Closed
Bug 18328
Opened 25 years ago
Closed 25 years ago
[DOGFOOD]CRASH Clicking on "Personal Options" at this BofA site
Categories
(Core :: DOM: HTML Parser, defect, P3)
Tracking
()
VERIFIED
FIXED
M12
People
(Reporter: scalkins, Assigned: harishd)
References
()
Details
(Whiteboard: [PDT+] 11/19)
Go to the following Bank of America site on Mozilla - http://www.bankofamerica.com/state.cgi?section=online , and click on the "Personal Options" link. Expected results: You are taken to the following link successfully. Actual results: You will crash, almost immediately if you click on this link before the page has had time to fully redraw. If you click on this link after the page has fully redrawn, then it seems to go in some sort of loop trying to draw the page (Keeps refreshing the page) before crashing.
Founfd this in Win build 1999-11-08-09 (M11, commercial release)
This works ok in Netscape 4.7 on the same Win NT box where I tested with Mozilla.
scalkins, can you get us a stack trace please. lchiang can explain to you how to get this. PDT wil review again tomorrow. We need this to know who to assign to.
Sorry, here is the talkback stack trace: Incident ID 634052 Trigger Time 1999-11-10 09:47:40 Email Address scalkins@netscape.com User Comments clicked on a link at this url and received the crash. Build ID 1999110911 Product ID Communicator5.0 Platform ID Win32 Stack Trace MSVCRT.dll + 0xd4ec (0x7800d4ec) MSVCRT.dll + 0xcc7a (0x7800cc7a) MSVCRT.dll + 0x12d7 (0x780012d7) StyleSetImpl::GetContext [d:\builds\seamonkey\mozilla\layout\base\src\nsStyleSet.cpp, line 569] StyleSetImpl::ResolveStyleFor [d:\builds\seamonkey\mozilla\layout\base\src\nsStyleSet.cpp, line 649] nsPresContext::ResolveStyleContextFor [d:\builds\seamonkey\mozilla\layout\base\src\nsPresContext.cpp, line 410] nsCSSFrameConstructor::ResolveStyleContext [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 4693] nsCSSFrameConstructor::ConstructFrame [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 4900] nsCSSFrameConstructor::ProcessChildren [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 9133] nsCSSFrameConstructor::ConstructTableCellFrameOnly [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 1777] nsCSSFrameConstructor::ConstructTableCellFrame [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 1688] nsCSSFrameConstructor::ConstructFrameByDisplayType [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 4524] nsCSSFrameConstructor::ConstructFrame [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 4950] nsCSSFrameConstructor::TableProcessChild [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 1858] nsCSSFrameConstructor::TableProcessChildren [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 1833] nsCSSFrameConstructor::ConstructTableRowFrameOnly [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 1578] nsCSSFrameConstructor::ConstructTableRowFrame [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 1521] nsCSSFrameConstructor::ConstructFrameByDisplayType [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 4517] nsCSSFrameConstructor::ConstructFrame [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 4950] nsCSSFrameConstructor::TableProcessChild [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 1858] nsCSSFrameConstructor::TableProcessChildren [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 1833] nsCSSFrameConstructor::ConstructTableGroupFrameOnly [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 1467] nsCSSFrameConstructor::ConstructTableGroupFrame [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 1362] nsCSSFrameConstructor::ConstructTableFrame [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 1101] nsCSSFrameConstructor::ConstructFrameByDisplayType [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 4483] nsCSSFrameConstructor::ConstructFrame [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 4950] nsCSSFrameConstructor::ContentAppended [d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp, line 5375] StyleSetImpl::ContentAppended [d:\builds\seamonkey\mozilla\layout\base\src\nsStyleSet.cpp, line 939] PresShell::ContentAppended [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 2054] nsDocument::ContentAppended [d:\builds\seamonkey\mozilla\layout\base\src\nsDocument.cpp, line 1515] nsHTMLDocument::ContentAppended [d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLDocument.cpp, line 998] HTMLContentSink::NotifyAppend [d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp, line 3477] SinkContext::FlushTags [d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp, line 1730] HTMLContentSink::WillInterrupt [d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp, line 2054] CNavDTD::WillInterruptParse [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 3151] nsParser::ResumeParse [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 1007] nsParser::OnDataAvailable [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 1340] nsDocumentBindInfo::OnDataAvailable [d:\builds\seamonkey\mozilla\webshell\src\nsDocLoader.cpp, line 1220] nsChannelListener::OnDataAvailable [d:\builds\seamonkey\mozilla\webshell\src\nsDocLoader.cpp, line 1405] nsChannelListener::OnDataAvailable [d:\builds\seamonkey\mozilla\webshell\src\nsDocLoader.cpp, line 1405] nsChannelListener::OnDataAvailable [d:\builds\seamonkey\mozilla\webshell\src\nsDocLoader.cpp, line 1405] nsHTTPResponseListener::OnDataAvailable [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp p, line 184] nsOnDataAvailableEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 417] nsStreamListenerEvent::HandlePLEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 174] PL_HandleEvent [plevent.c, line 538] PL_ProcessPendingEvents [plevent.c, line 499] _md_EventReceiverProc [plevent.c, line 976] USER32.dll + 0x1820 (0x77e71820) nsAppShellService::Run [d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsAppShellService.cpp, line 484] main1 [d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp, line 586] main [d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp, line 677] mainCRTStartup() KERNEL32.dll + 0x1ba06 (0x77f1ba06)
Assignee: leger → pierre
Component: Browser-General → Style System
QA Contact: leger → chrisd
Whiteboard: [PDT+]
Comment 6•25 years ago
|
||
I can reproduce this bug with a debug build on WinNT although the stack is completely different (the reporter had an optimized build). I repetedly crash in nsLocation.cpp line 145 because scriptCX is null. I did check that JS_SetContextPrivate() is never called with a null 'data' so I'm puzzled. Reassigned to norris who worked in that area.
Updated•25 years ago
|
Assignee: pierre → norris
Updated•25 years ago
|
Assignee: norris → rickg
Component: Style System → Parser
Summary: [DOGFOOD]CRASH Clicking on "Personnal Options" at this BofA site → [DOGFOOD]CRASH Clicking on "Personal Options" at this BofA site
Comment 7•25 years ago
|
||
I believe the crash that pierre was seeing is a result of bug 18408, which waterson checked in a fix for yesterday. At any rate, I can't reproduce a crash in nsLocation.cpp. Instead, I get multiple assertions NS_ASSERTION(mStackPos == 1, "insufficient close container calls"); at nsDebug::Assertion(const char * 0x019d5084, const char * 0x019d5074, const char * 0x019d5030, int 1573) line 284 + 13 bytes SinkContext::End() line 1573 + 35 bytes HTMLContentSink::~HTMLContentSink() line 1891 HTMLContentSink::`scalar deleting destructor'(unsigned int 1) + 15 bytes HTMLContentSink::Release(HTMLContentSink * const 0x02c1a570) line 1914 + 134 bytes CNavDTD::~CNavDTD() line 321 + 27 bytes CNavDTD::`vector deleting destructor'(unsigned int 1) + 84 bytes CNavDTD::Release(CNavDTD * const 0x01e4e1f0) line 229 + 134 bytes CParserContext::~CParserContext() line 74 + 27 bytes CParserContext::`scalar deleting destructor'(unsigned int 1) + 15 bytes nsParser::~nsParser() line 233 + 31 bytes nsParser::`vector deleting destructor'(unsigned int 1) + 84 bytes nsParser::Release(nsParser * const 0x02c1a780) line 238 + 134 bytes nsDocumentBindInfo::OnStopRequest(nsDocumentBindInfo * const 0x02c21940, nsIChannel * 0x02c120e0, nsISupports * 0x00000000, unsigned int 2152398850, const unsigned short * 0x00000000) line 1264 + 27 bytes nsChannelListener::OnStopRequest(nsChannelListener * const 0x02c216f0, nsIChannel * 0x02c120e0, nsISupports * 0x00000000, unsigned int 2152398850, const unsigned short * 0x00000000) line 1382 + 42 bytes nsChannelListener::OnStopRequest(nsChannelListener * const 0x02c24090, nsIChannel * 0x02c120e0, nsISupports * 0x00000000, unsigned int 2152398850, const unsigned short * 0x00000000) line 1382 + 42 bytes nsChannelListener::OnStopRequest(nsChannelListener * const 0x02c129f0, nsIChannel * 0x02c120e0, nsISupports * 0x00000000, unsigned int 2152398850, const unsigned short * 0x00000000) line 1382 + 42 bytes nsHTTPChannel::ResponseCompleted(nsIChannel * 0x02c114a0, unsigned int 2152398850, const unsigned short * 0x00000000) line 783 + 42 bytes nsHTTPResponseListener::OnStopRequest(nsHTTPResponseListener * const 0x02c1c550, nsIChannel * 0x02c114a0, nsISupports * 0x02c120e0, unsigned int 2152398850, const unsigned short * 0x00000000) line 243 nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x0267c930) line 326 nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x0267d8b0) line 173 + 12 bytes PL_HandleEvent(PLEvent * 0x0267d8b0) line 537 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x01071df0) line 498 + 9 bytes _md_EventReceiverProc(HWND__ * 0x00880990, unsigned int 49361, unsigned int 0, long 17243632) line 972 + 9 bytes USER32! 77e71820() 01 and then finally a crash at operator delete(void * 0xdddddddd) line 47 + 3 bytes SinkContext::~SinkContext() line 990 + 18 bytes SinkContext::`scalar deleting destructor'(unsigned int 1) + 15 bytes HTMLContentSink::~HTMLContentSink() line 1894 + 28 bytes HTMLContentSink::`scalar deleting destructor'(unsigned int 1) + 15 bytes HTMLContentSink::Release(HTMLContentSink * const 0x02a290d0) line 1914 + 134 bytes CNavDTD::~CNavDTD() line 321 + 27 bytes CNavDTD::`vector deleting destructor'(unsigned int 1) + 84 bytes CNavDTD::Release(CNavDTD * const 0x02a773f0) line 229 + 134 bytes CParserContext::~CParserContext() line 74 + 27 bytes CParserContext::`scalar deleting destructor'(unsigned int 1) + 15 bytes nsParser::~nsParser() line 233 + 31 bytes nsParser::`vector deleting destructor'(unsigned int 1) + 84 bytes nsParser::Release(nsParser * const 0x02a2bda0) line 238 + 134 bytes nsDocumentBindInfo::OnStopRequest(nsDocumentBindInfo * const 0x0267f450, nsIChannel * 0x02a34f00, nsISupports * 0x00000000, unsigned int 2152398850, const unsigned short * 0x00000000) line 1264 + 27 bytes nsChannelListener::OnStopRequest(nsChannelListener * const 0x0267d710, nsIChannel * 0x02a34f00, nsISupports * 0x00000000, unsigned int 2152398850, const unsigned short * 0x00000000) line 1382 + 42 bytes nsChannelListener::OnStopRequest(nsChannelListener * const 0x02a226a0, nsIChannel * 0x02a34f00, nsISupports * 0x00000000, unsigned int 2152398850, const unsigned short * 0x00000000) line 1382 + 42 bytes nsChannelListener::OnStopRequest(nsChannelListener * const 0x02a35ec0, nsIChannel * 0x02a34f00, nsISupports * 0x00000000, unsigned int 2152398850, const unsigned short * 0x00000000) line 1382 + 42 bytes nsHTTPChannel::ResponseCompleted(nsIChannel * 0x02a317e0, unsigned int 2152398850, const unsigned short * 0x00000000) line 783 + 42 bytes nsHTTPResponseListener::OnStopRequest(nsHTTPResponseListener * const 0x02a32970, nsIChannel * 0x02a317e0, nsISupports * 0x02a34f00, unsigned int 2152398850, const unsigned short * 0x00000000) line 243 nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x02a81650) line 326 nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x02a80570) line 173 + 12 bytes PL_HandleEvent(PLEvent * 0x02a80570) line 537 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x01071df0) line 498 + 9 bytes _md_EventReceiverProc(HWND__ * 0x00880990, unsigned int 49361, unsigned int 0, long 17243632) line 972 + 9 bytes USER32! 77e71820() Reassigning to owner of parser component.
It's clear from the stack trace that this isn't the parser, but I don't yet know what the problem is. I'll run it through the debugger tonight.
Comment 10•25 years ago
|
||
Also note this: the bug appears to be in Kipps code, and kipp is gone. I'll still try to track it down, but please cut me some slack here: I'm not even supposed to be coding (per Hamerly).
Comment 11•25 years ago
|
||
It appears that the crash is the result an HTMLContentSink being free'd twice. I need to go home to sleep now, so tomorrow I'll debug the addref/release pairs involved with this object.
Assignee | ||
Comment 12•25 years ago
|
||
Assigning bug to myself.
Assignee | ||
Comment 13•25 years ago
|
||
*** Bug 19113 has been marked as a duplicate of this bug. ***
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 14•25 years ago
|
||
In the HTML sink, a couple of contexts, in the context stack, happened to be identical and therefore freeing one of the contexts caused the other to get freed twice...and...hence...a crash. Problem taken care of.
Updated•25 years ago
|
QA Contact: chrisd → janc
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
Comment 15•25 years ago
|
||
Marking VERIFIED FIXED on: - WinNT 1999113012 mozilla Also tested on: - MacOS86 1999113008 mozilla Could not test on Linux6 due to an apparent cookies bug (a new one?). Will address seperately.
You need to log in
before you can comment on or make changes to this bug.
Description
•