{ib}[RR]Browser crashes inserting linked stylesheet

RESOLVED FIXED in Future

Status

()

Core
Layout
P2
critical
RESOLVED FIXED
16 years ago
15 years ago

People

(Reporter: Per Ångström, Assigned: Kevin McCluskey (gone))

Tracking

({crash, qawanted, testcase})

Trunk
Future
x86
All
crash, qawanted, testcase
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(3 attachments, 2 obsolete attachments)

(Reporter)

Description

16 years ago
Mozilla will crash when opening the problem URL if Javascript is disabled and if
cookies are denied.

How to reproduce:
0. Close any unsaved work.
1. Disable Javascript in Navigator. 
2. Set browser to prompt for each cookie. (I'm unsure whether this is necessary)
3. Open <http://www.nocom.se/press/pageDisplay.jsp?page_id=153>.
4. Deny incoming cookie.

Expected result: The page should load fine.

Actual result: The browser crashes with signal 11 on my Linux box, or with a
Windows GPF. On Windows, it seems that accepting the cookie causes the browser
to hang indefinitely.

The problem 100 % reproducible for me.

Tested in: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1a+) Gecko/20020627.

Also seen in Netscape 7.0 PR1 and in Mozilla 0.9.9, both on Windows 98. I cannot
 reproduce in Netscape 6.2.1 on Linux, nor in K-Meleon 0.6.

Comment 1

16 years ago
working on testcase.
Do you have a talkback ID from that crash ?
Severity: major → critical
Keywords: crash

Comment 3

16 years ago
Created attachment 89557 [details]
stylesheet for page that causes crash (exact same as from original site: http://www.nocom.se/css/ie.css)

Comment 4

16 years ago
Created attachment 89558 [details]
minimal page that causes crash

This is as minimal as I could get it.

Comment 5

16 years ago
Created attachment 89559 [details]
same file as text/plain

so you can view source without crashing

Comment 6

16 years ago
For my testcase, javascript does NOT need to be disabled, nor do cookies. 
Notice the link tag outside of the head, if it is moved into the head, no crash.
 if it is removed, no crash.  That's where it is in the original page that
doesn't crash if you have javascript enabled.

Comment 7

16 years ago
Example provided in Comment #5 also crashes  Mozilla 1.0 Build 2002053012 on
Win2k, with or without disabling cookies/javascript.
i crash with the testcase..

nsQueryInterface::operator()(const nsID & {...}, void * * 0x0012f4bc) line 47 + 
23 bytes
nsCOMPtr<nsIBox>::assign_from_helper(const nsCOMPtr_helper & {...}, const nsID & 
{...}) line 922 + 18 bytes
nsCOMPtr<nsIBox>::nsCOMPtr<nsIBox>(const nsQueryInterface & {...}) line 566
nsCSSFrameConstructor::StyleChangeReflow(nsIPresContext * 0x041efd08, nsIFrame * 
0x04158110, nsIAtom * 0x00000000) line 10183
nsCSSFrameConstructor::ProcessRestyledFrames(nsCSSFrameConstructor * const 
0x041e4078, nsStyleChangeList & {...}, nsIPresContext * 0x041efd08) line 10320
PresShell::ReconstructStyleData(PresShell * const 0x041e9c18, int 0) line 5530
PresShell::StyleSheetAdded(PresShell * const 0x041e9c20, nsIDocument * 
0x04024660, nsIStyleSheet * 0x03b488b8) line 5550
nsDocument::InsertStyleSheetAt(nsDocument * const 0x04024660, nsIStyleSheet * 
0x03b488b8, int 0, int 1) line 1633
CSSLoaderImpl::InsertSheetInDoc(nsICSSStyleSheet * 0x03b488b8, int 0, nsIContent 
* 0x0414c880, int 1, nsICSSLoaderObserver * 0x00000000) line 1206
CSSLoaderImpl::SheetComplete(nsICSSStyleSheet * 0x03b488b8, SheetLoadData * 
0x0414cd98) line 909
CSSLoaderImpl::ParseSheet(nsIUnicharInputStream * 0x03ee4030, SheetLoadData * 
0x0414cd98, int & 1, nsICSSStyleSheet * & 0x03b488b8) line 964
CSSLoaderImpl::DidLoadStyle(nsIStreamLoader * 0x0414cfa0, nsString * 0x03c83fd0, 
SheetLoadData * 0x0414cd98, unsigned int 0) line 999 + 27 bytes
SheetLoadData::OnStreamComplete(SheetLoadData * const 0x0414cd98, 
nsIStreamLoader * 0x0414cfa0, nsISupports * 0x00000000, unsigned int 0, unsigned 
int 7152, const char * 0x03d7efb0) line 756
nsStreamLoader::OnStopRequest(nsStreamLoader * const 0x0414cfa4, nsIRequest * 
0x0414cff8, nsISupports * 0x00000000, unsigned int 0) line 163
nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x03d1be90, 
nsIRequest * 0x0414cff8, nsISupports * 0x00000000, unsigned int 0) line 66
nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x0414cffc, nsIRequest * 
0x03d7e16c, nsISupports * 0x00000000, unsigned int 0) line 2915
nsOnStopRequestEvent::HandleEvent() line 213
nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x0312824c) line 116
PL_HandleEvent(PLEvent * 0x0312824c) line 596 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x01033cf8) line 526 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x003103b8, unsigned int 49406, unsigned int 0, 
long 16989432) line 1077 + 9 bytes
USER32! 77e01b60()
USER32! 77e01cca()
USER32! 77e083f1()
nsAppShellService::Run(nsAppShellService * const 0x0159b600) line 458
main1(int 2, char * * 0x00283160, nsISupports * 0x00000000) line 1456 + 32 bytes
main(int 2, char * * 0x00283160) line 1805 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e7d326()

-> Layout
Assignee: Matti → attinasi
Component: Browser-General → Layout
QA Contact: imajes-qa → petersen

Comment 9

16 years ago
Might as well change this to NEW...
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 10

16 years ago
Created attachment 89656 [details]
reduced stylesheet

Updated

16 years ago
Attachment #89557 - Attachment is obsolete: true

Comment 11

16 years ago
Created attachment 89657 [details]
(almost) identical testcase using reduced stylesheet

the empty <table> can be other things (like <p></p>).  it will still crash.
Attachment #89558 - Attachment is obsolete: true

Comment 12

16 years ago
resummarizing
Summary: Browser crashes with Javascript disabled (possibly cookie-related) → Browser crashes inserting linked stylesheet
Summary: Browser crashes inserting linked stylesheet → {ib}[RR]Browser crashes inserting linked stylesheet
(Reporter)

Comment 13

16 years ago
I'm still seeing the same problem, but only with scripting disabled. 

Re comment #2: I don't have Talkback enabled. Since the problem seems to be
reproducible, I don't think you need that information from me.

Tested in rv:1.1a+, Gecko/20020704.

Updated

16 years ago
Keywords: testcase

Updated

16 years ago
Priority: -- → P2
(Assignee)

Updated

16 years ago
Target Milestone: --- → Future

Comment 14

16 years ago
this crash is very serious as it crashes entire sprocket client. adding talkback
team. requesting qa assistance and adding marek.

am looking into talkback info...
Keywords: qawanted

Comment 15

16 years ago
Kevin : Who will be right person to work on this bug ?
Assignee: attinasi → kmcclusk
(Reporter)

Comment 16

16 years ago
The crash bug is still there, in "Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.2b) Gecko/20021016".

I have a talkback ID from crash when trying to open attachment #89657 [details]: TB12726868Y.

Comment 17

16 years ago
Bug 178358 is a dupe of this, I think.

Comment 18

16 years ago
*** Bug 178358 has been marked as a duplicate of this bug. ***

Comment 19

15 years ago
Patch in bug 123049 fixes this too.
Depends on: 123049

Comment 20

15 years ago
Right, bug 123049 seems to have fixed this, at least there is no crash with the
testcases here (original URL + testcases, also with JS disabled) with 2003012005
on Win2k.
-> Fixed?

(What about all the other bugs bug 123049 was supposed to fix? They are still open.)

Comment 21

15 years ago
2003012008/MacOS9 doesn't crash now.

Comment 22

15 years ago
-> fixed
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.