Crash when loading page from http://xdoclet.sourceforge.net

VERIFIED DUPLICATE of bug 110856

Status

()

--
critical
VERIFIED DUPLICATE of bug 110856
17 years ago
16 years ago

People

(Reporter: coffeebreaks, Assigned: adamlock)

Tracking

({crash})

Trunk
x86
All
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(2 attachments)

(Reporter)

Description

17 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.6+)
Gecko/20011129
BuildID:    200112903

Load http://xdoclet.sourceforge.net, click on link named JavaDoc (points to
http://xdoclet.sourceforge.net/api/index.html), crashes

Reproducible: Always
Steps to Reproduce:
1. Load http://xdoclet.sourceforge.net
2. click on link named JavaDoc on the left side
3. no 3rd point...

Actual Results:  Crashes

Expected Results:  Don't!

On #mozillazine
<Gilles> wfm 2001120906 linux

I crash it with 2001112903 on w2k and 20011205 on Win Me.
2 talkbacks (with 2001112903) TB278054H and TB278051Y.
One with 20011205 (number not known)

Comment 1

17 years ago
The page crashs on linux build 2001120721. 

Comment 2

17 years ago
WFME on winnt with build 2001120908

Comment 3

17 years ago
confirming on Win2k with build 2001120808. I only crash if I click on the link
(as stated in the reproducing steps) whereas I won't crash if I directly go to
the URL above.
Stephen, can you retreive Talkback data please ?
Severity: normal → critical
Keywords: crash
OS: Windows 2000 → All

Comment 4

17 years ago
i see this on a fresh CVS linux too.
stack seems to hang around some thousand times in 
XPCJSStackFrame::CreateStack () from libxpconnect.so
Guessing XPConnect component.
Assignee: asa → dbradley
Status: UNCONFIRMED → NEW
Component: Browser-General → XPConnect
Ever confirmed: true
QA Contact: doronr → pschwartau
Stack Signature  JS_GetPrivate 1ea85de3
Trigger Time 2001-12-10 05:53:22
Email Address coffeebreaks@hotmail.com
URL visited http://xdoclet.sourceforge.net/api/index.html
User Comments Same.
Build ID 2001112914
Product ID MozillaTrunk
Platform
Operating System Win32
Module
Trigger Reason Stack overflow
Stack Trace
JS_GetPrivate [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 1903]
nsScriptSecurityManager::GetFramePrincipal
[d:\builds\seamonkey\mozilla\caps\src\nsScriptSecurityManager.cpp, line 1376]
nsScriptSecurityManager::GetFramePrincipal
[d:\builds\seamonkey\mozilla\caps\src\nsScriptSecurityManager.cpp, line 1376]
nsScriptSecurityManager::GetPrincipalAndFrame
[d:\builds\seamonkey\mozilla\caps\src\nsScriptSecurityManager.cpp, line 1389]
nsScriptSecurityManager::GetSubjectPrincipal
[d:\builds\seamonkey\mozilla\caps\src\nsScriptSecurityManager.cpp, line 1429]
nsScriptSecurityManager::CheckPropertyAccessImpl
[d:\builds\seamonkey\mozilla\caps\src\nsScriptSecurityManager.cpp, line 366]
nsScriptSecurityManager::CheckPropertyAccess
[d:\builds\seamonkey\mozilla\caps\src\nsScriptSecurityManager.cpp, line 199]
nsWindowSH::doCheckPropertyAccess
[d:\builds\seamonkey\mozilla\dom\src\base\nsDOMClassInfo.cpp, line 2358]
nsWindowSH::GetProperty
[d:\builds\seamonkey\mozilla\dom\src\base\nsDOMClassInfo.cpp, line 2406]
XPC_WN_Helper_GetProperty
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp,
line 785]
js_GetProperty [d:\builds\seamonkey\mozilla\js\src\jsobj.c, line 2448]
JS_GetProperty [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2332]
nsDOMClassInfo::PostCreate
[d:\builds\seamonkey\mozilla\dom\src\base\nsDOMClassInfo.cpp, line 1946]
XPCWrappedNative::GetNewOrUsed
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednative.cpp, line 403]
XPCConvert::NativeInterface2JSObject
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcconvert.cpp, line 835]
nsXPConnect::WrapNative
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\nsXPConnect.cpp, line 502]
nsJSEventListener::HandleEvent
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 166]
nsEventListenerManager::HandleEventSubType
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line
1214]
nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line
2206]
nsXULElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3404]
nsXULCommandDispatcher::UpdateCommands
[d:\builds\seamonkey\mozilla\content\xul\document\src\nsXULCommandDispatcher.cpp,
line 381]
GlobalWindowImpl::UpdateCommands
[d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 2581]
nsFocusController::UpdateCommands
[d:\builds\seamonkey\mozilla\dom\src\base\nsFocusController.cpp, line 137]
nsFocusController::SetSuppressFocus
[d:\builds\seamonkey\mozilla\dom\src\base\nsFocusController.cpp, line 435]
nsDocShell::SetupNewViewer
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 3751]
nsWebShell::SetupNewViewer
[d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 324]
nsDocShell::Embed [d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp,
line 3175]
nsWebShell::Embed [d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp,
line 344]
nsDocShell::CreateAboutBlankContentViewer
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 3425]
nsDocShell::EnsureContentViewer
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 3371]
nsDocShell::GetInterface
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 294]
nsWebShell::GetInterface
[d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 304]
nsGetInterface::operator()
[d:\builds\seamonkey\mozilla\xpcom\base\nsIInterfaceRequestor.cpp, line 55]
nsCOMPtr_base::assign_from_helper
[d:\builds\seamonkey\mozilla\xpcom\glue\nsCOMPtr.cpp, line 81]
GlobalWindowImpl::GetDocument
[d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 771]
XPTC_InvokeByIndex
[d:\builds\seamonkey\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp,
line 154]
XPCWrappedNative::CallMethod
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednative.cpp, line 2011]
XPC_WN_GetterSetter
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp,
line 1299]
js_Invoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 834]
js_InternalInvoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 925]
js_GetProperty [d:\builds\seamonkey\mozilla\js\src\jsobj.c, line 2448]
js_Interpret [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 2625]
js_Invoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 850]
js_InternalInvoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 925]
JS_CallFunctionValue [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 3407]
nsJSContext::CallEventHandler
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 1012]
nsJSEventListener::HandleEvent
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 182]
nsEventListenerManager::HandleEventSubType
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line
1214]
nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line
2206]
nsXULElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3404]
nsXULCommandDispatcher::UpdateCommands
[d:\builds\seamonkey\mozilla\content\xul\document\src\nsXULCommandDispatcher.cpp,
line 381]
GlobalWindowImpl::UpdateCommands
[d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 2581]
nsFocusController::UpdateCommands
[d:\builds\seamonkey\mozilla\dom\src\base\nsFocusController.cpp, line 137]
nsFocusController::SetSuppressFocus
[d:\builds\seamonkey\mozilla\dom\src\base\nsFocusController.cpp, line 435]
nsDocShell::SetupNewViewer
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 3751]
nsWebShell::SetupNewViewer
[d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 324]
nsDocShell::Embed [d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp,
line 3175]
nsWebShell::Embed [d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp,
line 344]
nsDocShell::CreateAboutBlankContentViewer
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 3425]
nsDocShell::EnsureContentViewer
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 3371]
nsDocShell::GetInterface
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 294]
nsWebShell::GetInterface
[d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 304]
nsGetInterface::operator()
[d:\builds\seamonkey\mozilla\xpcom\base\nsIInterfaceRequestor.cpp, line 55]
nsCOMPtr_base::assign_from_helper
[d:\builds\seamonkey\mozilla\xpcom\glue\nsCOMPtr.cpp, line 81]

Comment 6

17 years ago
Resembles stack in bug 111098
Output from gdb on Linux looked very different, it looped forever.
nsScriptSecurityManager.cpp was not in stack far as i saw.

Comment 7

17 years ago
XPConnect does not cause this sort of stuff - it just shows up in the stack
because the recuring calls go through it. Also, keep in mind that with these
infinite loops it is not the stuff that happens to be at the top of the stack
when it runs out of stack space that matters. It is the stuff that is in the
repeating scetions that you want to focus on. So, the security calls are not
likely relevant at all.

Reassigning to danm. He has other bugs on his list that look at lot like this
one. Perhaps he can dup this one?

Assignee: dbradley → danm

Comment 8

17 years ago
This sounds strikingly similar to Bug 90546 which turned out to be JS problem
where there's wasn't a principal and caused a failure in security. I wonder if
the fix to this has caused some kind of infinite loop. Honestly it looks more
like a null pointer issue than a stack overflow, given the failure location.
That means it might be a dupe of 90546. Don't know if 90546's patch has been
checked in.

cc'ing Kenton to get his input.

Comment 9

17 years ago
how it looks in GDB - added some linefeeds so you see where it starts repeating
This is with a non-debug CVS


#0  0x405352b9 in chunk_alloc (ar_ptr=0xbf800058, nb=1079941632)
    at malloc.c:2843
#1  0x40535108 in __libc_malloc (bytes=28) at malloc.c:2811
#2  0x4061804d in __builtin_new (sz=28) from /usr/lib/libstdc++-libc6.2-2.so.3
#3  0x40814833 in XPCJSStackFrame::CreateStack ()
...
#1175 0x408145d9 in XPCJSStack::CreateStack ()
#1176 0x40804e9f in nsXPConnect::GetCurrentJSStack ()
#1177 0x4080f080 in nsXPCException::NewException ()
#1178 0x4080c4eb in XPCConvert::ConstructException ()
#1179 0x4080cb46 in XPCConvert::JSErrorToXPCException ()
#1180 0x4080c665 in XPCConvert::JSValToXPCException ()
#1181 0x4081a9fa in nsXPCWrappedJSClass::CallMethod ()
#1182 0x40817113 in nsXPCWrappedJS::CallMethod ()
#1183 0x4015b47e in PrepareAndDispatch ()
#1184 0x4015b4e2 in nsXPTCStubBase::Stub3 ()
#1185 0x406d5e10 in nsContentTreeOwner::SetStatus ()
#1186 0x41093dcc in GlobalWindowImpl::SetStatus ()
#1187 0x41092100 in GlobalWindowImpl::SetNewDocument ()
#1188 0x40f019e3 in DocumentViewerImpl::Init ()

#1189 0x41067d9d in nsDocShell::SetupNewViewer ()
#1190 0x4106ffff in nsWebShell::SetupNewViewer ()
#1191 0x41065527 in nsDocShell::Embed ()
#1192 0x410700fe in nsWebShell::Embed ()
#1193 0x41065f93 in nsDocShell::CreateAboutBlankContentViewer ()
#1194 0x41065c08 in nsDocShell::EnsureContentViewer ()
#1195 0x4105d443 in nsDocShell::GetInterface ()
#1196 0x4106ffcc in nsWebShell::GetInterface ()
#1197 0x4014da70 in nsGetInterface::operator() ()
#1198 0x401794da in nsCOMPtr_base::assign_from_helper ()
#1199 0x41092da9 in GlobalWindowImpl::GetDocument ()
#1200 0x4015b2da in XPTC_InvokeByIndex ()
#1201 0x4081fadd in XPCWrappedNative::CallMethod ()
#1202 0x40825c9a in XPC_WN_GetterSetter ()
#1203 0x4006bb72 in js_Invoke () from libmozjs.so
#1204 0x4006bdc3 in js_InternalInvoke ()
#1205 0x4007ec7f in js_GetProperty ()
#1206 0x40072851 in js_Interpret ()
#1207 0x4006bbcf in js_Invoke ()
#1208 0x4006bdc3 in js_InternalInvoke ()
#1209 0x4004e858 in JS_CallFunctionValue ()
#1210 0x4108e7c4 in nsJSContext::CallEventHandler ()  from libjsdom.so
#1211 0x410ba82a in nsJSEventListener::HandleEvent ()
#1212 0x40db04aa in nsEventListenerManager::HandleEventSubType () from
libgkcontent.so
#1213 0x40db29b6 in nsEventListenerManager::HandleEvent ()
#1214 0x40e82392 in nsXULElement::HandleDOMEvent ()
#1215 0x40e8d282 in nsXULCommandDispatcher::UpdateCommands ()
#1216 0x41099682 in GlobalWindowImpl::UpdateCommands () from libjsdom.so
#1217 0x4109003e in nsFocusController::UpdateCommands ()
#1218 0x410911ce in nsFocusController::SetSuppressFocus ()

#1219 0x41067c53 in nsDocShell::SetupNewViewer () from libdocshell.s
#1220 0x4106ffff in nsWebShell::SetupNewViewer ()
#1221 0x41065527 in nsDocShell::Embed ()
#1222 0x410700fe in nsWebShell::Embed ()
#1223 0x41065f93 in nsDocShell::CreateAboutBlankContentViewer ()
#1224 0x41065c08 in nsDocShell::EnsureContentViewer ()
#1225 0x4105d443 in nsDocShell::GetInterface ()
#1226 0x4106ffcc in nsWebShell::GetInterface ()
#1227 0x4014da70 in nsGetInterface::operator() from libxpcom.so
#1228 0x401794da in nsCOMPtr_base::assign_from_helper ()
#1229 0x41092da9 in GlobalWindowImpl::GetDocument () from libjsdom.so
#1230 0x4015b2da in XPTC_InvokeByIndex () from libxpcom.so
#1231 0x4081fadd in XPCWrappedNative::CallMethod () from libxpconnect.so
#1232 0x40825c9a in XPC_WN_GetterSetter ()
#1233 0x4006bb72 in js_Invoke () from libmozjs.so
#1234 0x4006bdc3 in js_InternalInvoke ()
#1235 0x4007ec7f in js_GetProperty ()
#1236 0x40072851 in js_Interpret ()
#1237 0x4006bbcf in js_Invoke ()
#1238 0x4006bdc3 in js_InternalInvoke ()
#1239 0x4004e858 in JS_CallFunctionValue ()
#1240 0x4108e7c4 in nsJSContext::CallEventHandler ()
#1241 0x410ba82a in nsJSEventListener::HandleEvent ()
#1242 0x40db04aa in nsEventListenerManager::HandleEventSubType () from
libgkcontent.so
#1243 0x40db29b6 in nsEventListenerManager::HandleEvent ()
#1244 0x40e82392 in nsXULElement::HandleDOMEvent ()
#1245 0x40e8d282 in nsXULCommandDispatcher::UpdateCommands ()
#1246 0x41099682 in GlobalWindowImpl::UpdateCommands () from libjsdom.so
#1247 0x4109003e in nsFocusController::UpdateCommands ()
#1248 0x410911ce in nsFocusController::SetSuppressFocus ()

Comment 10

17 years ago
Might add: A new window opens shortly before the crash.

Comment 11

17 years ago
Confirmed here: Windows98 build 2001-12-10-03
TalkBack ID: TB297941X

Comment 12

17 years ago
Created attachment 61156 [details]
WinNT stack trace

Comment 13

17 years ago
Created attachment 61157 [details]
Top of the stack that begins the recursion

This is the top of the stack that I believes starts the recursion. Thought it
might help out.

Comment 14

17 years ago
top of stack where recursion takes place somewhat resemblant of bug 59281
Changing component.
Assignee: danm → adamlock
Component: XPConnect → Embedding: Docshell
QA Contact: pschwartau → adamlock

Comment 15

17 years ago
why is adamlock default QA for adamlock..
(Assignee)

Comment 16

17 years ago
WORKSFORME today.

CC'ing Dan.

Dan this bug looks familiar to that previous one about getting caught in a focus
/ handler / getdocument loop. Did you fix that one?

Comment 17

17 years ago
Yes, this is the same as bug 110856, for which I checked in a fix yesterday.
Say, R.K.Aa person: why did you reassign this bug from me to Adam? Rhetorical
question.

*** This bug has been marked as a duplicate of 110856 ***
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE

Comment 18

16 years ago
vrfy dupe
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.