Crash on page load [TB5921079Z] [nsVoidArray::InsertElementAt]

RESOLVED DUPLICATE of bug 138725

Status

()

Core
XPCOM
--
critical
RESOLVED DUPLICATE of bug 138725
16 years ago
16 years ago

People

(Reporter: vectro, Assigned: dougt)

Tracking

({crash})

Trunk
x86
All
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(2 attachments)

(Reporter)

Description

16 years ago
The listed URL crashes Mozilla 1.0RC1 on page load.
(Reporter)

Comment 1

16 years ago
On the console, the only thing printed is "Segmentation Fault".
Severity: normal → critical

Comment 2

16 years ago
Crashes on XP as well. TB5921079Z
Since RC1 is old'ish now, the crash is probably known. Resolving as new for now
till i get a stack.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
OS: Linux → All
Summary: Crash on page load → Crash on page load [TB5921079Z]

Comment 3

16 years ago
Crash seems to be in nsVoidArray::InsertElementAt
Only related bug i found was bug 63743.

From top of 98 lines long stack:

#0 0x40138cb2 in nsVoidArray::InsertElementAt () from libxpcom.so
#1 0x417b2465 in nsFormFrame::AddFormControlFrame () from libgklayout.so
#2 0x417b21d7 in nsFormFrame::AddFormControlFrame () from libgklayout.so
#3 0x417bd0b8 in nsHTMLButtonControlFrame::SetInitialChildList () from
libgklayout.so
#4 0x417cf7ec in nsCSSFrameConstructor::ConstructHTMLFrame () from libgklayout.so
#5 0x417d3450 in nsCSSFrameConstructor::ConstructFrameInternal () from
libgklayout.so
#6 0x417d30c9 in nsCSSFrameConstructor::ConstructFrame () from libgklayout.so
#7 0x417dfdea in nsCSSFrameConstructor::ProcessInlineChildren () from libgklayout.so
#8 0x417df75a in nsCSSFrameConstructor::ConstructInline () from libgklayout.so
#9 0x417d26f1 in nsCSSFrameConstructor::ConstructFrameByDisplayType () from
libgklayout.so
#10 0x417d3504 in nsCSSFrameConstructor::ConstructFrameInternal () from
libgklayout.so

Trying xpcom as component
Component: Browser-General → XPCOM
Summary: Crash on page load [TB5921079Z] → Crash on page load [TB5921079Z] [nsVoidArray::InsertElementAt]

Comment 4

16 years ago
Created attachment 82318 [details]
backtrace from 2d. old non-debug CVS (with symbols), Linux

Comment 5

16 years ago
oops... reassign
Assignee: Matti → dougt
QA Contact: imajes-qa → scc

Comment 6

16 years ago
Might be a dup of bug 138725. Similar stack.

Comment 7

16 years ago
linux debug build threw some assertions before crashing:

###!!! ASSERTION: frame was not removed from primary frame map before
destruction or was readded to map after being removed:
'!PL_DHASH_ENTRY_IS_BUSY(entry) || entry->frame != aFrame', file
nsFrameManager.cpp, line 1061

Comment 8

16 years ago
Created attachment 82330 [details]
reduced testcase

note that the <head> is actually in a <font> tag.  The rest looks like standard
html, but is necessary to produce the crash.

Comment 9

16 years ago
patch (attachment 81937 [details] [diff] [review]) from bug 138725 successfully prevents the crash.

Comment 10

16 years ago
another indication it's a dup, then. Resolving as such.

*** This bug has been marked as a duplicate of 138725 ***
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.