Closed Bug 125579 Opened 23 years ago Closed 23 years ago

css related crash (at RuleProcessorData::RuleProcessorData)

Categories

(Core :: CSS Parsing and Computation, defect, P1)

Product:
Core
Component:
CSS Parsing and Computation
Platform:
PowerPC
macOS
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 118014
Milestone:
mozilla1.0

People

(Reporter: carstenklapp, Assigned: dbaron)

References

(
URL
)

Details

Mozilla 0.98 crashes due to some css bug (which I can't isolate precisely). Removing the stylesheet from the server seems to solve the problem. Also this crash didn't happen in 0.97. Steps to see the crash: 1. Make sure javascript is enabled. 2. Go to http://phpwiki.sourceforge.net/alpha/en/ 3. Type "wikiadmin" into the SignIn field in the lower right corner, then hit return or tab to submit. 4. The browser will be redirected to another page to enter the password. Sometimes the crash happens before this page is displayed. 5. If you're still running, hit the back button, Mozilla should crash at this point. (Note that you must type in 'wikiadmin', otherwise you won't be redirected to the password screen). The stylesheet's location is: http://phpwiki.sourceforge.net/alpha/phpwiki.css Mac OS X, Mozilla 0.98 carbon, Build ID: 2002020516 Here's the Mac OS X crash log: Date/Time: 2002-02-14 16:01:45 -0500 OS Version: 10.1.2 (Build 5P48) Host: localhost Command: Mozilla PID: 403 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000025 Thread 0 Crashed: #0 0x027bb62c in _ct__17RuleProcessorDataFP14nsIPresContextP10nsIContentP12nsR #1 0x027bb9b0 in RuleProcessorData::_dt(void) #2 0x02756dec in StyleSetImpl::ResolveStyleFor(nsIPresContext *, nsIContent *) #3 0x02e7af98 in ResolveStyleContextFor__13nsPresContextFP10nsIContentP15nsISty #4 0x02fa0070 in ReResolveStyleContext__12FrameManagerFP14nsIPresContextP8nsIFr #5 0x02fa02b4 in ReResolveStyleContext__12FrameManagerFP14nsIPresContextP8nsIFr #6 0x02fa02b4 in ReResolveStyleContext__12FrameManagerFP14nsIPresContextP8nsIFr #7 0x02fa04f0 in ComputeStyleChangeFor__12FrameManagerFP14nsIPresContextP8nsIFr #8 0x02e8d804 in PresShell::ReconstructStyleData(int) #9 0x02e8d9bc in PresShell::StyleSheetAdded(nsIDocument *, nsIStyleSheet *) #10 0x02747f30 in nsDocument::InsertStyleSheetAt(nsIStyleSheet *, int, int) #11 0x02918ba4 in InsertSheetInDoc__13CSSLoaderImplFP16nsICSSStyleSheetiP10nsICo #12 0x029179e0 in SheetComplete__13CSSLoaderImplFP16nsICSSStyleSheetP13SheetLoad #13 0x029173c0 in CSSLoaderImpl::Cleanup(URLKey &, SheetLoadData *) #14 0x02917a98 in SheetComplete__13CSSLoaderImplFP16nsICSSStyleSheetP13SheetLoad #15 0x02917d80 in ParseSheet__13CSSLoaderImplFP21nsIUnicharInputStreamP13SheetLo #16 0x02917fb4 in DidLoadStyle__13CSSLoaderImplFP15nsIStreamLoaderP8nsStringP13S #17 0x02917068 in OnStreamComplete__13SheetLoadDataFP15nsIStreamLoaderP11nsISupp #18 0x0229bf98 in nsStreamLoader::OnStopRequest(nsIRequest *, nsISupports *, unsigned int) #19 0x022ee844 in nsHttpChannel::OnStopRequest(nsIRequest *, nsISupports *, unsigned int) #20 0x022e0d50 in nsOnStopRequestEvent::HandleEvent(void) #21 0x022e0150 in nsARequestObserverEvent::HandlePLEvent(PLEvent *) #22 0x005dba30 in PL_HandleEvent #23 0x005db89c in PL_ProcessPendingEvents #24 0x0058217c in nsEventQueueImpl::ProcessPendingEvents(void) #25 0x024b084c in nsMacNSPREventQueueHandler::ProcessPLEventQueue(void) #26 0x024b0610 in nsMacNSPREventQueueHandler::RepeatAction(EventRecord const &) #27 0x02500b14 in Repeater::DoRepeaters(EventRecord const &) #28 0x024c3af8 in nsMacMessagePump::DispatchEvent(int, EventRecord *) #29 0x024c36d0 in nsMacMessagePump::DoMessagePump(void) #30 0x024c300c in nsAppShell::Run(void) #31 0x02478e4c in nsAppShellService::Run(void) #32 0x004b1bb4 in main1(int, char **, nsISupports *) #33 0x004b268c in main Thread 1: #0 0x7000497c in syscall #1 0x70557600 in BSD_waitevent #2 0x70554b80 in CarbonSelectThreadFunc #3 0x7002054c in _pthread_body Thread 2: #0 0x7003f4c8 in semaphore_wait_signal_trap #1 0x7003f2c8 in _pthread_cond_wait #2 0x705593ec in CarbonOperationThreadFunc #3 0x7002054c in _pthread_body Thread 3: #0 0x70044cf8 in semaphore_timedwait_signal_trap #1 0x70044cd8 in semaphore_timedwait_signal #2 0x70283ea4 in TSWaitOnConditionTimedRelative #3 0x7027d748 in TSWaitOnSemaphoreCommon #4 0x702c2078 in TimerThread #5 0x7002054c in _pthread_body Thread 4: #0 0x7003f4c8 in semaphore_wait_signal_trap #1 0x7003f2c8 in _pthread_cond_wait #2 0x70250ab0 in TSWaitOnCondition #3 0x7027d730 in TSWaitOnSemaphoreCommon #4 0x70243d14 in AsyncFileThread #5 0x7002054c in _pthread_body Thread 5: #0 0x7003f4c8 in semaphore_wait_signal_trap #1 0x7003f2c8 in _pthread_cond_wait #2 0x7055b884 in CarbonInetOperThreadFunc #3 0x7002054c in _pthread_body Thread 6: #0 0x70000978 in mach_msg_overwrite_trap #1 0x70005a04 in mach_msg #2 0x70026a2c in _pthread_become_available #3 0x70026724 in pthread_exit #4 0x70020550 in _pthread_body PPC Thread State: srr0: 0x027bb62c srr1: 0x0200f030 vrsave: 0x00000000 xer: 0x00000020 lr: 0x027bb5e4 ctr: 0x02e7a490 mq: 0x00000000 r0: 0x00000000 r1: 0xbfffe4f0 r2: 0x02b07000 r3: 0x03474810 r4: 0xbfffe5ac r5: 0x03474810 r6: 0x04749010 r7: 0x00000000 r8: 0x02b8e7cc r9: 0x00000024 r10: 0x00000001 r11: 0x08159b5a r12: 0x00000001 r13: 0x0431dfb0 r14: 0x03cca088 r15: 0xbfffee70 r16: 0x03c84ff8 r17: 0x030e9588 r18: 0x04637300 r19: 0xbfffe74c r20: 0x00000000 r21: 0x06f2d040 r22: 0xffffffff r23: 0xbfffe93c r24: 0x00000000 r25: 0x06f29fb0 r26: 0x0415cb40 r27: 0x06f29fb0 r28: 0x03474810 r29: 0x03cca088 r30: 0xbfffe57c r31: 0x03474810 **********
Not a DOM problem, over to the Style System.
Assignee: jst → dbaron
Component: DOM Style → Style System
Reporter, Can you try in a nightly OS X build ? I tried with the Feb 14th OS X build (2002-02-14-13) but can't reproduce crash.
The nightly build seems to crash too. :-( When running the release version 0.98 I also noticed another message in the console.log which appears at the time of the crash, but this message doesn't happen with the nightly build: *** malloc[1014]: Deallocation of a pointer not malloced: 0xffffffff; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug Feb 14 23:01:04 CPE0030657c1aa6 /usr/libexec/CrashReporter: Succeeded writing crash report: /Users/ carsten/Library/Logs/Mozilla.crash.log Here's the crash log from the nightly build, Build ID: 2002021413 (it looks identical except for the hex numbers) ********** Date/Time: 2002-02-14 23:04:57 -0500 OS Version: 10.1.2 (Build 5P48) Host: localhost Command: Mozilla PID: 1030 Exception: EXC_BAD_INSTRUCTION (0x0002) Code[0]: 0x00000002 Code[1]: 0x057ff5dc Thread 0 Crashed: #0 0x057ff5dc in 0x57ff5dc #1 0x02578610 in RuleProcessorData::_dt(void) #2 0x02513cac in StyleSetImpl::ResolveStyleFor(nsIPresContext *, nsIContent *) #3 0x02d7c188 in ResolveStyleContextFor__13nsPresContextFP10nsIContentP15nsISty #4 0x02ea2170 in ReResolveStyleContext__12FrameManagerFP14nsIPresContextP8nsIFr #5 0x02ea23b4 in ReResolveStyleContext__12FrameManagerFP14nsIPresContextP8nsIFr #6 0x02ea23b4 in ReResolveStyleContext__12FrameManagerFP14nsIPresContextP8nsIFr #7 0x02ea25f0 in ComputeStyleChangeFor__12FrameManagerFP14nsIPresContextP8nsIFr #8 0x02d8ea64 in PresShell::ReconstructStyleData(int) #9 0x02d8ec1c in PresShell::StyleSheetAdded(nsIDocument *, nsIStyleSheet *) #10 0x025055b0 in nsDocument::InsertStyleSheetAt(nsIStyleSheet *, int, int) #11 0x026dc614 in InsertSheetInDoc__13CSSLoaderImplFP16nsICSSStyleSheetiP10nsICo #12 0x026db430 in SheetComplete__13CSSLoaderImplFP16nsICSSStyleSheetP13SheetLoad #13 0x026dadf0 in CSSLoaderImpl::Cleanup(URLKey &, SheetLoadData *) #14 0x026db4e8 in SheetComplete__13CSSLoaderImplFP16nsICSSStyleSheetP13SheetLoad #15 0x026db7d0 in ParseSheet__13CSSLoaderImplFP21nsIUnicharInputStreamP13SheetLo #16 0x026dba04 in DidLoadStyle__13CSSLoaderImplFP15nsIStreamLoaderP8nsStringP13S #17 0x026daaa4 in OnStreamComplete__13SheetLoadDataFP15nsIStreamLoaderP11nsISupp #18 0x03631648 in nsStreamLoader::OnStopRequest(nsIRequest *, nsISupports *, unsigned int) #19 0x03682d74 in nsHttpChannel::OnStopRequest(nsIRequest *, nsISupports *, unsigned int) #20 0x03675030 in nsOnStopRequestEvent::HandleEvent(void) #21 0x03674440 in nsARequestObserverEvent::HandlePLEvent(PLEvent *) #22 0x005e0990 in PL_HandleEvent #23 0x005e07fc in PL_ProcessPendingEvents #24 0x0058565c in nsEventQueueImpl::ProcessPendingEvents(void) #25 0x00585704 in nsEventQueueImpl::ProcessPendingEvents(void) #26 0x03d39abc in nsMacNSPREventQueueHandler::ProcessPLEventQueue(void) #27 0x03d39880 in nsMacNSPREventQueueHandler::RepeatAction(EventRecord const &) #28 0x0189bb14 in Repeater::DoRepeaters(EventRecord const &) #29 0x03d4d938 in nsMacMessagePump::DispatchEvent(int, EventRecord *) #30 0x03d4d510 in nsMacMessagePump::DoMessagePump(void) #31 0x03d4ce8c in nsAppShell::Run(void) #32 0x022a9d3c in nsAppShellService::Run(void) #33 0x004b1ba4 in main1(int, char **, nsISupports *) #34 0x004b267c in main Thread 1: #0 0x7000497c in syscall #1 0x70557600 in BSD_waitevent #2 0x70554b80 in CarbonSelectThreadFunc #3 0x7002054c in _pthread_body Thread 2: #0 0x7003f4c8 in semaphore_wait_signal_trap #1 0x7003f2c8 in _pthread_cond_wait #2 0x705593ec in CarbonOperationThreadFunc #3 0x7002054c in _pthread_body Thread 3: #0 0x70044cf8 in semaphore_timedwait_signal_trap #1 0x70044cd8 in semaphore_timedwait_signal #2 0x70283ea4 in TSWaitOnConditionTimedRelative #3 0x7027d748 in TSWaitOnSemaphoreCommon #4 0x702c2078 in TimerThread #5 0x7002054c in _pthread_body Thread 4: #0 0x7003f4c8 in semaphore_wait_signal_trap #1 0x7003f2c8 in _pthread_cond_wait #2 0x70250ab0 in TSWaitOnCondition #3 0x7027d730 in TSWaitOnSemaphoreCommon #4 0x70243d14 in AsyncFileThread #5 0x7002054c in _pthread_body Thread 5: #0 0x7003f4c8 in semaphore_wait_signal_trap #1 0x7003f2c8 in _pthread_cond_wait #2 0x7055b884 in CarbonInetOperThreadFunc #3 0x7002054c in _pthread_body Thread 6: #0 0x70000978 in mach_msg_overwrite_trap #1 0x70005a04 in mach_msg #2 0x70026a2c in _pthread_become_available #3 0x70026724 in pthread_exit #4 0x70020550 in _pthread_body PPC Thread State: srr0: 0x057ff5dc srr1: 0x0208f030 vrsave: 0x00000000 xer: 0x00000018 lr: 0x02578294 ctr: 0x057ff5dc mq: 0x00000000 r0: 0x057ff5dc r1: 0xbfffe500 r2: 0x00000001 r3: 0x057fe950 r4: 0xbfffe5bc r5: 0x057fe950 r6: 0x0563e9f0 r7: 0x00000000 r8: 0x02958bc0 r9: 0x00000024 r10: 0x00000001 r11: 0x08159b5a r12: 0x057ff600 r13: 0x057fa610 r14: 0x0592a194 r15: 0xbfffee80 r16: 0x0588dc08 r17: 0x02feddd0 r18: 0x057e32b0 r19: 0xbfffe75c r20: 0x00000000 r21: 0x059e1f30 r22: 0xffffffff r23: 0xbfffe94c r24: 0x00000000 r25: 0x0576e290 r26: 0x056f9b00 r27: 0x0576e290 r28: 0x057fe950 r29: 0x0592a194 r30: 0xbfffe58c r31: 0x057fe950 **********
This looks similar to a bug that's on the topcrash list but hard to reproduce. Does the crash happen every time?
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: -- → P1
Summary: css related crash → css related crash (at RuleProcessorData::RuleProcessorData)
Target Milestone: --- → mozilla0.9.9
For me it is happening every time :-( Looking at the crash log I see some references to "style" and assumed this is related to css. Do you think it would be helpful to trim down the stylesheet to see if I can isolate which lines might be inducing the problem? (It's a huge stylesheet).
A simplified testcase (what you get from simplifying both the markup and the stylesheet) might be helpful, although it's possible that it may be easy to fix this even without one. I haven't had a chance to look at it yet...
I think I found an important clue. When I comment out one line near the top of the stylesheet the crash doesn't happen. I performed my example test instructions about 30 times in a row without any crashes at all. /* @import url(phpwiki-heavy.css); */ (Out of curiosity I tested with the filename enclosed in quotes, but it crashes that way too.) Other than this crashing problem, the styles are succesfully being imported from the external stylesheet and as far as I can tell they are rendering correctly. Side note: both stylesheets successfully validate at http://jigsaw.w3.org/css-validator/.
Severity: major → critical
I can't reproduce this crash on a current Linux debug build.
Target Milestone: mozilla0.9.9 → mozilla1.0
*** This bug has been marked as a duplicate of 118014 ***
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.