Closed Bug 18539 Opened 20 years ago Closed 20 years ago

abcnews.com crashes Nov-10-99 build

Categories

(Core :: Layout, defect, P3, critical)

x86
Windows 98
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: spekulas, Assigned: joki)

References

()

Details

(Keywords: crash, testcase)

Attachments

(4 files)

The build from Nov 10/99 crashed when trying to view abcnews.com (from
bookmarks). My platform is an AMD K6-2 350Mhz with 3DNow. Furthermore, the
'illegal function' window spits out the following data:

MOZILLA caused an invalid page fault in
module JSDOM.DLL at 0177:609ae24b.
Registers:
EAX=0063e9b0 CS=0177 EIP=609ae24b EFLGS=00010246
EBX=00000000 SS=017f ESP=0063e984 EBP=0063e9b4
ECX=007c4bf0 DS=017f ESI=80000000 FS=83e7
EDX=00000002 ES=017f EDI=00000000 GS=0000
Bytes at CS:EIP:
8b 1f 8d 4d f0 89 45 f0 e8 8a a2 ff ff 50 57 ff
Stack dump:
00000000 01a9b800 80000000 ff8c4d10 11d33194 60008598 22249608 0081d900 7802e260
007c4bf0 0063ea6c 00000000 0063ea6c 609ae7fc 01ddfe90 00000000
Works on linux. (1999111017 Linux Redhat 6.0, Amd k6-2)
With the Nov 16th builds (All platforms), attempting to open abcnews.com will
cause a freeze (Windows 98, Linux Red Hat 6.0) or crash (Mac 9.0).
Attached file testcase
Severity: normal → major
Whiteboard: [TESTCASE]
I have reduced http://abcnews.go.com/ as much as I could and still freeze on NT.
Hopefully it will crash on the Mac too. Try for example to remove the first line
in the file, which is a comment, and it doesn't freeze. When it "freeze" on NT
it is consuming 99% CPU (build 1999111717 on Windows NT4sp5).
*** Bug 19420 has been marked as a duplicate of this bug. ***
Severity: major → critical
Assignee: leger → troy
Component: Browser-General → Layout
QA Contact: leger → petersen
Setting QA Contact/component.
The reduced test case doesn't freeze for me with the latest build
Assignee: troy → joki
It doesn't seem to hang on load, but when I moved the mouse over the bug it
hung. Breaking in the debugger showed it was doing event handling stuff like hit
detection.

I don't know if someone has been changing that code recently. Re-assigning to
Tom who hopefully will know.

nsPoint::MoveTo(int 1275, int 135) line 36 + 15 bytes
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 332
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x024b90b0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 332 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x024b99f0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 332 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02082110,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 332 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x020836b0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02083640,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 332 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x020835d0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02083560,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x020834f0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 332 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02083480,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 332 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02083410,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x020833a0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02083330,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 332 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x020832c0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02083250,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 332 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x020831e0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 332 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02083170,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02083100,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02083090,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085fb0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 332 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085f40,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 332 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085ed0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085e60,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085df0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 332 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085d80,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085d10,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085ca0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085c30,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085bc0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085b50,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085ae0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085a70,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02085a00,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsBlockFrame::GetFrameForPoint(nsBlockFrame * const 0x024d6ac0, nsIPresContext *
0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38) line 5744 + 22 bytes
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x024d10e0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x02081600,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsTableRowGroupFrame::GetFrameForPoint(nsTableRowGroupFrame * const 0x02038790,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 325 + 27 bytes
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x0203c060,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x0203c0f0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsBlockFrame::GetFrameForPoint(nsBlockFrame * const 0x02036e20, nsIPresContext *
0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38) line 5744 + 22 bytes
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsBlockFrame::GetFrameForPoint(nsBlockFrame * const 0x0202e950, nsIPresContext *
0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38) line 5744 + 22 bytes
nsContainerFrame::GetFrameForPointUsing(nsIPresContext * 0x02053030, const
nsPoint & {...}, nsIAtom * 0x00000000, nsIFrame * * 0x02005d38) line 302 + 27
bytes
nsContainerFrame::GetFrameForPoint(nsContainerFrame * const 0x0201a4e0,
nsIPresContext * 0x02053030, const nsPoint & {...}, nsIFrame * * 0x02005d38)
line 274
PresShell::HandleEvent(PresShell * const 0x02005ce4, nsIView * 0x0202d6a0,
nsGUIEvent * 0x0012fc78, nsEventStatus * 0x0012fb84) line 2428
nsView::HandleEvent(nsView * const 0x0202d6a0, nsGUIEvent * 0x0012fc78, unsigned
int 8, nsEventStatus * 0x0012fb84, int & 0) line 841
nsView::HandleEvent(nsView * const 0x0202f3b0, nsGUIEvent * 0x0012fc78, unsigned
int 8, nsEventStatus * 0x0012fb84, int & 0) line 826
nsView::HandleEvent(nsView * const 0x020060f0, nsGUIEvent * 0x0012fc78, unsigned
int 28, nsEventStatus * 0x0012fb84, int & 0) line 826
nsViewManager::DispatchEvent(nsViewManager * const 0x020062c0, nsGUIEvent *
0x0012fc78, nsEventStatus * 0x0012fb84) line 1725
HandleEvent(nsGUIEvent * 0x0012fc78) line 69
nsWindow::DispatchEvent(nsWindow * const 0x0202f274, nsGUIEvent * 0x0012fc78,
nsEventStatus & nsEventStatus_eIgnore) line 436 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fc78) line 457
nsWindow::DispatchMouseEvent(unsigned int 300, nsPoint * 0x00000000) line 3463 +
21 bytes
ChildWindow::DispatchMouseEvent(unsigned int 300, nsPoint * 0x00000000) line
3681
nsWindow::ProcessMessage(unsigned int 512, unsigned int 0, long 17563742, long *
0x0012fee4) line 2741 + 24 bytes
nsWindow::WindowProc(HWND__ * 0x010d067c, unsigned int 512, unsigned int 0, long
17563742) line 623 + 27 bytes
USER32! 77e71820()
010c005e()
With the Dec 06 th build, I can't reproduce a crash on the cnn site. My hope was
to create a stack trace on the crash. Not sure what additional info I can add to
help.
*** Bug 21338 has been marked as a duplicate of this bug. ***
Attached file Better testcase
Look at my new testcase. The problem is the abcnews page is never closing out
the <FONT> tag. So all the elements just keep getting nested deeper and deeper.
So to reproduce the crash:
1) Load the testcase
2) scroll to the bottom
3) take the cursor and move to be under the column of gears but outside the
content window
4) slowly move the cursor up until it enters the content window and then enters
the bottom link, it goes out to lunch at the point.

Basically it is winding down into GetFrameForPoint and never coming back out.
*** Bug 21874 has been marked as a duplicate of this bug. ***
Target Milestone: M13
This should be fixed soon as abcnews.com is unusable without it.  How and
who does the determination of the milestone for fix, priority, etc get set?  For
now, I'm setting it for M13.
Summary: abcnews.com crashes Nov-10-99 build → [CRASH] abcnews.com crashes Nov-10-99 build
Marking [CRASH].
Target Milestone: M13 → M14
Mass-moving excess bugs to M14
Bulk moving [testcase] code to new testcase keyword. Sorry for the spam!
Keywords: testcase
Adding "crash" keyword to all known open crasher bugs.
Keywords: crash
Summary: [CRASH] abcnews.com crashes Nov-10-99 build → abcnews.com crashes Nov-10-99 build
Whiteboard: [TESTCASE]
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
So I kept this open so long because this bug used to showcase a recursive event 
handling issue.  However, it seems the recursive handling issue was due to the 
content creation of the non-closing font tags.  Now that the parser has fixed 
that we don't have a problem.  Marking fixed, though it was actually a parser 
fix.
Fixed in the Feb 18th build.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.