[top100][dogfood] www.developer.com is crashing

VERIFIED FIXED in M13

Status

()

P1
critical
VERIFIED FIXED
19 years ago
19 years ago

People

(Reporter: chofmann, Assigned: harishd)

Tracking

Trunk
x86
Windows 95
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [PDT-][TESTCASE], URL)

Attachments

(2 attachments)

(Reporter)

Description

19 years ago
stack trace coming... looks like somewhere in libraptorhtml

Updated

19 years ago
Whiteboard: [PDT+]

Comment 1

19 years ago
Putting on PDT+ radar.

Updated

19 years ago
Severity: normal → critical

Comment 2

19 years ago
I;m hitting an assert in the sink. Could be parser, but assigning to Vidur to
look at first

NTDLL! 77f9d715()
nsDebug::Assertion(const char * 0x0235d5e0, const char * 0x0235d5d0, const char
* 0x0235d594, int 1224) line 284 + 13 bytes
SinkContext::CloseContainer(const nsIParserNode & {...}) line 1224 + 38 bytes
HTMLContentSink::CloseContainer(HTMLContentSink * const 0x01ed8b78, const
nsIParserNode & {...}) line 2587 + 15 bytes
CNavDTD::CloseContainer(const nsIParserNode * 0x01f4eef0, nsHTMLTag
eHTMLTag_center, int 0) line 2840 + 31 bytes
CNavDTD::CloseContainersTo(int 6, nsHTMLTag eHTMLTag_center, int 0) line 2873 +
20 bytes
CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_center, int 0) line 2962 + 20
bytes
CNavDTD::HandleEndToken(CToken * 0x01f08018) line 1561 + 20 bytes
CNavDTD::HandleToken(CNavDTD * const 0x01e56d38, CToken * 0x01f08018, nsIParser
* 0x01ed88f0) line 738 + 12 bytes
CNavDTD::HandleSavedTokens(int 6) line 1632 + 23 bytes
CNavDTD::HandleOmittedTag(CToken * 0x01f05d40, nsHTMLTag eHTMLTag_a, nsHTMLTag
eHTMLTag_tr, nsIParserNode * 0x01f4e9f0) line 1214 + 12 bytes
CNavDTD::HandleDefaultStartToken(CToken * 0x01f05d40, nsHTMLTag eHTMLTag_a,
nsIParserNode * 0x01f4e9f0) line 962 + 24 bytes
CNavDTD::HandleStartToken(CToken * 0x01f05d40) line 1328 + 22 bytes
CNavDTD::HandleToken(CNavDTD * const 0x01e56d38, CToken * 0x01f05d40, nsIParser
* 0x01ed88f0) line 736 + 12 bytes
CNavDTD::BuildModel(CNavDTD * const 0x01e56d38, nsIParser * 0x01ed88f0,
nsITokenizer * 0x01ed3a28, nsITokenObserver * 0x00000000, nsIContentSink *
0x01ed8b78) line 529 + 20 bytes
nsParser::BuildModel() line 1034 + 34 bytes
nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 960 + 11 bytes
nsParser::EnableParser(int 1) line 683 + 15 bytes
HTMLContentSink::ResumeParsing() line 3555 + 19 bytes
HTMLContentSink::OnUnicharStreamComplete(HTMLContentSink * const 0x01ed8b7c,
nsIUnicharStreamLoader * 0x01eb1fd0, unsigned int 0, unsigned int 430, const
unsigned short * 0x01db96c0) line 3655 + 11 bytes
nsUnicharStreamLoader::OnStopRequest(nsUnicharStreamLoader * const 0x01eb1fd4,
nsIChannel * 0x01f20b48, nsISupports * 0x00000000, unsigned int 0, const
unsigned short * 0x00000000) line 127 + 63 bytes
nsChannelListener::OnStopRequest(nsChannelListener * const 0x01ea4fd0,
nsIChannel * 0x01f20b48, nsISupports * 0x00000000, unsigned int 0, const
unsigned short * 0x00000000) line 1588
nsHTTPChannel::ResponseCompleted(nsIChannel * 0x01f20f00, unsigned int 0, const
unsigned short * 0x00000000) line 825 + 50 bytes
nsHTTPResponseListener::OnStopRequest(nsHTTPResponseListener * const 0x00f83f78,
nsIChannel * 0x01f20f00, nsISupports * 0x01f20b48, unsigned int 0, const
unsigned short * 0x00000000) line 274
nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x01cec088) line
279
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x01db9e68) line 93 + 12 bytes
PL_HandleEvent(PLEvent * 0x01db9e68) line 537 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00b48180) line 498 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x000401fc, unsigned int 49394, unsigned int 0,
long 11829632) line 972 + 9 bytes
USER32! 77e135f8()
USER32! 77e13769()
USER32! 77e17b9a()
main(int 1, char * * 0x00a92fa8) line 137 + 11 bytes
mainCRTStartup() line 338 + 17 bytes
Assignee: troy → vidur
(Reporter)

Comment 3

19 years ago
yes thats what I see:

Incident ID 1665529
SinkContext::CloseContainer
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp,
line 1233]
HTMLContentSink::CloseContainer
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp,
line 2591]
CNavDTD::CloseContainer [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp,
line 2872]
CNavDTD::CloseContainersTo
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 2902]
CNavDTD::CloseContainersTo
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 3012]
CNavDTD::HandleEndToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp,
line 1568]
CNavDTD::HandleToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp,
line 730]
CNavDTD::HandleSavedTokens
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 1618]
CNavDTD::HandleOmittedTag
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 1222]
CNavDTD::HandleDefaultStartToken
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 966]
CNavDTD::HandleStartToken
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 1328]
CNavDTD::HandleToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp,
line 743]
CNavDTD::BuildModel [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp,
line 528]
nsParser::BuildModel [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp,
line 1044]
nsParser::ResumeParse [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp,
line 968]
nsParser::EnableParser [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp,
line 684]
HTMLContentSink::ResumeParsing
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp,
line 3559]
HTMLContentSink::OnUnicharStreamComplete
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp,
line 3656]
nsUnicharStreamLoader::OnStopRequest
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsUnicharStreamLoader.cpp, line
130]
nsChannelListener::OnStopRequest
[d:\builds\seamonkey\mozilla\webshell\src\nsDocLoader.cpp, line 1588]
nsHTTPChannel::ResponseCompleted
[d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPChannel.cpp, line
823]
nsHTTPResponseListener::OnStopRequest
[d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp
p, line 263]
nsOnStopRequestEvent::HandleEvent
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line
279]
nsStreamListenerEvent::HandlePLEvent
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line
94]
PL_HandleEvent [plevent.c, line 538]
_md_EventReceiverProc [plevent.c, line 976]
USER32.dll + 0x1820 (0x77e71820)
(Reporter)

Comment 4

19 years ago
I wonder if its the content on the page, or the e-mail subscription
popup that is killing us?
(Reporter)

Comment 5

19 years ago
looks like other pages with pop up's on browser buster seem to be ok.

Comment 6

19 years ago
Created attachment 3201 [details]
minimal testcase, distilled from www.developer.com
(Reporter)

Comment 7

19 years ago
minimal test case might indicate parser..

<html><head><title>Testcase for bug 20645</title></head>
<body bgcolor="#FFFFFF">

<P><!-- ATTENTION: No end tag for this P -->

<table>
<tr>
<!-- ATTENTION: Missing TD start tag here -->
   <BR>
   <center></center>
</td>
</tr>
</table>

</body>
</html>

Updated

19 years ago
Whiteboard: [PDT+] → [PDT+][TESTCASE]

Comment 8

19 years ago
It does seem like the content sink is getting a bad series of calls from the
parser (from CNavDTD actually). Rickg will look at it as soon as he gets a build
going.

Updated

19 years ago
Target Milestone: M12

Updated

19 years ago
Assignee: vidur → rickg

Comment 9

19 years ago
Still waiting for a response from RickG. Reassigning the bug to him. Note that
we can probably get rid of the crash, by making the content sink more robust
(which I should do anyway). No guarantees of any reasonable layout, though.

Updated

19 years ago
Status: NEW → ASSIGNED

Comment 10

19 years ago
Well, I'm looking into it -- but the savetokens code is not acting in a
predictable manner. It seems to be arbitrarily closing tags, but I don't yet
know why.

Updated

19 years ago
Whiteboard: [PDT+][TESTCASE] → [PDT+][TESTCASE] hoping for 12/10, but this code hurts my head.

Comment 11

19 years ago
The only data point I have so far it that problem disappears if the <BR> is
removed.

Comment 12

19 years ago
The following patch to nsHTMLContentSink.cpp (revision 3.281) prevents the
crash, though it may not be the final fix. The patch is necessary anyway - the
assertions aren't enough.

Index: nsHTMLContentSink.cpp
===================================================================
RCS file: /cvsroot/mozilla/layout/html/document/src/nsHTMLContentSink.cpp,v
retrieving revision 3.281
diff -r3.281 nsHTMLContentSink.cpp
1182a1183,1185
>     if (mStackPos <= 0) {
>       return NS_ERROR_FAILURE;
>     }
1255a1259,1261
>     if (mStackPos <= 0) {
>       return NS_ERROR_FAILURE;
>     }
1566a1573,1575
>   if (mStackPos <= 0) {
>     return NS_ERROR_FAILURE;
>   }
1868a1878,1880
>         if (mStackPos <= 0) {
>           return NS_ERROR_FAILURE;
>         }
2303c2315,2317
<
---
>   if (mCurrentContext == nsnull) {
>     return NS_ERROR_FAILURE;
>   }
3918a3933,3935
>   if (mCurrentContext->mStackPos <= 0) {
>     return NS_ERROR_FAILURE;
>   }

Updated

19 years ago
Assignee: rickg → harishd
Status: ASSIGNED → NEW
Whiteboard: [PDT+][TESTCASE] hoping for 12/10, but this code hurts my head. → [TESTCASE]
Target Milestone: M12 → M13

Comment 13

19 years ago
Checked in the content sink changes that allow us not to crash (though we still
assert). Reassigning to harishd to come up with the real fix in the parser.
Removing the PDT+ designation since we don't crash and moving to M13 for the
real fix.

Comment 14

19 years ago
*** Bug 21214 has been marked as a duplicate of this bug. ***

Comment 15

19 years ago
*** Bug 21096 has been marked as a duplicate of this bug. ***

Comment 16

19 years ago
*** Bug 20331 has been marked as a duplicate of this bug. ***

Updated

19 years ago
Whiteboard: [TESTCASE] → [PDT-][TESTCASE]

Comment 17

19 years ago
Putting on PDT- radar. No longer crashing.  Page somewhat readable.  Good for
dogfood.  You should mark this one fixed and open a new layout bug.

Updated

19 years ago
Blocks: 21564
(Assignee)

Updated

19 years ago
Priority: P3 → P1
(Assignee)

Comment 18

19 years ago
Created attachment 3955 [details]
The developer.com site that asserts
(Assignee)

Updated

19 years ago
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED
(Assignee)

Comment 19

19 years ago
The assertion was caused due to context mismatch.  That is, in the example
mentioned <CENTER> was trying to close P ( which happed to be in a different
context ).

FIXED by discarding CENTER -- emulating IE :(

Nav.4.x does the right thing by not letting P to contain TABLE ( Gecko does!! ).

Comment 20

19 years ago
The page looks good in the Jan 18th build.
Status: RESOLVED → VERIFIED

Updated

19 years ago
No longer blocks: 21564
You need to log in before you can comment on or make changes to this bug.