Closed Bug 17433 Opened 25 years ago Closed 25 years ago

Crash when displaying some mail messages

Categories

(Core :: Graphics: ImageLib, defect, P3)

Product:
Core
Component:
Graphics: ImageLib
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 17393

People

(Reporter: mscott, Assigned: pnunn)

Details

Every once in a while, I crash trying to display a mail message in if.cpp.

The stack trace looks like:
IL_StreamWriteReady(il_container_struct * 0x05a64be0) line 833 + 16 bytes
NetReaderImpl::WriteReady(NetReaderImpl * const 0x05a626d0, unsigned int *
0x0012fd0c) line 72 + 12 bytes
ImageConsumer::OnDataAvailable(ImageConsumer * const 0x05a62430, nsIChannel *
0x05b5feb0, nsISupports * 0x00000000, nsIInputStream * 0x05d1d748, unsigned int
0, unsigned int 289) line 221 + 16 bytes
nsChannelListener::OnDataAvailable(nsChannelListener * const 0x05a62620,
nsIChannel * 0x05b5feb0, nsISupports * 0x00000000, nsIInputStream * 0x05d1d748,
unsigned int 0, unsigned int 289) line 1402
nsChannelListener::OnDataAvailable(nsChannelListener * const 0x05b5fc90,
nsIChannel * 0x05b5feb0, nsISupports * 0x00000000, nsIInputStream * 0x05d1d748,
unsigned int 0, unsigned int 289) line 1402
nsHTTPResponseListener::OnDataAvailable(nsHTTPResponseListener * const
0x05d1d7c0, nsIChannel * 0x05a14580, nsISupports * 0x05b5feb0, nsIInputStream *
0x05d1d748, unsigned int 0, unsigned int 289) line 171 + 47 bytes
nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x05d58040)
line 413
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x05d58420) line 169 + 12 bytes
PL_HandleEvent(PLEvent * 0x05d58420) line 526 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x01080ca0) line 487 + 9 bytes

And we crash because the il_container passed into IL_StreamWriteReady has
already been deleted out from under us.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
This call stack indicates this is a duplicate of 174393.
A temp fix was checked in by Nisheeth last night. If updating layout
doesn't fix the problem, call/email me.

The real problem is an image url
which is a cgi redirect. Necko has trouble with the redirect, sends an
unload page to layout. Layout then tells the image library to delete the
image container before the image decoder is even loaded. The image library
gets a stream complete message before it gets any data.

Bug 17393 is now assigned to gagan.

*** This bug has been marked as a duplicate of 17393 ***
Status: RESOLVED → VERIFIED
Rubber-stamping Verified based on stack crawl being identical to 17458, also
marked duplicate of 17393.

mscott & lchiang, if you're still seeing this after 17393 is fixed, could you
please re-open this bug? Thanks!
You need to log in before you can comment on or make changes to this bug.