86
Windows 98
crash, testcase
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: dupeme)

Attachments

(2 attachments)

(Reporter)

Description

17 years ago
sicking, here's one for you...

Talkback Incident TB38524291H

Can reproduce 100%:

1) load test.xml
2) reload it

Expected result:  reload
Actual result:  crash
(Reporter)

Comment 1

17 years ago
Created attachment 59190 [details]
testcase (test.xml)
(Reporter)

Comment 2

17 years ago
Created attachment 59191 [details]
testcase(test.xsl)
(Reporter)

Updated

17 years ago
Keywords: crash, testcase

Comment 3

17 years ago
The result of this is
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
    "http://www.w3.org/TR/REC-html40/loose.dtd">
<html>
  <body>
    <img src="name">
  </body>
</html>
which on first load gives a 
Error reading file /home/ah/source/XSLT/tmp/name
and on reload segfaults with the stacktrace below.

CC'ing pavlov, I don't think that's us. Pav, is that stacktrace familiar to you?


#0  0xfb5b85bc in nsImageListener::OnStartDecode (this=0xa83828, 
    aRequest=0xa51f28, aContext=0x9ed5c8)
    at /tmp/mozilla/layout/html/base/src/nsImageFrame.cpp:2198
#1  0xfbd4f248 in imgRequestProxy::OnStartDecode (this=0xa51f28)
    at /tmp/mozilla/modules/libpr0n/src/imgRequestProxy.cpp:287
#2  0xfbd4bd20 in imgRequest::OnStartDecode (this=0xa725e0, request=0x0, 
    cx=0x0) at /tmp/mozilla/modules/libpr0n/src/imgRequest.cpp:336
#3  0xfbca6318 in BeginGIF (aClientData=0x94cb18, aLogicalScreenWidth=14, 
    aLogicalScreenHeight=16, aBackgroundRGBIndex=0 '\000')
    at /tmp/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:249
#4  0xfbca3e40 in gif_write (gs=0x823968, buf=0xa99c40 "GIF89a\016", len=157)
    at /tmp/mozilla/modules/libpr0n/decoders/gif/GIF2.cpp:1005
#5  0xfbca6164 in nsGIFDecoder2::ProcessData (this=0x94cb18, 
    data=0xa99c40 "GIF89a\016", count=157)
    at /tmp/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:199
#6  0xfbca5dbc in ReadDataOut (in=0x9a0d20, closure=0x94cb18, 
    fromRawSegment=0xa99c40 "GIF89a\016", toOffset=0, count=157, 
    writeCount=0xffbeec6c)
    at /tmp/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:149
#7  0xff063fec in nsPipe::nsPipeInputStream::ReadSegments (this=0x9a0d20, 
    writer=0xfbca5d84 <ReadDataOut(nsIInputStream *, void *, char const *,
unsigned int, unsigned int, unsigned int *)>, closure=0x94cb18, count=157, 
    readCount=0xffbeedac) at /tmp/mozilla/xpcom/io/nsPipe2.cpp:426
#8  0xfbca6238 in nsGIFDecoder2::WriteFrom (this=0x94cb18, inStr=0x9a0d20, 
    count=157, _retval=0xffbeedac)
    at /tmp/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:219
#9  0xfbd4dbe8 in imgRequest::OnDataAvailable (this=0xa725e0, 
    aRequest=0x9a6950, ctxt=0x0, inStr=0x9a0d20, sourceOffset=0, count=157)
    at /tmp/mozilla/modules/libpr0n/src/imgRequest.cpp:720
#10 0xfbd4a2e0 in ProxyListener::OnDataAvailable (this=0xa6ba08, 
    aRequest=0x9a6950, ctxt=0x0, inStr=0x9a0d20, sourceOffset=0, count=157)
    at /tmp/mozilla/modules/libpr0n/src/imgLoader.cpp:500
#11 0xfda1fe84 in nsFileChannel::OnDataAvailable (this=0x9a6950, 
    request=0xa86edc, context=0x0, aIStream=0x9a0d20, aSourceOffset=0, 
    aLength=157)
    at /tmp/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp:508
#12 0xfd9bb8f8 in nsOnDataAvailableEvent::HandleEvent (this=0xa710c0)
    at /tmp/mozilla/netwerk/base/src/nsStreamListenerProxy.cpp:193
#13 0xfd99faa4 in nsARequestObserverEvent::HandlePLEvent (plev=0xa710c0)
    at /tmp/mozilla/netwerk/base/src/nsRequestObserverProxy.cpp:79
#14 0xff091020 in PL_HandleEvent (self=0xa710c0)
    at /tmp/mozilla/xpcom/threads/plevent.c:590

Comment 4

17 years ago
sounds like the frame is being destroyed for some reason, but Destroy() is not
being called on the frame.

Comment 5

17 years ago
There are some known bugs on this.. not sure the #s tho.

Comment 6

17 years ago
I think this is a dupe of bug 93657
Whiteboard: dupeme
works for me now. Was probably fixed together with whatever fixed bug 93657
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → WORKSFORME
(Reporter)

Comment 8

17 years ago
v
Status: RESOLVED → VERIFIED

Comment 9

10 years ago
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/54417ebbaea2
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.