Closed Bug 198301 Opened 22 years ago Closed 22 years ago

Crashing when loading standalone image when images disabled in mailnews - Trunk [@ nsImgManager::GetRootDocShell]

Categories

(Core Graveyard :: Image: Painting, defect)

defect
Not set
critical

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: fredbezies, Assigned: bzbarsky)

References

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(1 file)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030319 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030319 It looks like bug 198181. It should be a duplicate of it (sorry if it is the case), but I am facing a crash everytime I want to click (left or wheel click) on a picture. See details to reproduce it. Reproducible: Always Steps to Reproduce: 1.go here (it is one of my sites) : http://frederic.bezies.free.fr/ 2.In the right frame, click on the big image Actual Results: Mozilla freezing then crashing :-/ Expected Results: opening the image in a new window. Modern theme, clean install of my homemade build. Here are my buildconfig data : Build platform target i686-pc-cygwin Build tools Compiler Version Compiler flags cl 12.00.8804 for 80x86 -TC -nologo -W3 -nologo -Gy -Fd$(PDBFILE) cl 12.00.8804 for 80x86 -TP -nologo -W3 -nologo -Gy -Fd$(PDBFILE) Configure arguments --enable-extensions --enable-crypto --disable-debug --enable-optimize --enable-calendar --disable-pedantic --disable-installer --enable-strip --disable-tests Also, when I want to launch debugging, VC++ said me there is an access violation in cookie.dll. Or, I do not set any cookies on my site :-| I just customized cookies managing in Prefs/Privacy & Security/View.
This bug is weird. it only happens with my main profile. I created a blank new one, did not touch to cookies advanced settings and it crashes again. I will download a nightly with talkback and send a TB ID.
At what _exact_ time did you pull? You have no image settings under privacy & security?
Here is a talkback ID : TB18262739Y This bug is driving me crazy. I remember I tweaked p3p settings. Is this related ? Is this bug a duplicate of bug 198270 ?
I pulled 2 or 3 hours ago. Crash also happens with build 2003031908, see talkback datas. Only settings I modified for images is "Do not load remote images in Mail & Newsgroups messages".
Just as a hint, since you're building yourself, build with symbols and use a debugger....
Keywords: stackwanted
Whiteboard: TB18262739Y
Got it ! Try my test case with "Do not load remote images in Mail..." and you will crash. Uncheck it, and all will be fine ! Weird ! Security related problem, isn't it ? Setting "?" for 1.4a blocking.
Flags: blocking1.4a?
Keywords: stackwanted
Whiteboard: TB18262739Y
Thanks for the tip, I will use it. Modifying summary to make bug more "speaking".
Summary: Crashing when clicking on an image link. → Crashing when clicking on an image link and when "Do not load remote image" option is checked.
This is mine.... biesi, this is the bug you were seeing: #0 nsImgManager::GetRootDocShell (this=0x81da520, aWindow=0x0, result=0xbfffe564) at /home/bzbarsky/mozilla/profile/mozilla/extensions/cookie/nsImgManager.cpp:171 #1 0x41debf2c in nsImgManager::ShouldLoad (this=0x81da520, aContentType=2, aContentLoc=0x8a5ee90, aContext=0x8a5e168, aWindow=0x0, _retval=0xbfffe67c) at /home/bzbarsky/mozilla/profile/mozilla/extensions/cookie/nsImgManager.cpp:129 #2 0x40f78f97 in nsContentPolicy::CheckPolicy (this=0x81dca58, policyType=0, contentType=2, contentLocation=0x8a5ee90, context=0x8a5e168, window=0x0, shouldProceed=0xbfffe67c) at /home/bzbarsky/mozilla/profile/mozilla/content/base/src/nsContentPolicy.cpp:143 #3 0x40f79011 in nsContentPolicy::ShouldLoad (this=0x81dca58, contentType=2, contentLocation=0x8a5ee90, context=0x8a5e168, window=0x0, shouldLoad=0xbfffe67c) at /home/bzbarsky/mozilla/profile/mozilla/content/base/src/nsContentPolicy.cpp:166 #4 0x4122f520 in NS_CheckContentLoadPolicy (contentType=2, aURI=0x8a5ee90, context=0x8a5e168, window=0x0, shouldLoad=0xbfffe67c) at ../../../dist/include/content/nsContentPolicyUtils.h:56 #5 0x40ff1500 in nsImageLoadingContent::CanLoadImage (this=0x8a5e168, aURI=0x8a5ee90, aDocument=0x8a5e858) at /home/bzbarsky/mozilla/profile/mozilla/content/base/src/nsImageLoadingContent.cpp:440 Note the null DOM window being passed around....
Assignee: jdunn → bzbarsky
OS: Windows XP → All
Hardware: PC → All
Summary: Crashing when clicking on an image link and when "Do not load remote image" option is checked. → Crashing when loading standalone image when images disabled in mailnews
Blocks: 83774
Attached patch Proposed patchSplinter Review
So the problem is that nsImageDocument::CreateSyntheticDocument gets called before the document has a scriptglobalobject.... The resulting call into the content policy code with a null domwindow crashes. The best solution, imo, is to move the CreateSyntheticDocument call. One issue is that now we will not be erroring out of StartDocumentLoad but rather out of SetScriptGlobalObject on out-of-memory and such.... I don't think this is a big deal. Other solutions that would work: make content policy handle null windows (should maybe still do that), make GetScriptGlobalObject go to the docshell if mScriptGlobalObject is null (seems a little risky).
Comment on attachment 117791 [details] [diff] [review] Proposed patch jst? What do you think?
Attachment #117791 - Flags: superreview?(jst)
Attachment #117791 - Flags: review?(jkeiser)
Comment on attachment 117791 [details] [diff] [review] Proposed patch sr=jst
Attachment #117791 - Flags: superreview?(jst) → superreview+
Attachment #117791 - Flags: superreview?(jst)
Attachment #117791 - Flags: superreview+
Attachment #117791 - Flags: review?(jkeiser)
Attachment #117791 - Flags: review+
fixed.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Added Trunk [@ nsImgManager::GetRootDocShell] and crash, topcrash keywords for future reference. This has been a topcrash for the last couple of days on the MozillaTrunk.
Keywords: crash, topcrash
Summary: Crashing when loading standalone image when images disabled in mailnews → Crashing when loading standalone image when images disabled in mailnews - Trunk [@ nsImgManager::GetRootDocShell]
*** Bug 198367 has been marked as a duplicate of this bug. ***
Flags: blocking1.4a?
*** Bug 198709 has been marked as a duplicate of this bug. ***
v.fixed per Talkback data. no crashes since 3/19.
Status: RESOLVED → VERIFIED
Attachment #117791 - Flags: superreview?(jst)
Product: Core → Core Graveyard
Crash Signature: [@ nsImgManager::GetRootDocShell]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: