Closed Bug 131396 Opened 23 years ago Closed 23 years ago

Crash when clicking a javascript link

Categories

(SeaMonkey :: General, defect)

Product:
SeaMonkey
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 118014

People

(Reporter: labaziewiczj, Assigned: asa)

References

(
URL
)

Details

(Keywords: crash)

Attachments

(8 files)

stripped down www.dube.com web page
10.00 KB, application/octet-stream
Details
stripped down www.dube.com web page
10.00 KB, application/octet-stream
Details
another testcase
78 bytes, text/html
Details
testcase part 1
25 bytes, text/css
Details
testcase part 1a
24 bytes, text/css
Details
testcase part 2
141 bytes, text/html
Details
testcase part 3
354 bytes, text/html
Details
testcase part 4
239 bytes, text/html
Details
BuildID: 20020315 Mozilla crashes while processing javascript. Reproducible: Always Steps to Reproduce: 1. Go to www.dube.com 2. Click on "printed catalog" link on the bottom of the page 3. Mozilla crashes Actual Results: Segmentation fault. All open windows close (all owned by this particular user). Expected Results: Menu should pop up? I'm trying to put together a test case. The bug requires a strange mix of frames/stylesheets/javascript to activate. It may take a while.
Reporter: Do you have a talkback ID of that crash ?
I couldn't reproduce the bug on Linux build 2001112721. Clicking on "printed catalog" opens the frame http://www.dube.com/printcatalog/index.html
Linux build 20020315 - I get "An unknown error occured while attempting to load the requested page" when I click on any of the links at the bottom. No crash.
crash with win98 2002031503 talkback tb4117817z
maybe related to bug 129871 bug 118014
So... Andrew: I do get the same message, but then the browser crashes Note: the bug doesn't activate on a copy of dube.com i made on a web server (Apache 1.3.9) 200 meters away. But it does crash when viewing a copy of the page stored on my hard drive. I put together a test case. It _does_ crash my browser. It's five files, tarred. pen dube.html and click on "printed catalog" link. for www.dube.com talkback id: tb4119173Q for local copy talkback id: tb4119233X
the attachment is actually a tar file. Unpack it, and open dube.html. Click on "printed catalog". Error message should pop up and then browser crashes. Sorry for submiting that twice and for confusion.
Attached file another testcase
this is a stripped down version of bottom.html. It just has href="Javascript:void(0);", but I still get the message about an unknown error. Could you try it out and see if you crash with this one too? If it doesn't crash, could you try removing the href="Javascript:void(0)" in your testcase (replace it with href="#") and see if you still crash?
Andrew: your testcase doesn't crash my mozilla nor does it give me an error message. Are there any js preferences I should try to tweak, besides the ones available in edit/preferences...? I replaced javascript:void(0) with a hash and it still crashed. win98 build 20020304 crashes as well in both cases.
I see the crash without the void(0). debug build throws four of these assertions before crashing: ###!!! ASSERTION: no body node: 'bodyContent', file nsCSSRendering.cpp, line 2468 ###!!! Break: at file nsCSSRendering.cpp, line 2468 I'd attach a stacktrace but gdb doesn't seem to want to cooperate.
Attached file testcase part 1
Attached file testcase part 1a
apparently the lack of carriage return here is necessary for the crash... ?
Attached file testcase part 2
Attached file testcase part 3
Attached file testcase part 4
this is the parent html document (original dube.html). I can't crash with original black.html (part 2) being pulled off bugzilla for some reason. But the files I've uploaded do crash when viewed locally. note that including the original black.txt as a <style> section in black.html does not crash. the duplicate onclick and onmousedown handlers are are also necessary.
Stephen, should I ask you for TB4119173Q, TB4117817Z, TB4119233X?
RuleProcessorData::RuleProcessorData() StyleSetImpl::ResolveStyleFor() nsPresContext::ResolveStyleContextFor() FrameManager::ReResolveStyleContext() FrameManager::ReResolveStyleContext() FrameManager::ReResolveStyleContext() FrameManager::ComputeStyleChangeFor() PresShell::ReconstructStyleData() PresShell::StyleSheetAdded() nsDocument::InsertStyleSheetAt() CSSLoaderImpl::InsertSheetInDoc() CSSLoaderImpl::SheetComplete() CSSLoaderImpl::ParseSheet() CSSLoaderImpl::DidLoadStyle() SheetLoadData::OnStreamComplete() nsStreamLoader::OnStopRequest() nsHttpChannel::OnStopRequest() nsOnStopRequestEvent::HandleEvent() nsARequestObserverEvent::HandlePLEvent() PL_HandleEvent() PL_ProcessPendingEvents() nsEventQueueImpl::ProcessPendingEvents() event_processor_callback() our_gdk_io_invoke() libglib-1.2.so.0 + 0xff9e (0x4038df9e) libglib-1.2.so.0 + 0x11773 (0x4038f773) libglib-1.2.so.0 + 0x11d39 (0x4038fd39) libglib-1.2.so.0 + 0x11eec (0x4038feec) libgtk-1.2.so.0 + 0x94333 (0x402aa333) nsAppShell::Run() nsAppShellService::Run() main1() main() libc.so.6 + 0x1c627 (0x404ed627)
*** This bug has been marked as a duplicate of 118014 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
v=aha, stack signatures are same.
Status: RESOLVED → VERIFIED
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: