Closed Bug 184029 Opened 23 years ago Closed 23 years ago

hang or crash in cache with nested iframe/javascript

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: spam, Assigned: harishd)

References

(
URL
)

Details

(4 keywords)

Attachments

(5 files, 1 obsolete file)

backtrace from non-debug CVS (with symbols)
3.72 KB, text/plain
Details
testcase for hang (part 1)
356 bytes, text/html
Details
testcase for hang (load this one)
168 bytes, text/html
Details
testcase <script></script> (part 1)
361 bytes, text/html
Details
testcase for <script></script> (load this one)
160 bytes, text/html
Details
For the past days i get a hang or crash when loading pages at http://dinside.no Another sympthom that somthing has / is about to go wrong, is some adds there don't load; at best they turn up with svisible <--script > tags. The hang/crash happens both with official trunk builds as well as my own CVS build. BZ was able to reproduce the hang. The processes can't be killed with the usual "killall mozilla-bin" when the hang occurs - i have to "killall -9 mozilla-bin". When run in gdb the hang turns out as a crash instead. To reproduce: Today it hung when simply loading http://dinside.no but yesterday i reproducably did this: Load http://www.dinside.no/php/art.php?id=33747 If you don't freeze right away: notice the odd add script tag. Half way down the side is a pic of an Audi. Below a box with links: Click "Store bilder" On the successive page there are links to images. Just click the >> link to display next image, and next again. Hangs at the second or third click. Top of stack: (gdb) bt #0 0x420736ee in malloc_consolidate () from /lib/i686/libc.so.6 #1 0x42072fb7 in _int_malloc () from /lib/i686/libc.so.6 #2 0x420722a5 in malloc () from /lib/i686/libc.so.6 #3 0x405952fe in operator new(unsigned) (sz=1108500864) at ../../../../libstdc++-v3/libsupc++/new_op.cc:48 #4 0x4059544f in operator new[](unsigned) (sz=757932348) at ../../../../libstdc++-v3/libsupc++/new_opv.cc:36 #5 0x4091b0ec in CreateDiskCacheEntry(nsDiskCacheBinding*) () from /home/dark/MOZ/TREE1/mozilla/dist/bin/components/libnecko.so #6 0x4091c521 in nsDiskCacheMap::WriteDiskCacheEntry(nsDiskCacheBinding*) () from /home/dark/MOZ/TREE1/mozilla/dist/bin/components/libnecko.so #7 0x4091a133 in nsDiskCacheDevice::DeactivateEntry(nsCacheEntry*) () from /home/dark/MOZ/TREE1/mozilla/dist/bin/components/libnecko.so #8 0x40917781 in nsCacheService::DeactivateEntry(nsCacheEntry*) () from /home/dark/MOZ/TREE1/mozilla/dist/bin/components/libnecko.so #9 0x40917581 in nsCacheService::CloseDescriptor(nsCacheEntryDescriptor*) () from /home/dark/MOZ/TREE1/mozilla/dist/bin/components/libnecko.so #10 0x40913761 in nsCacheEntryDescriptor::Close() () from /home/dark/MOZ/TREE1/mozilla/dist/bin/components/libnecko.so #11 0x40912870 in nsCacheEntryDescriptor::~nsCacheEntryDescriptor() () from /home/dark/MOZ/TREE1/mozilla/dist/bin/components/libnecko.so #12 0x4091257b in nsCacheEntryDescriptor::Release() () from /home/dark/MOZ/TREE1/mozilla/dist/bin/components/libnecko.so #13 0x401a1ce0 in nsCOMPtr_base::assign_with_AddRef(nsISupports*) () ---Type <return> to continue, or q <return> to quit--- from /home/dark/MOZ/TREE1/mozilla/dist/bin/libxpcom.so #14 0x408f6b52 in nsHttpChannel::CloseCacheEntry(unsigned) () from /home/dark/MOZ/TREE1/mozilla/dist/bin/components/libnecko.so
Adding regression keyword. The hang is not in 1.2.1
Keywords: regression
Severity: normal → critical
Keywords: crash, hang
Forgot: There is enough free physical RAM and swapdisk (Installed: 512MB/1GB)
Attached file testcase for <script></script> (obsolete) —
this exhibits the <script></script>, but no hang.
iframe with a script that generates a script that creates an iframe with part 1 as an bugzilla attachment, the bug doesn't trigger (probably the no-cache thing). I've changed the iframe URL for this part to another server. You could also download both parts and reproduce the bug locally. The bug seems to hit after 4 times of shift-reloading this file.
Keywords: testcase
regression between linux trunk build 2002120309 and 2002120422
Comment on attachment 108588 [details] testcase for <script></script> I can't reproduce the <script></script> bug with this testcase anymore... very confused.
Attachment #108588 - Attachment is obsolete: true
iframe with javascript that generates an iframe with <script> tags. this regressed at the same point as the hang, and works fine with the iframe src as a bugzilla attachment.
both problems are caused by checkin for bug 149887. ==> Parser
Assignee: gordon → harishd
Component: Networking: Cache → Parser
Depends on: 149887
QA Contact: tever → moied
resummarizing
Summary: cache related hang or crash → hang or crash in cache with nested iframe/javascript
Status: NEW → ASSIGNED
backed out the patch in bug 149887.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: