Closed Bug 20625 Opened 26 years ago Closed 26 years ago

crash in frame state code

Categories

(SeaMonkey :: General, defect, P3)

x86
Windows NT
defect

Tracking

(Not tracked)

VERIFIED DUPLICATE of bug 18798

People

(Reporter: buster, Assigned: nisheeth_mozilla)

References

()

Details

1) load my.netscape.com 2) click the logon link in the upper left corner ("I have already customized my page. Find it!") 3) the logon page loads momentarily, then is replaced with a page that claims javascript is not enabled. (already filed as a separate bug) 4) click back twice quickly. 5) crash with this stack: RestoreFrameStateFor(nsIPresContext * 0x0268fca0, nsIFrame * 0x02ecdd10, nsILayoutHistoryState * 0x02ee0320) line 1449 + 21 bytes FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext * 0x0268fca0, nsIFrame * 0x02ecdd10, nsILayoutHistoryState * 0x02ee0320) line 1467 + 17 bytes FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext * 0x0268fca0, nsIFrame * 0x02ec1240, nsILayoutHistoryState * 0x02ee0320) line 1476 + 24 bytes FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext * 0x0268fca0, nsIFrame * 0x02ec12c0, nsILayoutHistoryState * 0x02ee0320) line 1476 + 24 bytes FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext * 0x0268fca0, nsIFrame * 0x02ec5f00, nsILayoutHistoryState * 0x02ee0320) line 1476 + 24 bytes FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext * 0x0268fca0, nsIFrame * 0x02eb70c0, nsILayoutHistoryState * 0x02ee0320) line 1476 + 24 bytes FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext * 0x0268fca0, nsIFrame * 0x02eb7370, nsILayoutHistoryState * 0x02ee0320) line 1476 + 24 bytes FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext * 0x0268fca0, nsIFrame * 0x02eb7400, nsILayoutHistoryState * 0x02ee0320) line 1476 + 24 bytes FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext * 0x0268fca0, nsIFrame * 0x02eb00d0, nsILayoutHistoryState * 0x02ee0320) line 1476 + 24 bytes FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext * 0x0268fca0, nsIFrame * 0x02e2a770, nsILayoutHistoryState * 0x02ee0320) line 1476 + 24 bytes PresShell::ContentAppended(PresShell * const 0x02c3fb28, nsIDocument * 0x0266b910, nsIContent * 0x02e0555c, int 0) line 2099 nsDocument::ContentAppended(nsDocument * const 0x0266b910, nsIContent * 0x02e0555c, int 0) line 1551 nsHTMLDocument::ContentAppended(nsHTMLDocument * const 0x0266b910, nsIContent * 0x02e0555c, int 0) line 1041 HTMLContentSink::NotifyAppend(nsIContent * 0x02e0555c, int 0) line 3523 SinkContext::FlushTags() line 1751 HTMLContentSink::PreEvaluateScript() line 3570 HTMLContentSink::ProcessSCRIPTTag(const nsIParserNode & {...}) line 3813 + 11 bytes HTMLContentSink::AddLeaf(HTMLContentSink * const 0x0268db90, const nsIParserNode & {...}) line 2628 + 12 bytes CNavDTD::AddLeaf(const nsIParserNode * 0x02e29a90) line 3013 + 28 bytes CNavDTD::HandleScriptToken(const nsIParserNode * 0x02e29a90) line 1767 + 12 bytes CNavDTD::OpenContainer(const nsIParserNode * 0x02e29a90, nsHTMLTag eHTMLTag_script, int 1, int -1) line 2760 + 12 bytes CNavDTD::HandleDefaultStartToken(CToken * 0x0208e290, nsHTMLTag eHTMLTag_script, nsIParserNode * 0x02e29a90) line 1024 + 20 bytes CNavDTD::HandleStartToken(CToken * 0x0208e290) line 1328 + 22 bytes CNavDTD::HandleToken(CNavDTD * const 0x02c3c120, CToken * 0x02067510, nsIParser * 0x0268e850) line 736 + 12 bytes CNavDTD::BuildModel(CNavDTD * const 0x02c3c120, nsIParser * 0x0268e850, nsITokenizer * 0x02c42c40, nsITokenObserver * 0x00000000, nsIContentSink * 0x0268db90) line 529 + 20 bytes nsParser::BuildModel() line 1034 + 34 bytes nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 960 + 11 bytes nsParser::EnableParser(int 1) line 683 + 15 bytes HTMLContentSink::ResumeParsing() line 3555 + 19 bytes HTMLContentSink::OnUnicharStreamComplete(HTMLContentSink * const 0x0268db94, nsIUnicharStreamLoader * 0x02d92900, unsigned int 2152398850, unsigned int 0, const unsigned short * 0x100742b8 gCommonEmptyBuffer) line 3655 + 11 bytes nsUnicharStreamLoader::OnStopRequest(nsUnicharStreamLoader * const 0x02d92904, nsIChannel * 0x02d92450, nsISupports * 0x00000000, unsigned int 2152398850, const unsigned short * 0x00000000) line 127 + 63 bytes nsChannelListener::OnStopRequest(nsChannelListener * const 0x02d92530, nsIChannel * 0x02d92450, nsISupports * 0x00000000, unsigned int 2152398850, const unsigned short * 0x00000000) line 1590 nsHTTPChannel::ResponseCompleted(nsIChannel * 0x02d966d0, unsigned int 2152398850, const unsigned short * 0x00000000) line 825 + 50 bytes nsHTTPResponseListener::OnStopRequest(nsHTTPResponseListener * const 0x02d96160, nsIChannel * 0x02d966d0, nsISupports * 0x02d92450, unsigned int 2152398850, const unsigned short * 0x00000000) line 274 nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x02da1610) line 279 nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x02da0d70) line 93 + 12 bytes PL_HandleEvent(PLEvent * 0x02da0d70) line 537 + 10 bytes rv = aState->GetState(ID, &frameState, type); aState is garbage. Looks like a timing issue, so it might be hard to reproduce.
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → DUPLICATE
*** This bug has been marked as a duplicate of 18798 ***
Status: RESOLVED → VERIFIED
Marking Verified as a dup.
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.