Crashing when loading standalone image when images disabled in mailnews - Trunk [@ nsImgManager::GetRootDocShell]

VERIFIED FIXED

Status

--
critical
VERIFIED FIXED
16 years ago
3 years ago

People

(Reporter: fredbezies, Assigned: bzbarsky)

Tracking

({crash, topcrash})

Trunk
crash, topcrash
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

16 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030319
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030319

It looks like bug 198181. It should be a duplicate of it (sorry if it is the
case), but I am facing a crash everytime I want to click (left or wheel click)
on a picture.

See details to reproduce it.

Reproducible: Always

Steps to Reproduce:
1.go here (it is one of my sites) : http://frederic.bezies.free.fr/
2.In the right frame, click on the big image


Actual Results:  
Mozilla freezing then crashing :-/

Expected Results:  
opening the image in a new window.

Modern theme, clean install of my homemade build.

Here are my buildconfig data :

Build platform
target
i686-pc-cygwin

Build tools
Compiler 	Version 	Compiler flags
cl 	12.00.8804 for 80x86 	-TC -nologo -W3 -nologo -Gy -Fd$(PDBFILE)
cl 	12.00.8804 for 80x86 	-TP -nologo -W3 -nologo -Gy -Fd$(PDBFILE)

Configure arguments
--enable-extensions --enable-crypto --disable-debug --enable-optimize
--enable-calendar --disable-pedantic --disable-installer --enable-strip
--disable-tests

Also, when I want to launch debugging, VC++ said me there is an access violation
in cookie.dll.

Or, I do not set any cookies on my site :-|

I just customized cookies managing in Prefs/Privacy & Security/View.
(Reporter)

Comment 1

16 years ago
This bug is weird. it only happens with my main profile. I created a blank new
one, did not touch to cookies advanced settings and it crashes again.

I will download a nightly with talkback and send a TB ID.
(Assignee)

Comment 2

16 years ago
At what _exact_ time did you pull?  You have no image settings under privacy &
security?
(Reporter)

Comment 3

16 years ago
Here is a talkback ID : TB18262739Y

This bug is driving me crazy. I remember I tweaked p3p settings. Is this related ?

Is this bug a duplicate of bug 198270 ?
(Reporter)

Comment 4

16 years ago
I pulled 2 or 3 hours ago.

Crash also happens with build 2003031908, see talkback datas.

Only settings I modified for images is "Do not load remote images in Mail &
Newsgroups messages".
(Assignee)

Comment 5

16 years ago
Just as a hint, since you're building yourself, build with symbols and use a
debugger....
Keywords: stackwanted
Whiteboard: TB18262739Y
(Reporter)

Comment 6

16 years ago
Got it !

Try my test case with "Do not load remote images in Mail..." and you will crash.

Uncheck it, and all will be fine !

Weird !

Security related problem, isn't it ?

Setting "?" for 1.4a blocking.
Flags: blocking1.4a?
Keywords: stackwanted
Whiteboard: TB18262739Y
(Reporter)

Comment 7

16 years ago
Thanks for the tip, I will use it. Modifying summary to make bug more "speaking".

Summary: Crashing when clicking on an image link. → Crashing when clicking on an image link and when "Do not load remote image" option is checked.
(Assignee)

Comment 8

16 years ago
This is mine....  biesi, this is the bug you were seeing:

#0  nsImgManager::GetRootDocShell (this=0x81da520, aWindow=0x0, result=0xbfffe564)
    at /home/bzbarsky/mozilla/profile/mozilla/extensions/cookie/nsImgManager.cpp:171
#1  0x41debf2c in nsImgManager::ShouldLoad (this=0x81da520, aContentType=2, 
    aContentLoc=0x8a5ee90, aContext=0x8a5e168, aWindow=0x0, _retval=0xbfffe67c)
    at /home/bzbarsky/mozilla/profile/mozilla/extensions/cookie/nsImgManager.cpp:129
#2  0x40f78f97 in nsContentPolicy::CheckPolicy (this=0x81dca58, policyType=0, 
    contentType=2, contentLocation=0x8a5ee90, context=0x8a5e168, window=0x0, 
    shouldProceed=0xbfffe67c)
    at
/home/bzbarsky/mozilla/profile/mozilla/content/base/src/nsContentPolicy.cpp:143
#3  0x40f79011 in nsContentPolicy::ShouldLoad (this=0x81dca58, contentType=2, 
    contentLocation=0x8a5ee90, context=0x8a5e168, window=0x0, shouldLoad=0xbfffe67c)
    at
/home/bzbarsky/mozilla/profile/mozilla/content/base/src/nsContentPolicy.cpp:166
#4  0x4122f520 in NS_CheckContentLoadPolicy (contentType=2, aURI=0x8a5ee90, 
    context=0x8a5e168, window=0x0, shouldLoad=0xbfffe67c)
    at ../../../dist/include/content/nsContentPolicyUtils.h:56
#5  0x40ff1500 in nsImageLoadingContent::CanLoadImage (this=0x8a5e168,
aURI=0x8a5ee90, 
    aDocument=0x8a5e858)
    at
/home/bzbarsky/mozilla/profile/mozilla/content/base/src/nsImageLoadingContent.cpp:440

Note the null DOM window being passed around....
Assignee: jdunn → bzbarsky
OS: Windows XP → All
Hardware: PC → All
Summary: Crashing when clicking on an image link and when "Do not load remote image" option is checked. → Crashing when loading standalone image when images disabled in mailnews
(Assignee)

Updated

16 years ago
Blocks: 83774
(Assignee)

Comment 9

16 years ago
Created attachment 117791 [details] [diff] [review]
Proposed patch

So the problem is that nsImageDocument::CreateSyntheticDocument gets called
before the document has a scriptglobalobject....  The resulting call into the
content policy code with a null domwindow crashes.

The best solution, imo, is to move the CreateSyntheticDocument call.  One issue
is that now we will not be erroring out of StartDocumentLoad but rather out of
SetScriptGlobalObject on out-of-memory and such....  I don't think this is a
big deal.

Other solutions that would work: make content policy handle null windows
(should maybe still do that), make GetScriptGlobalObject go to the docshell if
mScriptGlobalObject is null (seems a little risky).
(Assignee)

Comment 10

16 years ago
Comment on attachment 117791 [details] [diff] [review]
Proposed patch

jst?  What do you think?
Attachment #117791 - Flags: superreview?(jst)
Attachment #117791 - Flags: review?(jkeiser)
Comment on attachment 117791 [details] [diff] [review]
Proposed patch

sr=jst
Attachment #117791 - Flags: superreview?(jst) → superreview+

Updated

16 years ago
Attachment #117791 - Flags: superreview?(jst)
Attachment #117791 - Flags: superreview+
Attachment #117791 - Flags: review?(jkeiser)
Attachment #117791 - Flags: review+
(Assignee)

Comment 12

16 years ago
fixed.
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED

Comment 13

16 years ago
Added Trunk [@ nsImgManager::GetRootDocShell] and crash, topcrash keywords for
future reference.  This has been a topcrash for the last couple of days on the
MozillaTrunk.
Keywords: crash, topcrash
Summary: Crashing when loading standalone image when images disabled in mailnews → Crashing when loading standalone image when images disabled in mailnews - Trunk [@ nsImgManager::GetRootDocShell]

Comment 14

16 years ago
*** Bug 198367 has been marked as a duplicate of this bug. ***

Updated

16 years ago
Flags: blocking1.4a?
*** Bug 198709 has been marked as a duplicate of this bug. ***

Comment 16

16 years ago
v.fixed per Talkback data.  no crashes since 3/19.
Status: RESOLVED → VERIFIED

Updated

16 years ago
Attachment #117791 - Flags: superreview?(jst)

Updated

9 years ago
Component: Image: Painting → Image: Painting
Product: Core → Core Graveyard
Crash Signature: [@ nsImgManager::GetRootDocShell]
Blocks: 1261536
You need to log in before you can comment on or make changes to this bug.