crash in frame state code

VERIFIED DUPLICATE of bug 18798

Status

Product:
SeaMonkey
Component:
General
Importance:
P3
normal
Status:
VERIFIED DUPLICATE of bug 18798
Reported:
19 years ago
Modified:
14 years ago

People

(Reporter: buster, Assigned: nisheeth_mozilla)

Tracking

Version:
Trunk
Platform:
x86
Windows NT

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

19 years ago 
1) load my.netscape.com
2) click the logon link in the upper left corner ("I have already customized my
page. Find it!")
3) the logon page loads momentarily, then is replaced with a page that claims
javascript is not enabled.  (already filed as a separate bug)
4) click back twice quickly.
5) crash with this stack:
RestoreFrameStateFor(nsIPresContext * 0x0268fca0, nsIFrame * 0x02ecdd10,
nsILayoutHistoryState * 0x02ee0320) line 1449 + 21 bytes
FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext
* 0x0268fca0, nsIFrame * 0x02ecdd10, nsILayoutHistoryState * 0x02ee0320) line
1467 + 17 bytes
FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext
* 0x0268fca0, nsIFrame * 0x02ec1240, nsILayoutHistoryState * 0x02ee0320) line
1476 + 24 bytes
FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext
* 0x0268fca0, nsIFrame * 0x02ec12c0, nsILayoutHistoryState * 0x02ee0320) line
1476 + 24 bytes
FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext
* 0x0268fca0, nsIFrame * 0x02ec5f00, nsILayoutHistoryState * 0x02ee0320) line
1476 + 24 bytes
FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext
* 0x0268fca0, nsIFrame * 0x02eb70c0, nsILayoutHistoryState * 0x02ee0320) line
1476 + 24 bytes
FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext
* 0x0268fca0, nsIFrame * 0x02eb7370, nsILayoutHistoryState * 0x02ee0320) line
1476 + 24 bytes
FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext
* 0x0268fca0, nsIFrame * 0x02eb7400, nsILayoutHistoryState * 0x02ee0320) line
1476 + 24 bytes
FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext
* 0x0268fca0, nsIFrame * 0x02eb00d0, nsILayoutHistoryState * 0x02ee0320) line
1476 + 24 bytes
FrameManager::RestoreFrameState(FrameManager * const 0x02c38f10, nsIPresContext
* 0x0268fca0, nsIFrame * 0x02e2a770, nsILayoutHistoryState * 0x02ee0320) line
1476 + 24 bytes
PresShell::ContentAppended(PresShell * const 0x02c3fb28, nsIDocument *
0x0266b910, nsIContent * 0x02e0555c, int 0) line 2099
nsDocument::ContentAppended(nsDocument * const 0x0266b910, nsIContent *
0x02e0555c, int 0) line 1551
nsHTMLDocument::ContentAppended(nsHTMLDocument * const 0x0266b910, nsIContent *
0x02e0555c, int 0) line 1041
HTMLContentSink::NotifyAppend(nsIContent * 0x02e0555c, int 0) line 3523
SinkContext::FlushTags() line 1751
HTMLContentSink::PreEvaluateScript() line 3570
HTMLContentSink::ProcessSCRIPTTag(const nsIParserNode & {...}) line 3813 + 11
bytes
HTMLContentSink::AddLeaf(HTMLContentSink * const 0x0268db90, const nsIParserNode
& {...}) line 2628 + 12 bytes
CNavDTD::AddLeaf(const nsIParserNode * 0x02e29a90) line 3013 + 28 bytes
CNavDTD::HandleScriptToken(const nsIParserNode * 0x02e29a90) line 1767 + 12
bytes
CNavDTD::OpenContainer(const nsIParserNode * 0x02e29a90, nsHTMLTag
eHTMLTag_script, int 1, int -1) line 2760 + 12 bytes
CNavDTD::HandleDefaultStartToken(CToken * 0x0208e290, nsHTMLTag eHTMLTag_script,
nsIParserNode * 0x02e29a90) line 1024 + 20 bytes
CNavDTD::HandleStartToken(CToken * 0x0208e290) line 1328 + 22 bytes
CNavDTD::HandleToken(CNavDTD * const 0x02c3c120, CToken * 0x02067510, nsIParser
* 0x0268e850) line 736 + 12 bytes
CNavDTD::BuildModel(CNavDTD * const 0x02c3c120, nsIParser * 0x0268e850,
nsITokenizer * 0x02c42c40, nsITokenObserver * 0x00000000, nsIContentSink *
0x0268db90) line 529 + 20 bytes
nsParser::BuildModel() line 1034 + 34 bytes
nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 960 + 11 bytes
nsParser::EnableParser(int 1) line 683 + 15 bytes
HTMLContentSink::ResumeParsing() line 3555 + 19 bytes
HTMLContentSink::OnUnicharStreamComplete(HTMLContentSink * const 0x0268db94,
nsIUnicharStreamLoader * 0x02d92900, unsigned int 2152398850, unsigned int 0,
const unsigned short * 0x100742b8 gCommonEmptyBuffer) line 3655 + 11 bytes
nsUnicharStreamLoader::OnStopRequest(nsUnicharStreamLoader * const 0x02d92904,
nsIChannel * 0x02d92450, nsISupports * 0x00000000, unsigned int 2152398850,
const unsigned short * 0x00000000) line 127 + 63 bytes
nsChannelListener::OnStopRequest(nsChannelListener * const 0x02d92530,
nsIChannel * 0x02d92450, nsISupports * 0x00000000, unsigned int 2152398850,
const unsigned short * 0x00000000) line 1590
nsHTTPChannel::ResponseCompleted(nsIChannel * 0x02d966d0, unsigned int
2152398850, const unsigned short * 0x00000000) line 825 + 50 bytes
nsHTTPResponseListener::OnStopRequest(nsHTTPResponseListener * const 0x02d96160,
nsIChannel * 0x02d966d0, nsISupports * 0x02d92450, unsigned int 2152398850,
const unsigned short * 0x00000000) line 274
nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x02da1610) line
279
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x02da0d70) line 93 + 12 bytes
PL_HandleEvent(PLEvent * 0x02da0d70) line 537 + 10 bytes


rv = aState->GetState(ID, &frameState, type);
aState is garbage.
Looks like a timing issue, so it might be hard to reproduce.
 (Assignee)

Updated

19 years ago
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → DUPLICATE
 (Assignee)

Comment 1

19 years ago 
*** This bug has been marked as a duplicate of 18798 ***

Updated

19 years ago
Status: RESOLVED → VERIFIED

Comment 2

19 years ago 
Marking Verified as a dup.
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.