Closed
Bug 135814
Opened 22 years ago
Closed 22 years ago
Crash on viewing p3p policy summary
Categories
(Core :: XSLT, defect, P1)
Tracking
()
VERIFIED
INVALID
mozilla1.0
People
(Reporter: harishd, Assigned: harishd)
References
()
Details
(Keywords: crash, Whiteboard: [ADT1][hitlist] [m5+])
1) Load the above URL
2) Open up page-Info window
3) Select "Privacy" tab
4) Click on Summary
Result: Crash!
Stack:
memmove(unsigned char * 0x00000000, unsigned char * 0x05b8fa2c, unsigned long
56) line 171
nsCharTraits<unsigned short>::move(unsigned short * 0x00000000, const unsigned
short * 0x05b8fa2c, unsigned int 28) line 149 + 20 bytes
nsCharSinkTraits<unsigned short *>::write(unsigned short * & 0x00000000, const
unsigned short * 0x05b8fa2c, unsigned int 28) line 599 + 19 bytes
copy_string(nsReadingIterator<unsigned short> & {...}, const
nsReadingIterator<unsigned short> & {...}, unsigned short * & 0x00000000) line
90 + 39 bytes
ToNewUnicode(const nsAString & {...}) line 255 + 35 bytes
nsStringKey::nsStringKey(const nsAString & {...}) line 693 + 24 bytes
FindNameSpaceID(const nsAString & {...}) line 151
NameSpaceManagerImpl::RegisterNameSpace(NameSpaceManagerImpl * const 0x04967b20,
const nsAString & {...}, int & 0) line 449 + 9 bytes
nsNodeInfoManager::GetNodeInfo(nsNodeInfoManager * const 0x0493e758, const
nsAString & {...}, const nsAString & {...}, nsINodeInfo * & 0x00000000) line 301
+ 43 bytes
nsXMLDocument::CreateElementNS(nsXMLDocument * const 0x0493e354, const nsAString
& {...}, const nsAString & {...}, nsIDOMElement * * 0x0003396c) line 926 + 61 bytes
txMozillaXMLOutput::startElement(const String & {...}, const int 0) line 340 +
95 bytes
XSLTProcessor::startElement(ProcessorState * 0x0012d394, const String & {...},
const int 0) line 2320
XSLTProcessor::processAction(Node * 0x04a83310, Node * 0x04aeb4f8,
ProcessorState * 0x0012d394) line 1679
XSLTProcessor::processTemplate(Node * 0x04a83310, Node * 0x04a40a78,
ProcessorState * 0x0012d394, NamedMap * 0x04b81ac8) line 1873
XSLTProcessor::processMatchedTemplate(Node * 0x04a40a78, Node * 0x04a83310,
NamedMap * 0x04b81ac8, const String & {...}, ProcessorState::ImportFrame *
0x049c4ee0, ProcessorState * 0x0012d394) line 1921
XSLTProcessor::processAction(Node * 0x04a83310, Node * 0x04aeb9c8,
ProcessorState * 0x0012d394) line 1212
XSLTProcessor::processChildren(Node * 0x04a83310, Element * 0x04aeb4f8,
ProcessorState * 0x0012d394) line 1833
XSLTProcessor::processAction(Node * 0x04a83310, Node * 0x04aeb4f8,
ProcessorState * 0x0012d394) line 1701
XSLTProcessor::processTemplate(Node * 0x04a83310, Node * 0x04a40a78,
ProcessorState * 0x0012d394, NamedMap * 0x04b81690) line 1873
XSLTProcessor::processMatchedTemplate(Node * 0x04a40a78, Node * 0x04a83310,
NamedMap * 0x04b81690, const String & {...}, ProcessorState::ImportFrame *
0x049c4ee0, ProcessorState * 0x0012d394) line 1921
XSLTProcessor::processAction(Node * 0x04a83310, Node * 0x04aeb9c8,
ProcessorState * 0x0012d394) line 1212
XSLTProcessor::processChildren(Node * 0x04a83310, Element * 0x04aeb4f8,
ProcessorState * 0x0012d394) line 1833
XSLTProcessor::processAction(Node * 0x04a83310, Node * 0x04aeb4f8,
ProcessorState * 0x0012d394) line 1701
XSLTProcessor::processTemplate(Node * 0x04a83310, Node * 0x04a40a78,
ProcessorState * 0x0012d394, NamedMap * 0x04b81258) line 1873
XSLTProcessor::processMatchedTemplate(Node * 0x04a40a78, Node * 0x04a83310,
NamedMap * 0x04b81258, const String & {...}, ProcessorState::ImportFrame *
0x049c4ee0, ProcessorState * 0x0012d394) line 1921
XSLTProcessor::processAction(Node * 0x04a83310, Node * 0x04aeb9c8,
ProcessorState * 0x0012d394) line 1212
XSLTProcessor::processChildren(Node * 0x04a83310, Element * 0x04aeb4f8,
ProcessorState * 0x0012d394) line 1833
XSLTProcessor::processAction(Node * 0x04a83310, Node * 0x04aeb4f8,
ProcessorState * 0x0012d394) line 1701
XSLTProcessor::processTemplate(Node * 0x04a83310, Node * 0x04a40a78,
ProcessorState * 0x0012d394, NamedMap * 0x04b80e20) line 1873
XSLTProcessor::processMatchedTemplate(Node * 0x04a40a78, Node * 0x04a83310,
NamedMap * 0x04b80e20, const String & {...}, ProcessorState::ImportFrame *
0x049c4ee0, ProcessorState * 0x0012d394) line 1921
XSLTProcessor::processAction(Node * 0x04a83310, Node * 0x04aeb9c8,
ProcessorState * 0x0012d394) line 1212
XSLTProcessor::processChildren(Node * 0x04a83310, Element * 0x04aeb4f8,
ProcessorState * 0x0012d394) line 1833
XSLTProcessor::processAction(Node * 0x04a83310, Node * 0x04aeb4f8,
ProcessorState * 0x0012d394) line 1701
XSLTProcessor::processTemplate(Node * 0x04a83310, Node * 0x04a40a78,
ProcessorState * 0x0012d394, NamedMap * 0x04b809e8) line 1873
XSLTProcessor::processMatchedTemplate(Node * 0x04a40a78, Node * 0x04a83310,
NamedMap * 0x04b809e8, const String & {...}, ProcessorState::ImportFrame *
0x049c4ee0, ProcessorState * 0x0012d394) line 1921
XSLTProcessor::processAction(Node * 0x04a83310, Node * 0x04aeb9c8,
ProcessorState * 0x0012d394) line 1212
XSLTProcessor::processChildren(Node * 0x04a83310, Element * 0x04aeb4f8,
ProcessorState * 0x0012d394) line 1833
XSLTProcessor::processAction(Node * 0x04a83310, Node * 0x04aeb4f8,
ProcessorState * 0x0012d394) line 1701
XSLTProcessor::processTemplate(Node * 0x04a83310, Node * 0x04a40a78,
ProcessorState * 0x0012d394, NamedMap * 0x04b805b0) line 1873
XSLTProcessor::processMatchedTemplate(Node * 0x04a40a78, Node * 0x04a83310,
NamedMap * 0x04b805b0, const String & {...}, ProcessorState::ImportFrame *
0x049c4ee0, ProcessorState * 0x0012d394) line 1921
XSLTProcessor::processAction(Node * 0x04a83310, Node * 0x04aeb9c8,
ProcessorState * 0x0012d394) line 1212
XSLTProcessor::processChildren(Node * 0x04a83310, Element * 0x04aeb4f8,
ProcessorState * 0x0012d394) line 1833
XSLTProcessor::processAction(Node * 0x04a83310, Node * 0x04aeb4f8,
ProcessorState * 0x0012d394) line 1701
XSLTProcessor::processTemplBtw, you need the patch in bug 124503 to reproduce the crash.
Blocks: 124503
|
||
Updated•22 years ago
|
|
||
Comment 2•22 years ago
|
||
I can't make it crash, but I'm seeing a hang in different spots. Are we blowing up the stack?
peterv: You can also try http://www.salvationarmy.org.au/
|
||
Comment 5•22 years ago
|
||
Adding to my hitlist
|
|
||
Updated•22 years ago
|
Whiteboard: [ADT1] → [ADT1][hitlist]
|
|
||
Comment 6•22 years ago
|
||
peterv, this bug has been identified as a critical beta blocker. Can you say an ETA for the fix?
|
||
Updated•22 years ago
|
Whiteboard: [ADT1][hitlist] → [ADT1][hitlist] [m5+]
|
|
||
Comment 7•22 years ago
|
||
No ETA yet. Still debugging this. It seems we start looping processing a XSLT template. Hope to have it figured out tonight so I can provide an ETA.
Status: NEW → ASSIGNED
|
|
||
Comment 8•22 years ago
|
||
Ok, this looks like it will be easy to fix, the p3p XSLT file has this: <xsl:template match="p3p:NON-IDENTIFIABLE"> <li><xsl:apply-templates select="."/></li> </xsl:template> which is a really bad idea, since the template will call itself forever. I know we need to prevent infinite recursion in Transformiix, but that's not an easy, obvious fix. I'm passing this back to Harish so he can rewrite the stylesheet, I have no idea what he wanted to do in this template. BTW, I found this using Axel Hecht's fantastic patch to enable logging for XPath and XSLT (see bug 70855).
Assignee: peterv → harishd
Status: ASSIGNED → NEW
|
||
Comment 9•22 years ago
|
||
http://www.w3.org/TR/xslt#section-Applying-Template-Rules states exactly this error. Note that even changing the mode would make "." a good option for xsl:apply-templates. You probably want no select= at all, which gives you "node()", triggering the default templates to copy the text children. I suggest tracking the stylesheet fix in bugscape. I filed bug 138183 to track our handling of stylesheets with recursion.
|
Assignee | |
Comment 10•22 years ago
|
||
The style sheet issue is now covered in bugscape ( bug 14062 ). Marking this bug INVALID.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•