121895 - crash in nsString::SetLength, looks like infinite recursion

Reporter

Description

•

23 years ago

1. Go to http://home.pacbell.net/spmorse/ellis/ellis.html
2. Click on link for "My Other Webpages"
3. Click on back button

Crash with the following stacktrace in nsString2.cpp
Looks like infinite recursion

nsString::SetLength(unsigned int 0) line 171 + 6 bytes
nsGenericHTMLElement::GetAttr(const nsGenericHTMLElement * const 0x04039fa0, int 
3, nsIAtom * 0x00ab1050, nsAString & {...}) line 1991
nsHTMLInputElement::IsImage() line 223
nsHTMLInputElement::StringToAttribute(nsHTMLInputElement * const 0x04039fa0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, nsHTMLValue & {...}) line 1450 + 
10 bytes
nsGenericHTMLElement::SetAttr(nsGenericHTMLElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 1568 + 27 bytes
nsGenericHTMLElement::SetFormControlAttribute(nsIForm * 0x0403d110, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 4142 + 28 bytes
nsGenericHTMLLeafFormElement::SetAttr(nsGenericHTMLLeafFormElement * const 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 
4363
nsHTMLInputElement::SetAttr(nsHTMLInputElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 162 + 25 bytes
nsHTMLButtonControlFrame::SetProperty(nsHTMLButtonControlFrame * const 
0x033acc64, nsIPresContext * 0x04728720, nsIAtom * 0x00ab2eb0, const nsAString & 
{...}) line 765 + 38 bytes
nsGfxButtonControlFrame::RestoreState(nsGfxButtonControlFrame * const 
0x033accc4, nsIPresContext * 0x04728720, nsIPresState * 0x0444ecf0) line 701 + 
33 bytes
FrameManager::RestoreFrameStateFor(FrameManager * const 0x047306d0, 
nsIPresContext * 0x04728720, nsIFrame * 0x033acc2c, nsILayoutHistoryState * 
0x04443350, nsIStatefulFrame::SpecialStateID eNoID) line 2345 + 25 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x04728720, 
nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame * 0x0337e8f4, 
nsIStyleContext * 0x033acbd8, nsIFrame * 0x00000000, nsIFrame * 0x033acc2c) line 
6426
nsCSSFrameConstructor::ConstructHTMLFrame(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033acbd8, nsFrameItems & {...}) line 4624
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033acbd8, nsFrameItems & {...}, int 0) line 6990 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x047312b0, nsIPresContext 
* 0x04728720, nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame 
* 0x0337e8f4, nsFrameItems & {...}) line 6889 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x04731660, 
nsIPresContext * 0x04728720, nsIContent * 0x0403ee10, nsIContent * 0x04039fa0, 
int 3, nsILayoutHistoryState * 0x04443350, int 0) line 8710
nsCSSFrameConstructor::RecreateFramesForContent(nsIPresContext * 0x04728720, 
nsIContent * 0x04039fa0, int 0, nsIStyleRule * 0x00000000, nsIStyleContext * 
0x00000000) line 11794 + 47 bytes
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const 
0x04731660, nsIPresContext * 0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom 
* 0x00ab2eb0, int 1, int 5) line 10494 + 38 bytes
StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x04731730, nsIPresContext * 
0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 1495
PresShell::AttributeChanged(PresShell * const 0x047312b8, nsIDocument * 
0x0472dd60, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 5121 + 61 bytes
nsDocument::AttributeChanged(nsDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1972 + 36 bytes
nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1358
nsGenericHTMLElement::SetHTMLAttribute(nsGenericHTMLElement * const 0x04039fa0, 
nsIAtom * 0x00ab2eb0, const nsHTMLValue & {...}, int 1) line 1845
nsGenericHTMLElement::SetAttr(nsGenericHTMLElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 1580 + 27 bytes
nsGenericHTMLElement::SetFormControlAttribute(nsIForm * 0x0403d110, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 4142 + 28 bytes
nsGenericHTMLLeafFormElement::SetAttr(nsGenericHTMLLeafFormElement * const 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 
4363
nsHTMLInputElement::SetAttr(nsHTMLInputElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 162 + 25 bytes
nsHTMLButtonControlFrame::SetProperty(nsHTMLButtonControlFrame * const 
0x033aca80, nsIPresContext * 0x04728720, nsIAtom * 0x00ab2eb0, const nsAString & 
{...}) line 765 + 38 bytes
nsGfxButtonControlFrame::RestoreState(nsGfxButtonControlFrame * const 
0x033acae0, nsIPresContext * 0x04728720, nsIPresState * 0x0444ecf0) line 701 + 
33 bytes
FrameManager::RestoreFrameStateFor(FrameManager * const 0x047306d0, 
nsIPresContext * 0x04728720, nsIFrame * 0x033aca48, nsILayoutHistoryState * 
0x04443350, nsIStatefulFrame::SpecialStateID eNoID) line 2345 + 25 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x04728720, 
nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame * 0x0337e8f4, 
nsIStyleContext * 0x033ac9f4, nsIFrame * 0x00000000, nsIFrame * 0x033aca48) line 
6426
nsCSSFrameConstructor::ConstructHTMLFrame(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033ac9f4, nsFrameItems & {...}) line 4624
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033ac9f4, nsFrameItems & {...}, int 0) line 6990 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x047312b0, nsIPresContext 
* 0x04728720, nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame 
* 0x0337e8f4, nsFrameItems & {...}) line 6889 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x04731660, 
nsIPresContext * 0x04728720, nsIContent * 0x0403ee10, nsIContent * 0x04039fa0, 
int 3, nsILayoutHistoryState * 0x04443350, int 0) line 8710
nsCSSFrameConstructor::RecreateFramesForContent(nsIPresContext * 0x04728720, 
nsIContent * 0x04039fa0, int 0, nsIStyleRule * 0x00000000, nsIStyleContext * 
0x00000000) line 11794 + 47 bytes
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const 
0x04731660, nsIPresContext * 0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom 
* 0x00ab2eb0, int 1, int 5) line 10494 + 38 bytes
StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x04731730, nsIPresContext * 
0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 1495
PresShell::AttributeChanged(PresShell * const 0x047312b8, nsIDocument * 
0x0472dd60, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 5121 + 61 bytes
nsDocument::AttributeChanged(nsDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1972 + 36 bytes
nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1358
nsGenericHTMLElement::SetHTMLAttribute(nsGenericHTMLElement * const 0x04039fa0, 
nsIAtom * 0x00ab2eb0, const nsHTMLValue & {...}, int 1) line 1845
nsGenericHTMLElement::SetAttr(nsGenericHTMLElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 1580 + 27 bytes
nsGenericHTMLElement::SetFormControlAttribute(nsIForm * 0x0403d110, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 4142 + 28 bytes
nsGenericHTMLLeafFormElement::SetAttr(nsGenericHTMLLeafFormElement * const 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 
4363
nsHTMLInputElement::SetAttr(nsHTMLInputElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 162 + 25 bytes
nsHTMLButtonControlFrame::SetProperty(nsHTMLButtonControlFrame * const 
0x033ac89c, nsIPresContext * 0x04728720, nsIAtom * 0x00ab2eb0, const nsAString & 
{...}) line 765 + 38 bytes
nsGfxButtonControlFrame::RestoreState(nsGfxButtonControlFrame * const 
0x033ac8fc, nsIPresContext * 0x04728720, nsIPresState * 0x0444ecf0) line 701 + 
33 bytes
FrameManager::RestoreFrameStateFor(FrameManager * const 0x047306d0, 
nsIPresContext * 0x04728720, nsIFrame * 0x033ac864, nsILayoutHistoryState * 
0x04443350, nsIStatefulFrame::SpecialStateID eNoID) line 2345 + 25 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x04728720, 
nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame * 0x0337e8f4, 
nsIStyleContext * 0x033ac810, nsIFrame * 0x00000000, nsIFrame * 0x033ac864) line 
6426
nsCSSFrameConstructor::ConstructHTMLFrame(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033ac810, nsFrameItems & {...}) line 4624
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033ac810, nsFrameItems & {...}, int 0) line 6990 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x047312b0, nsIPresContext 
* 0x04728720, nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame 
* 0x0337e8f4, nsFrameItems & {...}) line 6889 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x04731660, 
nsIPresContext * 0x04728720, nsIContent * 0x0403ee10, nsIContent * 0x04039fa0, 
int 3, nsILayoutHistoryState * 0x04443350, int 0) line 8710
nsCSSFrameConstructor::RecreateFramesForContent(nsIPresContext * 0x04728720, 
nsIContent * 0x04039fa0, int 0, nsIStyleRule * 0x00000000, nsIStyleContext * 
0x00000000) line 11794 + 47 bytes
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const 
0x04731660, nsIPresContext * 0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom 
* 0x00ab2eb0, int 1, int 5) line 10494 + 38 bytes
StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x04731730, nsIPresContext * 
0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 1495
PresShell::AttributeChanged(PresShell * const 0x047312b8, nsIDocument * 
0x0472dd60, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 5121 + 61 bytes
nsDocument::AttributeChanged(nsDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1972 + 36 bytes
nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1358
nsGenericHTMLElement::SetHTMLAttribute(nsGenericHTMLElement * const 0x04039fa0, 
nsIAtom * 0x00ab2eb0, const nsHTMLValue & {...}, int 1) line 1845
nsGenericHTMLElement::SetAttr(nsGenericHTMLElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 1580 + 27 bytes
nsGenericHTMLElement::SetFormControlAttribute(nsIForm * 0x0403d110, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 4142 + 28 bytes
nsGenericHTMLLeafFormElement::SetAttr(nsGenericHTMLLeafFormElement * const 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 
4363
nsHTMLInputElement::SetAttr(nsHTMLInputElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 162 + 25 bytes
nsHTMLButtonControlFrame::SetProperty(nsHTMLButtonControlFrame * const 
0x033ac6b8, nsIPresContext * 0x04728720, nsIAtom * 0x00ab2eb0, const nsAString & 
{...}) line 765 + 38 bytes
nsGfxButtonControlFrame::RestoreState(nsGfxButtonControlFrame * const 
0x033ac718, nsIPresContext * 0x04728720, nsIPresState * 0x0444ecf0) line 701 + 
33 bytes
FrameManager::RestoreFrameStateFor(FrameManager * const 0x047306d0, 
nsIPresContext * 0x04728720, nsIFrame * 0x033ac680, nsILayoutHistoryState * 
0x04443350, nsIStatefulFrame::SpecialStateID eNoID) line 2345 + 25 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x04728720, 
nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame * 0x0337e8f4, 
nsIStyleContext * 0x033ac62c, nsIFrame * 0x00000000, nsIFrame * 0x033ac680) line 
6426
nsCSSFrameConstructor::ConstructHTMLFrame(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033ac62c, nsFrameItems & {...}) line 4624
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033ac62c, nsFrameItems & {...}, int 0) line 6990 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x047312b0, nsIPresContext 
* 0x04728720, nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame 
* 0x0337e8f4, nsFrameItems & {...}) line 6889 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x04731660, 
nsIPresContext * 0x04728720, nsIContent * 0x0403ee10, nsIContent * 0x04039fa0, 
int 3, nsILayoutHistoryState * 0x04443350, int 0) line 8710
nsCSSFrameConstructor::RecreateFramesForContent(nsIPresContext * 0x04728720, 
nsIContent * 0x04039fa0, int 0, nsIStyleRule * 0x00000000, nsIStyleContext * 
0x00000000) line 11794 + 47 bytes
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const 
0x04731660, nsIPresContext * 0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom 
* 0x00ab2eb0, int 1, int 5) line 10494 + 38 bytes
StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x04731730, nsIPresContext * 
0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 1495
PresShell::AttributeChanged(PresShell * const 0x047312b8, nsIDocument * 
0x0472dd60, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 5121 + 61 bytes
nsDocument::AttributeChanged(nsDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1972 + 36 bytes
nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1358
nsGenericHTMLElement::SetHTMLAttribute(nsGenericHTMLElement * const 0x04039fa0, 
nsIAtom * 0x00ab2eb0, const nsHTMLValue & {...}, int 1) line 1845
nsGenericHTMLElement::SetAttr(nsGenericHTMLElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 1580 + 27 bytes
nsGenericHTMLElement::SetFormControlAttribute(nsIForm * 0x0403d110, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 4142 + 28 bytes
nsGenericHTMLLeafFormElement::SetAttr(nsGenericHTMLLeafFormElement * const 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 
4363
nsHTMLInputElement::SetAttr(nsHTMLInputElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 162 + 25 bytes
nsHTMLButtonControlFrame::SetProperty(nsHTMLButtonControlFrame * const 
0x033ac4d4, nsIPresContext * 0x04728720, nsIAtom * 0x00ab2eb0, const nsAString & 
{...}) line 765 + 38 bytes
nsGfxButtonControlFrame::RestoreState(nsGfxButtonControlFrame * const 
0x033ac534, nsIPresContext * 0x04728720, nsIPresState * 0x0444ecf0) line 701 + 
33 bytes
FrameManager::RestoreFrameStateFor(FrameManager * const 0x047306d0, 
nsIPresContext * 0x04728720, nsIFrame * 0x033ac49c, nsILayoutHistoryState * 
0x04443350, nsIStatefulFrame::SpecialStateID eNoID) line 2345 + 25 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x04728720, 
nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame * 0x0337e8f4, 
nsIStyleContext * 0x033ac448, nsIFrame * 0x00000000, nsIFrame * 0x033ac49c) line 
6426
nsCSSFrameConstructor::ConstructHTMLFrame(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033ac448, nsFrameItems & {...}) line 4624
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033ac448, nsFrameItems & {...}, int 0) line 6990 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x047312b0, nsIPresContext 
* 0x04728720, nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame 
* 0x0337e8f4, nsFrameItems & {...}) line 6889 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x04731660, 
nsIPresContext * 0x04728720, nsIContent * 0x0403ee10, nsIContent * 0x04039fa0, 
int 3, nsILayoutHistoryState * 0x04443350, int 0) line 8710
nsCSSFrameConstructor::RecreateFramesForContent(nsIPresContext * 0x04728720, 
nsIContent * 0x04039fa0, int 0, nsIStyleRule * 0x00000000, nsIStyleContext * 
0x00000000) line 11794 + 47 bytes
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const 
0x04731660, nsIPresContext * 0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom 
* 0x00ab2eb0, int 1, int 5) line 10494 + 38 bytes
StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x04731730, nsIPresContext * 
0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 1495
PresShell::AttributeChanged(PresShell * const 0x047312b8, nsIDocument * 
0x0472dd60, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 5121 + 61 bytes
nsDocument::AttributeChanged(nsDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1972 + 36 bytes
nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1358
nsGenericHTMLElement::SetHTMLAttribute(nsGenericHTMLElement * const 0x04039fa0, 
nsIAtom * 0x00ab2eb0, const nsHTMLValue & {...}, int 1) line 1845
nsGenericHTMLElement::SetAttr(nsGenericHTMLElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 1580 + 27 bytes
nsGenericHTMLElement::SetFormControlAttribute(nsIForm * 0x0403d110, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 4142 + 28 bytes
nsGenericHTMLLeafFormElement::SetAttr(nsGenericHTMLLeafFormElement * const 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 
4363
nsHTMLInputElement::SetAttr(nsHTMLInputElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 162 + 25 bytes
nsHTMLButtonControlFrame::SetProperty(nsHTMLButtonControlFrame * const 
0x033ac2f0, nsIPresContext * 0x04728720, nsIAtom * 0x00ab2eb0, const nsAString & 
{...}) line 765 + 38 bytes
nsGfxButtonControlFrame::RestoreState(nsGfxButtonControlFrame * const 
0x033ac350, nsIPresContext * 0x04728720, nsIPresState * 0x0444ecf0) line 701 + 
33 bytes
FrameManager::RestoreFrameStateFor(FrameManager * const 0x047306d0, 
nsIPresContext * 0x04728720, nsIFrame * 0x033ac2b8, nsILayoutHistoryState * 
0x04443350, nsIStatefulFrame::SpecialStateID eNoID) line 2345 + 25 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x04728720, 
nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame * 0x0337e8f4, 
nsIStyleContext * 0x033ac264, nsIFrame * 0x00000000, nsIFrame * 0x033ac2b8) line 
6426
nsCSSFrameConstructor::ConstructHTMLFrame(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033ac264, nsFrameItems & {...}) line 4624
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033ac264, nsFrameItems & {...}, int 0) line 6990 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x047312b0, nsIPresContext 
* 0x04728720, nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame 
* 0x0337e8f4, nsFrameItems & {...}) line 6889 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x04731660, 
nsIPresContext * 0x04728720, nsIContent * 0x0403ee10, nsIContent * 0x04039fa0, 
int 3, nsILayoutHistoryState * 0x04443350, int 0) line 8710
nsCSSFrameConstructor::RecreateFramesForContent(nsIPresContext * 0x04728720, 
nsIContent * 0x04039fa0, int 0, nsIStyleRule * 0x00000000, nsIStyleContext * 
0x00000000) line 11794 + 47 bytes
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const 
0x04731660, nsIPresContext * 0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom 
* 0x00ab2eb0, int 1, int 5) line 10494 + 38 bytes
StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x04731730, nsIPresContext * 
0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 1495
PresShell::AttributeChanged(PresShell * const 0x047312b8, nsIDocument * 
0x0472dd60, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 5121 + 61 bytes
nsDocument::AttributeChanged(nsDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1972 + 36 bytes
nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1358
nsGenericHTMLElement::SetHTMLAttribute(nsGenericHTMLElement * const 0x04039fa0, 
nsIAtom * 0x00ab2eb0, const nsHTMLValue & {...}, int 1) line 1845
nsGenericHTMLElement::SetAttr(nsGenericHTMLElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 1580 + 27 bytes
nsGenericHTMLElement::SetFormControlAttribute(nsIForm * 0x0403d110, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 4142 + 28 bytes
nsGenericHTMLLeafFormElement::SetAttr(nsGenericHTMLLeafFormElement * const 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 
4363
nsHTMLInputElement::SetAttr(nsHTMLInputElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 162 + 25 bytes
nsHTMLButtonControlFrame::SetProperty(nsHTMLButtonControlFrame * const 
0x033ac10c, nsIPresContext * 0x04728720, nsIAtom * 0x00ab2eb0, const nsAString & 
{...}) line 765 + 38 bytes
nsGfxButtonControlFrame::RestoreState(nsGfxButtonControlFrame * const 
0x033ac16c, nsIPresContext * 0x04728720, nsIPresState * 0x0444ecf0) line 701 + 
33 bytes
FrameManager::RestoreFrameStateFor(FrameManager * const 0x047306d0, 
nsIPresContext * 0x04728720, nsIFrame * 0x033ac0d4, nsILayoutHistoryState * 
0x04443350, nsIStatefulFrame::SpecialStateID eNoID) line 2345 + 25 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x04728720, 
nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame * 0x0337e8f4, 
nsIStyleContext * 0x033ac080, nsIFrame * 0x00000000, nsIFrame * 0x033ac0d4) line 
6426
nsCSSFrameConstructor::ConstructHTMLFrame(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033ac080, nsFrameItems & {...}) line 4624
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033ac080, nsFrameItems & {...}, int 0) line 6990 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x047312b0, nsIPresContext 
* 0x04728720, nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame 
* 0x0337e8f4, nsFrameItems & {...}) line 6889 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x04731660, 
nsIPresContext * 0x04728720, nsIContent * 0x0403ee10, nsIContent * 0x04039fa0, 
int 3, nsILayoutHistoryState * 0x04443350, int 0) line 8710
nsCSSFrameConstructor::RecreateFramesForContent(nsIPresContext * 0x04728720, 
nsIContent * 0x04039fa0, int 0, nsIStyleRule * 0x00000000, nsIStyleContext * 
0x00000000) line 11794 + 47 bytes
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const 
0x04731660, nsIPresContext * 0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom 
* 0x00ab2eb0, int 1, int 5) line 10494 + 38 bytes
StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x04731730, nsIPresContext * 
0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 1495
PresShell::AttributeChanged(PresShell * const 0x047312b8, nsIDocument * 
0x0472dd60, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 5121 + 61 bytes
nsDocument::AttributeChanged(nsDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1972 + 36 bytes
nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1358
nsGenericHTMLElement::SetHTMLAttribute(nsGenericHTMLElement * const 0x04039fa0, 
nsIAtom * 0x00ab2eb0, const nsHTMLValue & {...}, int 1) line 1845
nsGenericHTMLElement::SetAttr(nsGenericHTMLElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 1580 + 27 bytes
nsGenericHTMLElement::SetFormControlAttribute(nsIForm * 0x0403d110, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 4142 + 28 bytes
nsGenericHTMLLeafFormElement::SetAttr(nsGenericHTMLLeafFormElement * const 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 
4363
nsHTMLInputElement::SetAttr(nsHTMLInputElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 162 + 25 bytes
nsHTMLButtonControlFrame::SetProperty(nsHTMLButtonControlFrame * const 
0x033abed0, nsIPresContext * 0x04728720, nsIAtom * 0x00ab2eb0, const nsAString & 
{...}) line 765 + 38 bytes
nsGfxButtonControlFrame::RestoreState(nsGfxButtonControlFrame * const 
0x033abf30, nsIPresContext * 0x04728720, nsIPresState * 0x0444ecf0) line 701 + 
33 bytes
FrameManager::RestoreFrameStateFor(FrameManager * const 0x047306d0, 
nsIPresContext * 0x04728720, nsIFrame * 0x033abe98, nsILayoutHistoryState * 
0x04443350, nsIStatefulFrame::SpecialStateID eNoID) line 2345 + 25 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x04728720, 
nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame * 0x0337e8f4, 
nsIStyleContext * 0x033abe44, nsIFrame * 0x00000000, nsIFrame * 0x033abe98) line 
6426
nsCSSFrameConstructor::ConstructHTMLFrame(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033abe44, nsFrameItems & {...}) line 4624
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x047312b0, 
nsIPresContext * 0x04728720, nsFrameConstructorState & {...}, nsIContent * 
0x04039fa0, nsIFrame * 0x0337e8f4, nsIAtom * 0x00a98060, int 3, nsIStyleContext 
* 0x033abe44, nsFrameItems & {...}, int 0) line 6990 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x047312b0, nsIPresContext 
* 0x04728720, nsFrameConstructorState & {...}, nsIContent * 0x04039fa0, nsIFrame 
* 0x0337e8f4, nsFrameItems & {...}) line 6889 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x04731660, 
nsIPresContext * 0x04728720, nsIContent * 0x0403ee10, nsIContent * 0x04039fa0, 
int 3, nsILayoutHistoryState * 0x04443350, int 0) line 8710
nsCSSFrameConstructor::RecreateFramesForContent(nsIPresContext * 0x04728720, 
nsIContent * 0x04039fa0, int 0, nsIStyleRule * 0x00000000, nsIStyleContext * 
0x00000000) line 11794 + 47 bytes
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const 
0x04731660, nsIPresContext * 0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom 
* 0x00ab2eb0, int 1, int 5) line 10494 + 38 bytes
StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x04731730, nsIPresContext * 
0x04728720, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 1495
PresShell::AttributeChanged(PresShell * const 0x047312b8, nsIDocument * 
0x0472dd60, nsIContent * 0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) 
line 5121 + 61 bytes
nsDocument::AttributeChanged(nsDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1972 + 36 bytes
nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x0472dd60, nsIContent * 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, int 1, int 5) line 1358
nsGenericHTMLElement::SetHTMLAttribute(nsGenericHTMLElement * const 0x04039fa0, 
nsIAtom * 0x00ab2eb0, const nsHTMLValue & {...}, int 1) line 1845
nsGenericHTMLElement::SetAttr(nsGenericHTMLElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 1580 + 27 bytes
nsGenericHTMLElement::SetFormControlAttribute(nsIForm * 0x0403d110, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 4142 + 28 bytes
nsGenericHTMLLeafFormElement::SetAttr(nsGenericHTMLLeafFormElement * const 
0x04039fa0, int 0, nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 
4363
nsHTMLInputElement::SetAttr(nsHTMLInputElement * const 0x04039fa0, int 0, 
nsIAtom * 0x00ab2eb0, const nsAString & {...}, int 1) line 162 +

Stephen P. Morse

Reporter

Comment 1

•

23 years ago

Using a tree that I pulled and built yesterday (1-24-2001)

Arthur

Comment 2

•

23 years ago

Not crashing on Linux build 2002012505 (0.9.8 branch). But going entirely back
to this bug page I've discovered, that the caret doesn't show up when clicking
in a text area...

Chris Petersen

Comment 3

•

23 years ago

Changing QA contact

QA Contact: petersen → moied

Boris Zbarsky [:bzbarsky]

Comment 4

•

23 years ago

jkeiser, I see form controls in there...

Keywords: crash

Kevin McCluskey (gone)

Updated

•

23 years ago

Target Milestone: --- → mozilla1.0

Stephen P. Morse

Reporter

Comment 5

•

23 years ago

Raising priority since this is a crash.

Severity: normal → major

Stephen P. Morse

Reporter

Updated

•

23 years ago

URL: http://home.pacbell.net/spmorse/ellis...

Stephen P. Morse

Reporter

Updated

•

23 years ago

Keywords: nsbeta1

Kevin McCluskey (gone)

Comment 6

•

23 years ago

Confirmed using 2002021203 build on WINNT.
Marking nsbeta1+

Keywords: nsbeta1 → nsbeta1+

Moied

Comment 7

•

23 years ago

Tried repro steps listed above with build ID 20020214 on win2k, Talk back ID 
2958526, 2958384
Changing OS to ALL
Raising priority since this is a crash to P2

Priority: -- → P2

Kevin McCluskey (gone)

Updated

•

23 years ago

Severity: major → critical

karnaze (gone)

Comment 8

•

22 years ago

This is an infinite recursion problem with form controls that eventually runs 
out of space. ->form controls

nsNodeInfoManager::GetNodeInfo(nsNodeInfoManager * const 0x03be27d8, nsIAtom * 
0x02caa2f0 {"autocomplete"}, nsIAtom * 0x00000000 {???}, int 0, nsINodeInfo * & 
0x00000000) line 189 + 7 bytes
nsNodeInfoManager::GetNodeInfo(nsNodeInfoManager * const 0x03be27d8, const 
nsAString & {...}, nsIAtom * 0x00000000 {???}, int 0, nsINodeInfo * & 
0x00000000) line 216 + 33 bytes
nsGenericHTMLElement::NormalizeAttrString(nsGenericHTMLElement * const 
0x03be7fd8, const nsAString & {...}, nsINodeInfo * & 0x00000000) line 1572 + 47 
bytes
nsGenericElement::GetAttribute(nsGenericElement * const 0x03be7fd8, const 
nsAString & {...}, nsAString & {...}) line 927 + 40 bytes
nsGenericHTMLElement::GetAttribute(nsGenericHTMLElement * const 0x03be7fd8, 
const nsAString & {...}, nsAString & {...}) line 104
nsHTMLInputElement::GetAttribute(nsHTMLInputElement * const 0x03be7fd8, const 
nsAString & {...}, nsAString & {...}) line 141 + 20 bytes
IsAutocompleteOff(nsIDOMElement * 0x03be8004) line 2418 + 39 bytes
FrameManager::GenerateStateKey(FrameManager * const 0x02ac16c8, nsIContent * 
0x03be7fd8, nsIStatefulFrame::SpecialStateID eNoID, nsCString & {""}) line 2448 
+ 26 bytes
FrameManager::RestoreFrameStateFor(FrameManager * const 0x02ac16c8, 
nsIPresContext * 0x043f3020, nsIFrame * 0x01589854, nsILayoutHistoryState * 
0x03b07420, nsIStatefulFrame::SpecialStateID eNoID) line 2333 + 32 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x043f3020, 
nsFrameConstructorState & {...}, nsIContent * 0x03be7fd8, nsIFrame * 0x03a920a8, 
nsIStyleContext * 0x01589800, nsIFrame * 0x00000000, nsIFrame * 0x01589854) line 
6500
nsCSSFrameConstructor::ConstructHTMLFrame(nsIPresShell * 0x043f1228, 
nsIPresContext * 0x043f3020, nsFrameConstructorState & {...}, nsIContent * 
0x03be7fd8, nsIFrame * 0x03a920a8, nsIAtom * 0x015330c8 {"input"}, int 3, 
nsIStyleContext * 0x01589800, nsFrameItems & {...}) line 4698
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x043f1228, 
nsIPresContext * 0x043f3020, nsFrameConstructorState & {...}, nsIContent * 
0x03be7fd8, nsIFrame * 0x03a920a8, nsIAtom * 0x015330c8 {"input"}, int 3, 
nsIStyleContext * 0x01589800, nsFrameItems & {...}, int 0) line 7053 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x043f1228, nsIPresContext 
* 0x043f3020, nsFrameConstructorState & {...}, nsIContent * 0x03be7fd8, nsIFrame 
* 0x03a920a8, nsFrameItems & {...}) line 6952 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x03847a80, 
nsIPresContext * 0x043f3020, nsIContent * 0x03caf770, nsIContent * 0x03be7fd8, 
int 3, nsILayoutHistoryState * 0x03b07420, int 0) line 8799
nsCSSFrameConstructor::RecreateFramesForContent(nsIPresContext * 0x043f3020, 
nsIContent * 0x03be7fd8, int 0, nsIStyleRule * 0x00000000, nsIStyleContext * 
0x00000000) line 11917 + 47 bytes
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const 
0x03847a80, nsIPresContext * 0x043f3020, nsIContent * 0x03be7fd8, int 0, nsIAtom 
* 0x0153ba30 {"value"}, int 1, int 5) line 10602 + 38 bytes
StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x038479f8, nsIPresContext * 
0x043f3020, nsIContent * 0x03be7fd8, int 0, nsIAtom * 0x0153ba30 {"value"}, int 
1, int 5) line 1498
PresShell::AttributeChanged(PresShell * const 0x043f1230, nsIDocument * 
0x03a5adc0, nsIContent * 0x03be7fd8, int 0, nsIAtom * 0x0153ba30 {"value"}, int 
1, int 5) line 5126 + 61 bytes
nsDocument::AttributeChanged(nsDocument * const 0x03a5adc0, nsIContent * 
0x03be7fd8, int 0, nsIAtom * 0x0153ba30 {"value"}, int 1, int 5) line 1992 + 36 
bytes
nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x03a5adc0, nsIContent * 
0x03be7fd8, int 0, nsIAtom * 0x0153ba30 {"value"}, int 1, int 5) line 1463
nsGenericHTMLElement::SetHTMLAttribute(nsGenericHTMLElement * const 0x03be7fd8, 
nsIAtom * 0x0153ba30 {"value"}, const nsHTMLValue & {...}, int 1) line 1894
nsGenericHTMLElement::SetAttr(nsGenericHTMLElement * const 0x03be7fd8, int 0, 
nsIAtom * 0x0153ba30 {"value"}, const nsAString & {...}, int 1) line 1629 + 27 
bytes
nsGenericHTMLElement::SetFormControlAttribute(nsIForm * 0x03caf4c0, int 0, 
nsIAtom * 0x0153ba30 {"value"}, const nsAString & {...}, int 1) line 4198 + 28 
bytes
nsGenericHTMLLeafFormElement::SetAttr(nsGenericHTMLLeafFormElement * const 
0x03be7fd8, int 0, nsIAtom * 0x0153ba30 {"value"}, const nsAString & {...}, int 
1) line 4417
nsHTMLInputElement::SetAttr(nsHTMLInputElement * const 0x03be7fd8, int 0, 
nsIAtom * 0x0153ba30 {"value"}, const nsAString & {...}, int 1) line 183 + 25 
bytes
nsHTMLButtonControlFrame::SetProperty(nsHTMLButtonControlFrame * const 
0x015896a8, nsIPresContext * 0x043f3020, nsIAtom * 0x0153ba30 {"value"}, const 
nsAString & {...}) line 752 + 38 bytes
nsGfxButtonControlFrame::RestoreState(nsGfxButtonControlFrame * const 
0x01589708, nsIPresContext * 0x043f3020, nsIPresState * 0x03b377f8) line 701 + 
33 bytes
FrameManager::RestoreFrameStateFor(FrameManager * const 0x02ac16c8, 
nsIPresContext * 0x043f3020, nsIFrame * 0x01589670, nsILayoutHistoryState * 
0x03b07420, nsIStatefulFrame::SpecialStateID eNoID) line 2346 + 25 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x043f3020, 
nsFrameConstructorState & {...}, nsIContent * 0x03be7fd8, nsIFrame * 0x03a920a8, 
nsIStyleContext * 0x0158961c, nsIFrame * 0x00000000, nsIFrame * 0x01589670) line 
6500
nsCSSFrameConstructor::ConstructHTMLFrame(nsIPresShell * 0x043f1228, 
nsIPresContext * 0x043f3020, nsFrameConstructorState & {...}, nsIContent * 
0x03be7fd8, nsIFrame * 0x03a920a8, nsIAtom * 0x015330c8 {"input"}, int 3, 
nsIStyleContext * 0x0158961c, nsFrameItems & {...}) line 4698
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x043f1228, 
nsIPresContext * 0x043f3020, nsFrameConstructorState & {...}, nsIContent * 
0x03be7fd8, nsIFrame * 0x03a920a8, nsIAtom * 0x015330c8 {"input"}, int 3, 
nsIStyleContext * 0x0158961c, nsFrameItems & {...}, int 0) line 7053 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x043f1228, nsIPresContext 
* 0x043f3020, nsFrameConstructorState & {...}, nsIContent * 0x03be7fd8, nsIFrame 
* 0x03a920a8, nsFrameItems & {...}) line 6952 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x03847a80, 
nsIPresContext * 0x043f3020, nsIContent * 0x03caf770, nsIContent * 0x03be7fd8, 
int 3, nsILayoutHistoryState * 0x03b07420, int 0) line 8799
nsCSSFrameConstructor::RecreateFramesForContent(nsIPresContext * 0x043f3020, 
nsIContent * 0x03be7fd8, int 0, nsIStyleRule * 0x00000000, nsIStyleContext * 
0x00000000) line 11917 + 47 bytes
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const 
0x03847a80, nsIPresContext * 0x043f3020, nsIContent * 0x03be7fd8, int 0, nsIAtom 
* 0x0153ba30 {"value"}, int 1, int 5) line 10602 + 38 bytes
StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x038479f8, nsIPresContext * 
0x043f3020, nsIContent * 0x03be7fd8, int 0, nsIAtom * 0x0153ba30 {"value"}, int 
1, int 5) line 1498
PresShell::AttributeChanged(PresShell * const 0x043f1230, nsIDocument * 
0x03a5adc0, nsIContent * 0x03be7fd8, int 0, nsIAtom * 0x0153ba30 {"value"}, int 
1, int 5) line 5126 + 61 bytes
nsDocument::AttributeChanged(nsDocument * const 0x03a5adc0, nsIContent * 
0x03be7fd8, int 0, nsIAtom * 0x0153ba30 {"value"}, int 1, int 5) line 1992 + 36 
bytes
nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x03a5adc0, nsIContent * 
0x03be7fd8, int 0, nsIAtom * 0x0153ba30 {"value"}, int 1, int 5) line 1463
nsGenericHTMLElement::SetHTMLAttribute(nsGenericHTMLElement * const 0x03be7fd8, 
nsIAtom * 0x0153ba30 {"value"}, const nsHTMLValue & {...}, int 1) line 1894
nsGenericHTMLElement::SetAttr(nsGenericHTMLElement * const 0x03be7fd8, int 0, 
nsIAtom * 0x0153ba30 {"value"}, const nsAString & {...}, int 1) line 1629 + 27 
bytes
nsGenericHTMLElement::SetFormControlAttribute(nsIForm * 0x03caf4c0, int 0, 
nsIAtom * 0x0153ba30 {"value"}, const nsAString & {...}, int 1) line 4198 + 28 
bytes
nsGenericHTMLLeafFormElement::SetAttr(nsGenericHTMLLeafFormElement * const 
0x03be7fd8, int 0, nsIAtom * 0x0153ba30 {"value"}, const nsAString & {...}, int 
1) line 4417
nsHTMLInputElement::SetAttr(nsHTMLInputElement * const 0x03be7fd8, int 0, 
nsIAtom * 0x0153ba30 {"value"}, const nsAString & {...}, int 1) line 183 + 25 
bytes
nsHTMLButtonControlFrame::SetProperty(nsHTMLButtonControlFrame * const 
0x015894f0, nsIPresContext * 0x043f3020, nsIAtom * 0x0153ba30 {"value"}, const 
nsAString & {...}) line 752 + 38 bytes
nsGfxButtonControlFrame::RestoreState(nsGfxButtonControlFrame * const 
0x01589550, nsIPresContext * 0x043f3020, nsIPresState * 0x03b377f8) line 701 + 
33 bytes
FrameManager::RestoreFrameStateFor(FrameManager * const 0x02ac16c8, 
nsIPresContext * 0x043f3020, nsIFrame * 0x015894b8, nsILayoutHistoryState * 
0x03b07420, nsIStatefulFrame::SpecialStateID eNoID) line 2346 + 25 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x043f3020, 
nsFrameConstructorState & {...}, nsIContent * 0x03be7fd8, nsIFrame * 0x03a920a8, 
nsIStyleContext * 0x01589464, nsIFrame * 0x00000000, nsIFrame * 0x015894b8) line 
6500
nsCSSFrameConstructor::ConstructHTMLFrame(nsIPresShell * 0x043f1228, 
nsIPresContext * 0x043f3020, nsFrameConstructorState & {...}, nsIContent * 
0x03be7fd8, nsIFrame * 0x03a920a8, nsIAtom * 0x015330c8 {"input"}, int 3, 
nsIStyleContext * 0x01589464, nsFrameItems & {...}) line 4698
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x043f1228, 
nsIPresContext * 0x043f3020, nsFrameConstructorState & {...}, nsIContent * 
0x03be7fd8, nsIFrame * 0x03a920a8, nsIAtom * 0x015330c8 {"input"}, int 3, 
nsIStyleContext * 0x01589464, nsFrameItems & {...}, int 0) line 7053 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x043f1228, nsIPresContext 
* 0x043f3020, nsFrameConstructorState & {...}, nsIContent * 0x03be7fd8, nsIFrame 
* 0x03a920a8, nsFrameItems & {...}) line 6952 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x03847a80, 
nsIPresContext * 0x043f3020, nsIContent * 0x03caf770, nsIContent * 0x03be7fd8, 
int 3, nsILayoutHistoryState * 0x03b07420, int 0) line 8799
nsCSSFrameConstructor::RecreateFramesForContent(nsIPresContext * 0x043f3020, 
nsIContent * 0x03be7fd8, int 0, nsIStyleRule * 0x00000000, nsIStyleContext * 
0x00000000) line 11917 + 47 bytes
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const 
0x03847a80, nsIPresContext * 0x043f3020, nsIContent * 0x03be7fd8, int 0, nsIAtom 
* 0x0153ba30 {"value"}, int 1, int 5) line 10602 + 38 bytes

see the pattern

Assignee: attinasi → rods

Component: Layout → HTML Form Controls

QA Contact: moied → madhur

rods (gone)

Comment 9

•

22 years ago

This would be john's bug.

Assignee: rods → jkeiser

John Keiser (jkeiser)

Assignee

Comment 10

•

22 years ago

I couldn't reproduce this.

However, it looks to me like the problem is, constructing the frame does not add
the frame into the frame map immediately, and it is calling causing
Button::RestoreFrameState() to occur, which is causing
nsHTMLInputElement::SetAttr("value") to occur, which is causing the style system
to get the hint that it needs to re-style.  When it notices that there is no
frame in the frame map, it tries to construct one, which starts the process over
again.

Bug 108309 will fix this ... I do not see why it ever worked, but if we restore
in content this will simply go away.

Depends on: 108309

Stephen P. Morse

Reporter

Comment 11

•

22 years ago

I just tried with a build that I made last night and I can no longer reproduce 
it either.  But I am able to reproduce it on a build from March 6.  So it 
looks like some checkin during the past week fixed it.

However there is a extremely long delay from the time you hit the back 
button until the preceding page is redisplayed.  So I suspect that there still 
is an awful lot of recursion going on, but it no longer leads to a crash.

John Keiser (jkeiser)

Assignee

Comment 12

•

22 years ago

Good, at least we have something to verify whether it's fixed when bug 108309 lands.

Syd Logan

Comment 13

•

22 years ago

nsbeta1- per adt triage

Keywords: nsbeta1+ → nsbeta1-

Target Milestone: mozilla1.0 → ---

Stephen P. Morse

Reporter

Comment 14

•

22 years ago

Not only do I no longer see the crash, but I don't even see the delay that I 
commented about above.  Closing this out as wfm.

Status: NEW → RESOLVED

Closed: 22 years ago

Resolution: --- → WORKSFORME

Terri Preston

Updated

•

22 years ago

QA Contact: madhur → tpreston

Terri Preston

Comment 15

•

22 years ago

Verified fixed win XP trunk build 2002052809

Status: RESOLVED → VERIFIED

Bugzilla

Quick Search

crash in nsString::SetLength, looks like infinite recursion

Categories

(Core :: Layout: Form Controls, defect, P2)

Tracking

()

People

(Reporter: morse, Assigned: john)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Comment 3

Comment 4

Updated

Comment 5

Updated

Updated

Comment 6

Comment 7

Updated

Comment 8

Comment 9

Comment 10

Comment 11

Comment 12

Comment 13

Comment 14

Updated

Comment 15