119895 - crashes in malloc after parser changes

David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)

Reporter

Description

•

23 years ago

Crashes at the following stack have occurred frequently in the 2002-01-{09,10,11} builds, and are one of the top crashers on the trunk. I suspect the cause could be a bogus large size or something like that. ntdll.dll + 0x4a32b (0x77fca32b) MSVCRT.DLL + 0x1089 (0x78001089) MSVCRT.DLL + 0x1026 (0x78001026) nsMemory::Alloc [d:\builds\seamonkey\mozilla\xpcom\glue\nsMemory.cpp line 82] ToNewUnicode [d:\builds\seamonkey\mozilla\string\src\nsReadableUtils.cpp line 253] nsXULAttributeValue::SetValue [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULAttributeValue.cpp line 115] XULContentSinkImpl::AddAttributes [d:\builds\seamonkey\mozilla\content\xul\document\src\nsXULContentSink.cpp line 1648] XULContentSinkImpl::OpenTag [d:\builds\seamonkey\mozilla\content\xul\document\src\nsXULContentSink.cpp line 1398] XULContentSinkImpl::HandleStartElement [d:\builds\seamonkey\mozilla\content\xul\document\src\nsXULContentSink.cpp line 899] nsExpatDriver::HandleStartElement [d:\builds\seamonkey\mozilla\htmlparser\src\nsExpatDriver.cpp line 274] Driver_HandleStartElement [d:\builds\seamonkey\mozilla\htmlparser\src\nsExpatDriver.cpp line 70] doContent [d:\builds\seamonkey\mozilla\expat\xmlparse\xmlparse.c line 1411] contentProcessor [d:\builds\seamonkey\mozilla\expat\xmlparse\xmlparse.c line 1101] XML_ParseBuffer [d:\builds\seamonkey\mozilla\expat\xmlparse\xmlparse.c line 965] XML_Parse [d:\builds\seamonkey\mozilla\expat\xmlparse\xmlparse.c line 955] nsExpatDriver::ParseBuffer [d:\builds\seamonkey\mozilla\htmlparser\src\nsExpatDriver.cpp line 593] nsExpatDriver::ConsumeToken [d:\builds\seamonkey\mozilla\htmlparser\src\nsExpatDriver.cpp line 704] nsParser::Tokenize [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp line 2589] nsParser::ResumeParse [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp line 1847] nsParser::ContinueParsing [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp line 1497] CSSLoaderImpl::Cleanup [d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 813] CSSLoaderImpl::SheetComplete [d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 920] CSSLoaderImpl::Cleanup [d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 794] CSSLoaderImpl::SheetComplete [d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 920] CSSLoaderImpl::Cleanup [d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 794] CSSLoaderImpl::SheetComplete [d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 920] CSSLoaderImpl::Cleanup [d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 794] CSSLoaderImpl::SheetComplete [d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 920] CSSLoaderImpl::ParseSheet [d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 955] CSSLoaderImpl::DidLoadStyle [d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 991] SheetLoadData::OnStreamComplete [d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 751] nsStreamLoader::OnStopRequest [d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamLoader.cpp line 163] nsJARChannel::OnStopRequest [d:\builds\seamonkey\mozilla\netwerk\protocol\jar\src\nsJARChannel.cpp line 614] nsOnStopRequestEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsRequestObserverProxy.cpp line 213] PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 591] PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 524] _md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 1072] nsAppShellService::Run [d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsAppShellService.cpp line 303] main1 [d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp line 1280] main [d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp line 1597] WinMain [d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp line 1615] WinMainCRTStartup() KERNEL32.DLL + 0x192a6 (0x77e992a6)

David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)

Reporter

Updated

•

23 years ago

Severity: normal → critical

Keywords: crash, topcrash

David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)

Reporter

Comment 1

•

23 years ago

Actually, the talkback reports are confusing, and it's really not clear if that's the stacktrace for most of the ntdll.dll crashes or not.

Heikki Toivonen (remove -bugzilla when emailing directly)

Updated

•

23 years ago

Keywords: nsbeta1+

harishd

Assignee

Comment 2

•

23 years ago

Moied: Could you browse through the top crash data base and find a reproducable case. Thanx.

Keywords: qawanted

Priority: -- → P1

Target Milestone: --- → mozilla1.0

greer

Comment 3

•

23 years ago

I just clicked through the 91 Trunk crash entries from the past 10 days of data with the ntdll.dll signature. There was only one incident that had a matching stack and no user comment (incident #2675639).

greer

Comment 4

•

23 years ago

Looking throught the Trunk reports again tody I'm not seeing this stack. The ntdll.dll signature is common, but the underlying crashes are different. Marking WFM.

Status: NEW → RESOLVED

Closed: 23 years ago

Resolution: --- → WORKSFORME

Moied

Comment 5

•

23 years ago

verified WFM

Status: RESOLVED → VERIFIED

Peter Bylenga [:PBylenga]

Updated

•

11 years ago

Keywords: qawanted

Bugzilla

crashes in malloc after parser changes

Categories

(Core :: DOM: HTML Parser, defect, P1)

Tracking

()

People

(Reporter: dbaron, Assigned: harishd)

References

Details

(Keywords: crash, topcrash)

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Updated

Comment 2

Comment 3

Comment 4

Comment 5

Updated