Closed
Bug 115864
Opened 23 years ago
Closed 23 years ago
invalid XUL crashes mozilla
Categories
(Core :: XUL, defect)
Tracking
()
RESOLVED
FIXED
Future
People
(Reporter: vargaz, Assigned: hyatt)
Details
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.6+) Gecko/20011218
BuildID: 2001121803
The following invalid XUL crashes mozilla:
<?xml version="1.0"?>
<window
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<window>
<window>
Reproducible: Always
Steps to Reproduce:
1.save the XUL fragment into a file
2. open it using mozilla.exe -chrome
3.
Actual Results: mozilla crashed
Expected Results: an error dialog should be displayed
|
||
Updated•23 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 1•23 years ago
|
||
I actually do get a warning in my debug build shortly before the crash.
OS->All, sev->crit.
Stack (note this tree's a bit stale):
XML Error in file 'chrome://jtest/content/xulcrash.xul', Line Number: 7, Col
Number: 1, Description: no element found
Source Line:
Program received signal SIGSEGV, Segmentation fault.
0x40d485c7 in nsLoadGroup::RemoveRequest (this=0x812d578, request=0x0,
ctxt=0x0, aStatus=0) at nsLoadGroup.cpp:491
491 request->GetName(getter_Copies(nameStr));
(gdb) bt
#0 0x40d485c7 in nsLoadGroup::RemoveRequest (this=0x812d578, request=0x0,
ctxt=0x0, aStatus=0) at nsLoadGroup.cpp:491
#1 0x4142ec0e in nsXULDocument::ResumeWalk (this=0x81b3568)
at nsXULDocument.cpp:5909
#2 0x4141bf9d in nsXULDocument::EndLoad (this=0x81b3568)
at nsXULDocument.cpp:1658
#3 0x4140ff43 in XULContentSinkImpl::DidBuildModel (this=0x8245260,
aQualityLevel=1) at nsXULContentSink.cpp:535
#4 0x408e97d1 in CWellFormedDTD::DidBuildModel (this=0x8235170,
anErrorCode=0, aNotifySink=1, aParser=0x8234678, aSink=0x8245260)
at nsWellFormedDTD.cpp:306
#5 0x408e0849 in nsParser::DidBuildModel (this=0x8234678, anErrorCode=0)
at nsParser.cpp:1387
#6 0x408e16f9 in nsParser::ResumeParse (this=0x8234678, allowIteration=1,
aIsFinalChunk=1) at nsParser.cpp:1890
#7 0x408e3201 in nsParser::OnStopRequest (this=0x8234678, request=0x81bc050,
aContext=0x0, status=0) at nsParser.cpp:2538
#8 0x40efb7b4 in nsDocumentOpenInfo::OnStopRequest (this=0x81bc220,
request=0x81bc050, aCtxt=0x0, aStatus=0) at nsURILoader.cpp:252
#9 0x40dad284 in nsFileChannel::OnStopRequest (this=0x81bc050,
request=0x81bc244, context=0x0, aStatus=0) at nsFileChannel.cpp:481
#10 0x40dd582c in nsOnStopRequestEvent::HandleEvent (this=0x80a9448)
at nsRequestObserverProxy.cpp:176
#11 0x40d4ea59 in nsARequestObserverEvent::HandlePLEvent (plev=0x80a9448)
at nsRequestObserverProxy.cpp:79
#12 0x401eaaa1 in PL_HandleEvent (self=0x80a9448) at plevent.c:590
#13 0x401eb2cd in PL_ProcessEventsBeforeID (aSelf=0x8097270, aID=158)
at plevent.c:1256
#14 0x409ec7fb in processQueue (aElement=0x8097270, aData=0x9e)
at nsAppShell.cpp:479
#15 0x401a35b1 in nsVoidArray::EnumerateForwards (this=0x8078c00,
aFunc=0x409ec7cc <processQueue(void *, void *)>, aData=0x9e)
at nsVoidArray.cpp:652
#16 0x409ec844 in nsAppShell::ProcessBeforeID (aID=158) at nsAppShell.cpp:487
#17 0x409f5ae7 in handle_gdk_event (event=0x81f1840, data=0x0)
at nsGtkEventHandler.cpp:908
#18 0x40496d00 in gdk_event_free () from /usr/lib/libgdk-1.2.so.0
Severity: minor → critical
OS: Windows NT → All
|
||
Comment 2•23 years ago
|
||
Hyatt, could this be a side-effect of that bug that we sometimes mess up with
loadgroups and that we crash when removing an empty or wrong loadgroup here?
|
|
||
Comment 3•23 years ago
|
||
Hmm, so the spot I crashed in only happens in debug builds (inside a PR_LOGGING
block) -- ResumeWalk passes |nsnull| as an nsIRequest to
nsLoadGroup::RemoveRequest. I commented out the logging code to see where it
would crash:
###!!! ASSERTION: NS_ENSURE_TRUE(window) failed: 'window', file
nsContentTreeOwner.cpp, line 584
###!!! Break: at file nsContentTreeOwner.cpp, line 584
###!!! ASSERTION: NS_ENSURE_TRUE(docShellElement) failed: 'docShellElement',
file nsXULWindow.cpp, line 956
###!!! Break: at file nsXULWindow.cpp, line 956
###!!! ASSERTION: NS_ENSURE_TRUE(windowElement) failed: 'windowElement', file
nsXULWindow.cpp, line 976
###!!! Break: at file nsXULWindow.cpp, line 976
###!!! ASSERTION: no xul:window: 'windowElement', file nsXULWindow.cpp, line
768
###!!! Break: at file nsXULWindow.cpp, line 768
Program received signal SIGSEGV, Segmentation fault.
0x406415fb in malloc () from /lib/libc.so.6
(gdb) bt
#0 0x406415fb in malloc () from /lib/libc.so.6
#1 0x40640d3e in malloc () from /lib/libc.so.6
#2 0x402ea11f in PR_Malloc (size=127) at prmem.c:54
#3 0x401f74f3 in nsMemoryImpl::Alloc (this=0x806d020, size=127)
at nsMemoryImpl.cpp:320
#4 0x401f7d71 in nsMemory::Alloc (size=127) at nsMemoryImpl.cpp:556
#5 0x40228454 in nsStr::Alloc (aDest=@0xbfffeacc, aCount=126) at
nsStr.cpp:695
#6 0x40228544 in nsStr::Realloc (aDest=@0xbfffeb38, aCount=126)
at nsStr.cpp:723
#7 0x402273d9 in nsStr::EnsureCapacity (aString=@0xbfffeb38, aNewLength=126)
at nsStr.cpp:117
#8 0x402274a6 in nsStr::GrowCapacity (aDest=@0xbfffec7c, aNewLength=126)
at nsStr.cpp:147
#9 0x40228cbd in nsCString::SetCapacity (this=0xbfffec78, aNewCapacity=70)
at nsString.cpp:200
#10 0x4022ad39 in NS_ConvertUCS2toUTF8::Append (this=0xbfffec78,
aString=0x82411a8, aLength=69) at nsString.cpp:1271
#11 0x4022ac3f in NS_ConvertUCS2toUTF8::NS_ConvertUCS2toUTF8 (this=0xbfffec78,
aString=@0xbfffed00) at nsString.cpp:1240
#12 0x40223740 in ToNewUTF8String (aSource=@0xbfffed00)
at nsReadableUtils.cpp:211
#13 0x40f0d067 in GetURIStringFromRequest (request=0x81c79b8,
aStr=@0xbfffedb0)
at nsDocLoader.cpp:92
#14 0x40f0fd64 in nsDocLoaderImpl::FireOnStateChange (this=0x817c888,
aProgress=0x816381c, aRequest=0x81c79b8, aStateFlags=786448, aStatus=0)
at nsDocLoader.cpp:1080
#15 0x40f100c5 in nsDocLoaderImpl::FireOnStateChange (this=0x8163808,
aProgress=0x816381c, aRequest=0x81c79b8, aStateFlags=786448, aStatus=0)
at nsDocLoader.cpp:1116
#16 0x40f0f009 in nsDocLoaderImpl::doStopDocumentLoad (this=0x8163808,
request=0x81c79b8, aStatus=0) at nsDocLoader.cpp:749
#17 0x40f0ecd8 in nsDocLoaderImpl::DocLoaderIsEmpty (this=0x8163808)
at nsDocLoader.cpp:645
#18 0x40f0e9f2 in nsDocLoaderImpl::OnStopRequest (this=0x8163808,
aRequest=0x81c79b8, aCtxt=0x0, aStatus=0) at nsDocLoader.cpp:575
#19 0x40835745 in nsLoadGroup::RemoveRequest (this=0x81324b0,
request=0x81c79b8, ctxt=0x0, aStatus=0) at nsLoadGroup.cpp:527
#20 0x4089a1a3 in nsFileChannel::OnStopRequest (this=0x81c79b8,
request=0x81c7704, context=0x0, aStatus=0) at nsFileChannel.cpp:485
#21 0x408c26ec in nsOnStopRequestEvent::HandleEvent (this=0x81ea4a0)
at nsRequestObserverProxy.cpp:176
#22 0x4083b919 in nsARequestObserverEvent::HandlePLEvent (plev=0x81ea4a0)
at nsRequestObserverProxy.cpp:79
#23 0x401eaaa1 in PL_HandleEvent (self=0x81ea4a0) at plevent.c:590
#24 0x401eb2cd in PL_ProcessEventsBeforeID (aSelf=0x8097270, aID=158)
at plevent.c:1256
#25 0x40b897fb in processQueue (aElement=0x8097270, aData=0x9e)
at nsAppShell.cpp:479
#26 0x401a35b1 in nsVoidArray::EnumerateForwards (this=0x807e520,
aFunc=0x40b897cc <processQueue(void *, void *)>, aData=0x9e)
#27 0x40b89844 in nsAppShell::ProcessBeforeID (aID=158) at nsAppShell.cpp:487
#28 0x40b92ae7 in handle_gdk_event (event=0x81fce50, data=0x0)
at nsGtkEventHandler.cpp:908
#29 0x40496d00 in gdk_event_free () from /usr/lib/libgdk-1.2.so.0
|
Assignee | |
Updated•23 years ago
|
Status: NEW → ASSIGNED
Target Milestone: --- → Future
|
|
||
Comment 5•23 years ago
|
||
No longer seeing this with a linux CVS build (20020210) -- instead I get an XML
parser error. Anyone mind if I close this one?
|
Reporter | |
Comment 6•23 years ago
|
||
I don't see it either on the original platform (NT). So its probably fixed.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: jrgmorrison → xptoolkit.widgets
You need to log in
before you can comment on or make changes to this bug.
Description
•