NS crashes if use universal Charset detector on in frame

VERIFIED FIXED in mozilla0.9.9

Status

()

Core
Internationalization
VERIFIED FIXED
17 years ago
16 years ago

People

(Reporter: Teruko Kobayashi, Assigned: Shanjian Li)

Tracking

({intl, topembed})

Trunk
mozilla0.9.9
x86
Windows 2000
intl, topembed
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

2.17 KB, patch
Shanjian Li
: review+
Shanjian Li
: superreview+
Details | Diff | Splinter Review
(Reporter)

Description

17 years ago
1. go to the http://babel 
2. select auto-detect all is on 
3. click on Test Data on left frame 
4. click on Double-byte on left frame 
5. click on Selected_data_euckr.html on right frame 

NS crashed.

This is reproduciable on 01-03 0.9.4ec and 01-09 0.9.4ec build.
This is not reproduciable on 01-10 trunk build.

Stack trace Incident ID 1506249
ntdll.dll + 0x49ec6 (0x77fc9ec6) 
ntdll.dll + 0x49d41 (0x77fc9d41) 
MSVCRT.DLL + 0x113d (0x7800113d) 
js_FinalizeStringRT [d:\builds\seamonkey\mozilla\js\src\jsstr.c, line 2338] 
js_GC [d:\builds\seamonkey\mozilla\js\src\jsgc.c, line 1229] 
js_ForceGC [d:\builds\seamonkey\mozilla\js\src\jsgc.c, line 946] 
JS_GC [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 1622] 
nsJSContext::GC [d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, 
line 1380] 
GlobalWindowImpl::SetNewDocument 
[d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 400] 
DocumentViewerImpl::Init 
[d:\builds\seamonkey\mozilla\content\base\src\nsDocumentViewer.cpp, line 931] 
nsDocShell::SetupNewViewer 
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 3813] 
nsWebShell::SetupNewViewer 
[d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 306] 
nsDocShell::Embed [d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, 
line 3251] 
nsWebShell::Embed [d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, 
line 326] 
nsDocShell::CreateContentViewer 
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 3545] 
nsDSURIContentListener::DoContent 
[d:\builds\seamonkey\mozilla\docshell\base\nsDSURIContentListener.cpp, line
122] 
nsDocumentOpenInfo::DispatchContent 
[d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp, line 358] 
nsDocumentOpenInfo::OnStartRequest 
[d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp, line 226] 
nsHttpChannel::ProcessNormal 
[d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHttpChannel.cpp, line 
467] 
nsHttpChannel::ProcessResponse 
[d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHttpChannel.cpp, line 
437] 
nsHttpChannel::OnStartRequest 
[d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHttpChannel.cpp, line 
2145] 
nsOnStartRequestEvent::HandleEvent 
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsRequestObserverProxy.cpp,
line 111] 
PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 591] 
PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, 
line 524] 
_md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 
1072] 
nsAppShellService::Run 
[d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsAppShellService.cpp, line 468] 
netscp6.exe + 0x174b (0x0040174b) 
netscp6.exe + 0x121a (0x0040121a) 
netscp6.exe + 0x34d3 (0x004034d3) 
KERNEL32.DLL + 0x7903 (0x77e87903)
(Reporter)

Comment 1

17 years ago
Changed QA contact to myself.
QA Contact: ruixu → teruko
(Reporter)

Comment 2

17 years ago
The original reproduciable steps can be reproduciable on 01-03ec build.  
In 01-09 ec build, the reproduciable step is different.  I am investigating.

Comment 3

17 years ago
give to shanjian. he recently work on frame 
Assignee: yokoyama → shanjian
(Assignee)

Comment 4

17 years ago
I saw similar bug before. Most likely auto-detect-all and frame are triggers instead of 
the cause. 

Comment 5

17 years ago
We may need to pay a particular attention to this bug since this is 
occuring only on *ec* build (which is 0_9_4_BRANCH).  Teruko tells me 
this doesn't happen in the trunk build.
(Reporter)

Comment 6

17 years ago
I can reproduce this on 01-03 0.9.4ec build, not trunk build.  
I do not have exact the reproduciable steps, yet.  

When I did the following steps, NS crashed.
1. go to the http://babel 
2. select auto-detect all is on 
3. click on Test Data on left frame 
4. click on Double-byte on left frame 
5. click on Selected_data_euckr.html on right frame 
6. Select auto-detect all is off
NS crashed.  

Stack trace ID 1538734.
nsCOMPtr_base::assign_with_AddRef
[d:\builds\seamonkey\mozilla\xpcom\base\nsCOMPtr.cpp, line 58]
nsXULElement::SetDocument
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 2420]
nsGenericElement::SetDocumentInChildrenOf
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1477]
nsGenericElement::SetDocument
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1517]
nsXBLBinding::ChangeDocument
[d:\builds\seamonkey\mozilla\content\xbl\src\nsXBLBinding.cpp, line 1239]
nsBindingManager::ChangeDocumentFor
[d:\builds\seamonkey\mozilla\content\xbl\src\nsBindingManager.cpp, line 931]
nsXULElement::SetDocument
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 2401]
nsGenericElement::SetDocumentInChildrenOf
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1477]
nsGenericElement::SetDocument
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1517]
nsXBLBinding::ChangeDocument
[d:\builds\seamonkey\mozilla\content\xbl\src\nsXBLBinding.cpp, line 1239]
nsBindingManager::ChangeDocumentFor
[d:\builds\seamonkey\mozilla\content\xbl\src\nsBindingManager.cpp, line 931]
nsXULElement::SetDocument
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 2401]
nsBindingManager::ChangeDocumentFor
[d:\builds\seamonkey\mozilla\content\xbl\src\nsBindingManager.cpp, line 968]
nsGenericElement::SetDocument
[d:\builds\seamonkey\mozilla\content\base\src\nsGenericElement.cpp, line 1502]
nsGenericHTMLElement::SetDocument
[d:\builds\seamonkey\mozilla\content\html\content\src\nsGenericHTMLElement.cpp,
line 1160]
nsDocument::SetScriptGlobalObject
[d:\builds\seamonkey\mozilla\content\base\src\nsDocument.cpp, line 1394]
DocumentViewerImpl::Close
[d:\builds\seamonkey\mozilla\content\base\src\nsDocumentViewer.cpp, line 1151]
nsDocShell::Destroy [d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp,
line 2481]
nsWebShell::Destroy [d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp,
line 1342]
nsHTMLFrameInnerFrame::~nsHTMLFrameInnerFrame
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsFrameFrame.cpp, line 615]
nsHTMLFrameInnerFrame::`scalar deleting destructor'
nsFrame::Destroy [d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrame.cpp,
line 458]
nsFrameList::DestroyFrames
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp, line 116]
nsContainerFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 121]
nsFrameList::DestroyFrames
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp, line 116]
nsContainerFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 121]
nsLineBox::DeleteLineList
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsLineBox.cpp, line 252]
nsBlockFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp, line 313]
nsFrameList::DestroyFrames
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp, line 116]
nsContainerFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 121]
nsFrameList::DestroyFrames
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp, line 116]
nsContainerFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 121]
nsBoxFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp, line 1131]
nsFrameList::DestroyFrames
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp, line 116]
nsContainerFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 121]
ViewportFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsViewportFrame.cpp, line 142]
FrameManager::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrameManager.cpp, line 459]
PresShell::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 1727]
DocumentViewerImpl::Destroy
[d:\builds\seamonkey\mozilla\content\base\src\nsDocumentViewer.cpp, line 1200] 

In embedded project, I can get the crashed after I did the similar steps of
reproduce.

Updated

17 years ago
Keywords: intl
(Reporter)

Comment 7

17 years ago
1. Auto detect all is on 
2. Go to http://babel 
3. Select Test Data on the left frame 
4. Select Doulbe Byte 
5. Select euc-tw on the right frame 
6. Select euc-tw_no-meta.html from the right frame 
7. Auto detect off 

NS crashed. 

(if NS does not crash at this time, 8. Select Test Data on left frame from 
http://babel, NS crashes.


Incident ID 1643788
ntdll.dll + 0x4999b (0x77fc999b) 
MSVCRT.DLL + 0x1089 (0x78001089) 
MSVCRT.DLL + 0x1026 (0x78001026) 
js_AllocRawStack [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 343] 
js_AllocStack [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 374] 
js_InternalInvoke [d:\builds\seamonkey\mozilla\js\src\jsinterp.c, line 889] 
JS_CallFunctionValue [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 3374] 
nsJSContext::CallEventHandler 
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 959] 
nsJSEventListener::HandleEvent 
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 140] 
nsXBLPrototypeHandler::ExecuteHandler 
[d:\builds\seamonkey\mozilla\content\xbl\src\nsXBLPrototypeHandler.cpp, line 
444] 
nsXBLPrototypeHandler::BindingAttached 
[d:\builds\seamonkey\mozilla\content\xbl\src\nsXBLPrototypeHandler.cpp, line 
492] 
nsXBLPrototypeBinding::BindingAttached 
[d:\builds\seamonkey\mozilla\content\xbl\src\nsXBLPrototypeBinding.cpp, line 
565] 
nsXBLBinding::ExecuteAttachedHandler 
[d:\builds\seamonkey\mozilla\content\xbl\src\nsXBLBinding.cpp, line 1134] 
nsBindingManager::ProcessAttachedQueue 
[d:\builds\seamonkey\mozilla\content\xbl\src\nsBindingManager.cpp, line 1285] 
nsCSSFrameConstructor::ContentInserted 
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, 
line 8669] 
StyleSetImpl::ContentInserted 
[d:\builds\seamonkey\mozilla\content\base\src\nsStyleSet.cpp, line 1181] 
PresShell::InitialReflow 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 2671] 
HTMLContentSink::StartLayout 
[d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp, 
line 3861] 
HTMLContentSink::OpenBody 
[d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp, 
line 3146] 
CNavDTD::OpenBody [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 
3119] 
CNavDTD::OpenContainer [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, 
line 3373] 
CNavDTD::HandleDefaultStartToken 
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 1293] 
CNavDTD::HandleStartToken 
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 1707] 
CNavDTD::HandleToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, 
line 884] 
CNavDTD::BuildModel [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, 
line 515] 
nsParser::BuildModel [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, 
line 2221] 
nsParser::ResumeParse [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, 
line 2085] 
nsParser::OnDataAvailable 
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 2692] 
nsDocumentOpenInfo::OnDataAvailable 
[d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp, line 244] 
nsHttpChannel::OnDataAvailable 
[d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHttpChannel.cpp, line 
2226] 
nsOnDataAvailableEvent::HandleEvent 
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamListenerProxy.cpp, line 
188] 
PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 591] 
PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, 
line 524] 
_md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, 
line 1072] 
nsAppShellService::Run 
[d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsAppShellService.cpp, line 468] 
Netscp6.exe + 0x174b (0x0040174b) 
Netscp6.exe + 0x121a (0x0040121a) 
Netscp6.exe + 0x34d3 (0x004034d3) 
KERNEL32.DLL + 0x7903 (0x77e87903) 

This is reproduciable on embed project.
Keywords: edt0.9.4

Comment 8

17 years ago
if "a lot" of users will be impacted by this, please remove the minus and
re-nominate.
Keywords: edt0.9.4 → edt0.9.4-
(Reporter)

Comment 9

17 years ago
I tried to reproduce this on Win98 and WinME.  I have not reproduce this on
Win98 and WinME.  However, I could reproduce this on WinXP. 

Stack trace incident 1656707 on WinXP
ntdll.dll + 0x215c (0x77f5215c)
ntdll.dll + 0x1fbf (0x77f51fbf)
msvcrt.dll + 0x1ab2e (0x77c2ab2e)
XPCJSStackFrame::`scalar deleting destructor'
XPCJSStackFrame::Release
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcstack.cpp, line 125]
XPCJSStackFrame::~XPCJSStackFrame
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcstack.cpp, line 123]
XPCJSStackFrame::`scalar deleting destructor'
XPCJSStackFrame::Release
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcstack.cpp, line 125]
XPCJSStackFrame::~XPCJSStackFrame
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcstack.cpp, line 123]
XPCJSStackFrame::`scalar deleting destructor'
XPCJSStackFrame::Release
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcstack.cpp, line 125]
nsXPCException::Reset
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcexception.cpp, line 174]
nsXPCException::`scalar deleting destructor'
nsXPCException::Release
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcexception.cpp, line 130]
XPCJSRuntime::GCCallback
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcjsruntime.cpp, line 522]
DOMGCCallback [d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp,
line 1502]
js_GC [d:\builds\seamonkey\mozilla\js\src\jsgc.c, line 1313]
js_ForceGC [d:\builds\seamonkey\mozilla\js\src\jsgc.c, line 946]
JS_GC [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 1622]
nsJSContext::GC [d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp,
line 1380]
GlobalWindowImpl::SetNewDocument
[d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 400]
DocumentViewerImpl::Init
[d:\builds\seamonkey\mozilla\content\base\src\nsDocumentViewer.cpp, line 931]
nsDocShell::SetupNewViewer
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 3813]
nsWebShell::SetupNewViewer
[d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 290]
nsDocShell::Embed [d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp,
line 3251]
nsWebShell::Embed [d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp,
line 310]
nsDocShell::CreateContentViewer
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 3545]
nsDSURIContentListener::DoContent
[d:\builds\seamonkey\mozilla\docshell\base\nsDSURIContentListener.cpp, line 122]
nsDocumentOpenInfo::DispatchContent
[d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp, line 358]
nsDocumentOpenInfo::OnStartRequest
[d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp, line 226]
nsHttpChannel::OnStartRequest
[d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHttpChannel.cpp, line 2146]
nsOnStartRequestEvent::HandleEvent
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsRequestObserverProxy.cpp, line 111]
PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 591]
PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c,
line 524]
_md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line
1072]
USER32.dll + 0x3c076 (0x77d7c076)
USER32.dll + 0x3c076 (0x77d7c076)
netscp6.exe + 0x6770 (0x00406770)
kernel32.dll + 0x3bb86 (0x77e9bb86) 
(Reporter)

Updated

17 years ago
Summary: NS crash if Auto-detect all on in frame → NS crashes if Auto-detect all on in frame

Updated

17 years ago
Keywords: topembed
(Assignee)

Comment 10

17 years ago
The same problem has been filed as bugscape 11857. This bug will be used to fix
universal charset detector. The reproduce step might be different. (In fact, I
haven't found a solid testcase yet.) But the problem is obvious.
Status: NEW → ASSIGNED
Summary: NS crashes if Auto-detect all on in frame → NS crashes if use universal Charset detector on in frame
(Assignee)

Comment 11

17 years ago
Created attachment 69569 [details] [diff] [review]
patch
(Assignee)

Comment 12

17 years ago
Comment on attachment 69569 [details] [diff] [review]
patch

This is exactly the same patch as in bugscape 11857. Carry over r/sr there.
Attachment #69569 - Flags: superreview+
Attachment #69569 - Flags: review+
(Assignee)

Comment 13

17 years ago
fix checked in. 
Status: ASSIGNED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla0.9.9
(Reporter)

Comment 14

16 years ago
I verified this in 2002-04-26 1.00 build.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.