Closed
Bug 150431
Opened 22 years ago
Closed 19 years ago
crash (stack overflow) with <p><font><p><font>... [@ nsGenericHTMLElement::GetAttr ] [@ StyleSetImpl::QueryInterface ] [@ nsCOMTypeInfo<nsIStyleSet>::GetIID ]
Categories
(Core :: Layout, defect, P2)
Tracking
()
RESOLVED
WORKSFORME
Future
People
(Reporter: nathans, Unassigned)
References
()
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(4 files)
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1a) Gecko/20020608
BuildID: 2002060808
Mozilla crashes when accessing the above URL. The referenced page contains a
line of HTML that is more than 240K long consisting of repeated <p><font
size=1><p><font size=1>...
While the HTML is nasty it should not cause a crash, and it does work in IE6.
Reproducible: Always
Steps to Reproduce:
1. Visit http://www.pdxradio.com/discus/index.html.
2. Click "Portland Radio".
Actual Results: Mozilla hangs, no screen updates for a long time, computer
became very slow until finally the program died and a Talkback window appeared.
Expected Results: Display the discussion board index.
|
||
Comment 1•22 years ago
|
||
Can you please add the TB ID to this bug ?
(run mozilla/components/talkback to get the ID)
Keywords: crash
|
Reporter | |
Comment 2•22 years ago
|
||
Talkback ID is TB7161113G.
|
|
||
Updated•22 years ago
|
Whiteboard: Stack requested from NS
|
||
Comment 3•22 years ago
|
||
confirming crash using build 2002060904 on Win2k (trunk).
Same behaviour: Mozilla seems to hang for a few seconds, then crashes.
Keywords: stackwanted
|
|
||
Comment 4•22 years ago
|
||
|
||
Comment 5•22 years ago
|
||
Confirming bug, hang on 2002-06-07-04 (trunk) on Windows 98 SE.
|
|
||
Comment 6•22 years ago
|
||
|
|
Reporter | |
Comment 7•22 years ago
|
||
One thing to note, closing the font tags does not fix the problem, it has to do
with the level of nesting. Could be the same bug.
|
|
||
Comment 8•22 years ago
|
||
got my debug build working again :-) (Sorry Doron)
we are looping in nsCSSFrameConstructo:
StyleSetImpl::QueryInterface(StyleSetImpl * const 0x03af5220, const nsID &
{...}, void * * 0x00033034) line 416 + 60 bytes
nsQueryInterface::operator()(const nsID & {...}, void * * 0x00033034) line 47 +
25 bytes
nsCOMPtr<nsIStyleSet>::assign_from_helper(const nsCOMPtr_helper & {...}, const
nsID & {...}) line 922 + 18 bytes
nsCOMPtr<nsIStyleSet>::nsCOMPtr<nsIStyleSet>(const nsQueryInterface & {...})
line 566
nsCOMPtr<nsIStyleSet>::Assert_NoQueryNeeded() line 501
nsGetterAddRefs<nsIStyleSet>::~nsGetterAddRefs<nsIStyleSet>() line 1006
nsPresContext::ProbePseudoStyleContextFor(nsPresContext * const 0x03a9a618,
nsIContent * 0x07771d70, nsIAtom * 0x01024350, nsIStyleContext * 0x0779ee50,
nsIStyleContext * * 0x000330f8) line 1001
nsCSSFrameConstructor::CreateGeneratedContentFrame(nsIPresShell * 0x03e84d20,
nsIPresContext * 0x03a9a618, nsFrameConstructorState & {...}, nsIFrame *
0x0779eea4, nsIContent * 0x07771d70, nsIStyleContext * 0x0779ee50, nsIAtom *
0x01024350, int 0, nsIFrame * * 0x0003314c) line 1525 + 48 bytes
nsCSSFrameConstructor::ProcessInlineChildren(nsIPresShell * 0x03e84d20,
nsIPresContext * 0x03a9a618, nsFrameConstructorState & {...}, nsIContent *
0x07771d70, nsIFrame * 0x0779eea4, int 1, nsFrameItems & {...}, int *
0x00033268) line 13839 + 59 bytes
nsCSSFrameConstructor::ConstructInline(nsIPresShell * 0x03e84d20, nsIPresContext
* 0x03a9a618, nsFrameConstructorState & {...}, const nsStyleDisplay *
0x03dcb8c8, nsIContent * 0x07771d70, nsIFrame * 0x0779ee18, nsIStyleContext *
0x0779ee50, int 0, nsIFrame * 0x0779eea4, nsIFrame * * 0x000336b0, nsIFrame * *
0x00033680) line 13631 + 47 bytes
nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x03e84d20,
nsIPresContext * 0x03a9a618, nsFrameConstructorState & {...}, const
nsStyleDisplay * 0x03dcb8c8, nsIContent * 0x07771d70, nsIFrame * 0x0779ee18,
nsIStyleContext * 0x0779ee50, nsFrameItems & {...}) line 6480 + 53 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x03e84d20,
nsIPresContext * 0x03a9a618, nsFrameConstructorState & {...}, nsIContent *
0x07771d70, nsIFrame * 0x0779ee18, nsIAtom * 0x0104dc78, int 3, nsIStyleContext
* 0x0779ee50, nsFrameItems & {...}, int 0) line 7348 + 45 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x03e84d20, nsIPresContext
* 0x03a9a618, nsFrameConstructorState & {...}, nsIContent * 0x07771d70, nsIFrame
* 0x0779ee18, nsFrameItems & {...}) line 7200 + 56 bytes
nsCSSFrameConstructor::ProcessInlineChildren(nsIPresShell * 0x03e84d20,
nsIPresContext * 0x03a9a618, nsFrameConstructorState & {...}, nsIContent *
0x07771cb0, nsIFrame * 0x0779ee18, int 1, nsFrameItems & {...}, int *
0x00033928) line 13854 + 69 bytes
nsCSSFrameConstructor::ConstructInline(nsIPresShell * 0x03e84d20, nsIPresContext
* 0x03a9a618, nsFrameConstructorState & {...}, const nsStyleDisplay *
0x03dcb8c8, nsIContent * 0x07771cb0, nsIFrame * 0x0779ede0, nsIStyleContext *
0x07796858, int 0, nsIFrame * 0x0779ee18, nsIFrame * * 0x00033d70, nsIFrame * *
0x00033d40) line 13631 + 47 bytes
nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x03e84d20,
nsIPresContext * 0x03a9a618, nsFrameConstructorState & {...}, const
nsStyleDisplay * 0x03dcb8c8, nsIContent * 0x07771cb0, nsIFrame * 0x0779ede0,
nsIStyleContext * 0x07796858, nsFrameItems & {...}) line 6480 + 53 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x03e84d20,
nsIPresContext * 0x03a9a618, nsFrameConstructorState & {...}, nsIContent *
0x07771cb0, nsIFrame * 0x0779ede0, nsIAtom * 0x0104dc78, int 3, nsIStyleContext
* 0x07796858, nsFrameItems & {...}, int 0) line 7348 + 45 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x03e84d20, nsIPresContext
* 0x03a9a618, nsFrameConstructorState & {...}, nsIContent * 0x07771cb0, nsIFrame
* 0x0779ede0, nsFrameItems & {...}) line 7200 + 56 bytes
nsCSSFrameConstructor::ProcessInlineChildren(nsIPresShell * 0x03e84d20,
nsIPresContext * 0x03a9a618, nsFrameConstructorState & {...}, nsIContent *
0x07771bf0, nsIFrame * 0x0779ede0, int 1, nsFrameItems & {...}, int *
0x00033fe8) line 13854 + 69 bytes
nsCSSFrameConstructor::ConstructInline(nsIPresShell * 0x03e84d20, nsIPresContext
* 0x03a9a618, nsFrameConstructorState & {...}, const nsStyleDisplay *
0x03dcb8c8, nsIContent * 0x07771bf0, nsIFrame * 0x0779eda8, nsIStyleContext *
0x077399c0, int 0, nsIFrame * 0x0779ede0, nsIFrame * * 0x00034430, nsIFrame * *
0x00034400) line 13631 + 47 bytes
....
Keywords: stackwanted
Whiteboard: Stack requested from NS
|
|
||
Comment 9•22 years ago
|
||
|
|
Reporter | |
Comment 10•22 years ago
|
||
Configuration: Windows XP, 512 MB RAM, Mozilla 2002060908
In examples, tags are repeated 4096 times.
1. <p><font size=1><p><font size=1>...</font></p></font></p> crashes
2. <p><font size=1><p><font size=1>...</font></font> crashes
3. <p><font size=1><p><font size=1>...(no closing tags) crashes
4. <font size=1><font size=1>...</font></font> does not crash
5. <font size=1><font size=1>...(no closing tags) does not crash
6. <p><p>...</p></p> (weird nesting of p tags) does not crash
7. <p><p>...(no closing tags) does not crash
8. <p><font size=1></font></p><p><font size=1></font></p>... does not crash
Only occurs when <p> and <font> tags are used together and not properly nested.
|
||
Comment 11•22 years ago
|
||
Confirming it with build 2002052306 under Windows ME. Talkback ID TB7168265H
|
||
Comment 12•22 years ago
|
||
Incident ID 7168265
Stack Signature nsGenericHTMLElement::GetAttr d7f6c91e
Email Address
Product ID Gecko1.0
Build ID 2002052308
Trigger Time 2002-06-09 15:06:13
Platform Win32
Operating System Windows 98 4.90 build 73010104
Module GKCONTENT.DLL
URL visited http://www.pdxradio.com/discus/index.html
User Comments I clicked on the Portland Radio link. Mozilla became slow and
finally crashed.
Trigger Reason Stack overflow
Source File Name
d:\builds\seamonkey\mozilla\content\html\content\src\nsGenericHTMLElement.cpp
Trigger Line No. 2097
Stack Trace
nsGenericHTMLElement::GetAttr
[d:\builds\seamonkey\mozilla\content\html\content\src\nsGenericHTMLElement.cpp,
line 2097]
nsGenericHTMLElement::GetAttr
[d:\builds\seamonkey\mozilla\content\html\content\src\nsGenericHTMLElement.cpp,
line 2090]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 5839]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7331]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7215]
nsCSSFrameConstructor::ProcessInlineChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13770]
nsCSSFrameConstructor::ConstructInline
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13546]
nsCSSFrameConstructor::ConstructFrameByDisplayType
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6490]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7366]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7215]
nsCSSFrameConstructor::ProcessInlineChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13770]
nsCSSFrameConstructor::ConstructInline
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13546]
nsCSSFrameConstructor::ConstructFrameByDisplayType
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6490]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7366]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7215]
nsCSSFrameConstructor::ProcessInlineChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13770]
nsCSSFrameConstructor::ConstructInline
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13546]
nsCSSFrameConstructor::ConstructFrameByDisplayType
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6490]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7366]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7215]
nsCSSFrameConstructor::ProcessInlineChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13770]
nsCSSFrameConstructor::ConstructInline
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13546]
nsCSSFrameConstructor::ConstructFrameByDisplayType
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6490]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7366]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7215]
nsCSSFrameConstructor::ProcessInlineChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13770]
nsCSSFrameConstructor::ConstructInline
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13546]
nsCSSFrameConstructor::ConstructFrameByDisplayType
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6490]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7366]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7215]
nsCSSFrameConstructor::ProcessInlineChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13770]
nsCSSFrameConstructor::ConstructInline
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13546]
nsCSSFrameConstructor::ConstructFrameByDisplayType
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6490]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7366]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7215]
nsCSSFrameConstructor::ProcessInlineChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13770]
nsCSSFrameConstructor::ConstructInline
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13546]
nsCSSFrameConstructor::ConstructFrameByDisplayType
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6490]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7366]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7215]
nsCSSFrameConstructor::ProcessInlineChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13770]
nsCSSFrameConstructor::ConstructInline
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13546]
nsCSSFrameConstructor::ConstructFrameByDisplayType
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6490]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7366]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7215]
nsCSSFrameConstructor::ProcessInlineChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13770]
nsCSSFrameConstructor::ConstructInline
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13546]
nsCSSFrameConstructor::ConstructFrameByDisplayType
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6490]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7366]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7215]
nsCSSFrameConstructor::ProcessInlineChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13770]
nsCSSFrameConstructor::ConstructInline
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13546]
nsCSSFrameConstructor::ConstructFrameByDisplayType
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6490]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7366]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7215]
nsCSSFrameConstructor::ProcessInlineChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13770]
nsCSSFrameConstructor::ConstructInline
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13546]
nsCSSFrameConstructor::ConstructFrameByDisplayType
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6490]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7366]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7215]
nsCSSFrameConstructor::ProcessInlineChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13770]
nsCSSFrameConstructor::ConstructInline
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 13546]
nsCSSFrameConstructor::ConstructFrameByDisplayType
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6490]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7366]
|
||
Updated•22 years ago
|
Summary: crashes when opening the pdxradio.com discussion board → crashes when opening the pdxradio.com discussion board [@ nsGenericHTMLElement::GetAttr][@ StyleSetImpl::QueryInterface[
|
||
Updated•22 years ago
|
QA Contact: petersen → amar
|
||
Updated•22 years ago
|
Priority: -- → P2
|
||
Updated•22 years ago
|
Target Milestone: --- → Future
|
|
||
Updated•22 years ago
|
Summary: crashes when opening the pdxradio.com discussion board [@ nsGenericHTMLElement::GetAttr][@ StyleSetImpl::QueryInterface[ → crashes when opening the pdxradio.com discussion board [@ nsGenericHTMLElement::GetAttr ] [@ StyleSetImpl::QueryInterface ] [@ nsCOMTypeInfo<nsIStyleSet>::GetIID ]
|
|
||
Comment 13•22 years ago
|
||
Summary: crashes when opening the pdxradio.com discussion board [@ nsGenericHTMLElement::GetAttr ] [@ StyleSetImpl::QueryInterface ] [@ nsCOMTypeInfo<nsIStyleSet>::GetIID ] → crash (stack overflow) with <p><font><p><font>... [@ nsGenericHTMLElement::GetAttr ] [@ StyleSetImpl::QueryInterface ] [@ nsCOMTypeInfo<nsIStyleSet>::GetIID ]
|
||
Comment 15•21 years ago
|
||
The first attachment/testcase still crashes Mozilla 1.7b, the second
attachment/testcase displays an empty page after several minutes of 100% cpu usage.
|
||
Comment 16•20 years ago
|
||
Using Mozilla Nightly 2005020504 on Windows XP
Both testcases WFM.
|
||
Comment 17•19 years ago
|
||
wfm winxp current trunk
|
||
Comment 18•19 years ago
|
||
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20051207 Firefox/1.6a1
This crash isn't happening anymore. -> WFM
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
|
||
Comment 19•16 years ago
|
||
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/54417ebbaea2
Flags: in-testsuite+
|
|
||
Comment 20•16 years ago
|
||
I had to disable the test due to slowness.
|
||
Updated•13 years ago
|
Crash Signature: [@ nsGenericHTMLElement::GetAttr ]
[@ StyleSetImpl::QueryInterface ]
[@ nsCOMTypeInfo<nsIStyleSet>::GetIID ]
You need to log in
before you can comment on or make changes to this bug.
Description
•