Closed Bug 20645 Opened 26 years ago Closed 26 years ago

[top100][dogfood] www.developer.com is crashing

Categories

(Core :: Layout, defect, P1)

Product:
Core
Component:
Layout
Platform:
x86
Windows 95
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: chofmann, Assigned: harishd)

References

(
URL
)

Details

(Whiteboard: [PDT-][TESTCASE])

Attachments

(2 files)

minimal testcase, distilled from www.developer.com
271 bytes, text/html
Details
The developer.com site that asserts
28.07 KB, text/html
Details
stack trace coming... looks like somewhere in libraptorhtml
Whiteboard: [PDT+]
Putting on PDT+ radar.
Severity: normal → critical
I;m hitting an assert in the sink. Could be parser, but assigning to Vidur to look at first NTDLL! 77f9d715() nsDebug::Assertion(const char * 0x0235d5e0, const char * 0x0235d5d0, const char * 0x0235d594, int 1224) line 284 + 13 bytes SinkContext::CloseContainer(const nsIParserNode & {...}) line 1224 + 38 bytes HTMLContentSink::CloseContainer(HTMLContentSink * const 0x01ed8b78, const nsIParserNode & {...}) line 2587 + 15 bytes CNavDTD::CloseContainer(const nsIParserNode * 0x01f4eef0, nsHTMLTag eHTMLTag_center, int 0) line 2840 + 31 bytes CNavDTD::CloseContainersTo(int 6, nsHTMLTag eHTMLTag_center, int 0) line 2873 + 20 bytes CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_center, int 0) line 2962 + 20 bytes CNavDTD::HandleEndToken(CToken * 0x01f08018) line 1561 + 20 bytes CNavDTD::HandleToken(CNavDTD * const 0x01e56d38, CToken * 0x01f08018, nsIParser * 0x01ed88f0) line 738 + 12 bytes CNavDTD::HandleSavedTokens(int 6) line 1632 + 23 bytes CNavDTD::HandleOmittedTag(CToken * 0x01f05d40, nsHTMLTag eHTMLTag_a, nsHTMLTag eHTMLTag_tr, nsIParserNode * 0x01f4e9f0) line 1214 + 12 bytes CNavDTD::HandleDefaultStartToken(CToken * 0x01f05d40, nsHTMLTag eHTMLTag_a, nsIParserNode * 0x01f4e9f0) line 962 + 24 bytes CNavDTD::HandleStartToken(CToken * 0x01f05d40) line 1328 + 22 bytes CNavDTD::HandleToken(CNavDTD * const 0x01e56d38, CToken * 0x01f05d40, nsIParser * 0x01ed88f0) line 736 + 12 bytes CNavDTD::BuildModel(CNavDTD * const 0x01e56d38, nsIParser * 0x01ed88f0, nsITokenizer * 0x01ed3a28, nsITokenObserver * 0x00000000, nsIContentSink * 0x01ed8b78) line 529 + 20 bytes nsParser::BuildModel() line 1034 + 34 bytes nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 960 + 11 bytes nsParser::EnableParser(int 1) line 683 + 15 bytes HTMLContentSink::ResumeParsing() line 3555 + 19 bytes HTMLContentSink::OnUnicharStreamComplete(HTMLContentSink * const 0x01ed8b7c, nsIUnicharStreamLoader * 0x01eb1fd0, unsigned int 0, unsigned int 430, const unsigned short * 0x01db96c0) line 3655 + 11 bytes nsUnicharStreamLoader::OnStopRequest(nsUnicharStreamLoader * const 0x01eb1fd4, nsIChannel * 0x01f20b48, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x00000000) line 127 + 63 bytes nsChannelListener::OnStopRequest(nsChannelListener * const 0x01ea4fd0, nsIChannel * 0x01f20b48, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x00000000) line 1588 nsHTTPChannel::ResponseCompleted(nsIChannel * 0x01f20f00, unsigned int 0, const unsigned short * 0x00000000) line 825 + 50 bytes nsHTTPResponseListener::OnStopRequest(nsHTTPResponseListener * const 0x00f83f78, nsIChannel * 0x01f20f00, nsISupports * 0x01f20b48, unsigned int 0, const unsigned short * 0x00000000) line 274 nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x01cec088) line 279 nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x01db9e68) line 93 + 12 bytes PL_HandleEvent(PLEvent * 0x01db9e68) line 537 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00b48180) line 498 + 9 bytes _md_EventReceiverProc(HWND__ * 0x000401fc, unsigned int 49394, unsigned int 0, long 11829632) line 972 + 9 bytes USER32! 77e135f8() USER32! 77e13769() USER32! 77e17b9a() main(int 1, char * * 0x00a92fa8) line 137 + 11 bytes mainCRTStartup() line 338 + 17 bytes
Assignee: troy → vidur
yes thats what I see: Incident ID 1665529 SinkContext::CloseContainer [d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp, line 1233] HTMLContentSink::CloseContainer [d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp, line 2591] CNavDTD::CloseContainer [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 2872] CNavDTD::CloseContainersTo [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 2902] CNavDTD::CloseContainersTo [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 3012] CNavDTD::HandleEndToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 1568] CNavDTD::HandleToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 730] CNavDTD::HandleSavedTokens [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 1618] CNavDTD::HandleOmittedTag [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 1222] CNavDTD::HandleDefaultStartToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 966] CNavDTD::HandleStartToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 1328] CNavDTD::HandleToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 743] CNavDTD::BuildModel [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 528] nsParser::BuildModel [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 1044] nsParser::ResumeParse [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 968] nsParser::EnableParser [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 684] HTMLContentSink::ResumeParsing [d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp, line 3559] HTMLContentSink::OnUnicharStreamComplete [d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp, line 3656] nsUnicharStreamLoader::OnStopRequest [d:\builds\seamonkey\mozilla\netwerk\base\src\nsUnicharStreamLoader.cpp, line 130] nsChannelListener::OnStopRequest [d:\builds\seamonkey\mozilla\webshell\src\nsDocLoader.cpp, line 1588] nsHTTPChannel::ResponseCompleted [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPChannel.cpp, line 823] nsHTTPResponseListener::OnStopRequest [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp p, line 263] nsOnStopRequestEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 279] nsStreamListenerEvent::HandlePLEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 94] PL_HandleEvent [plevent.c, line 538] _md_EventReceiverProc [plevent.c, line 976] USER32.dll + 0x1820 (0x77e71820)
I wonder if its the content on the page, or the e-mail subscription popup that is killing us?
looks like other pages with pop up's on browser buster seem to be ok.
minimal test case might indicate parser.. <html><head><title>Testcase for bug 20645</title></head> <body bgcolor="#FFFFFF"> <P><!-- ATTENTION: No end tag for this P --> <table> <tr> <!-- ATTENTION: Missing TD start tag here --> <BR> <center></center> </td> </tr> </table> </body> </html>
Whiteboard: [PDT+] → [PDT+][TESTCASE]
It does seem like the content sink is getting a bad series of calls from the parser (from CNavDTD actually). Rickg will look at it as soon as he gets a build going.
Target Milestone: M12
Assignee: vidur → rickg
Still waiting for a response from RickG. Reassigning the bug to him. Note that we can probably get rid of the crash, by making the content sink more robust (which I should do anyway). No guarantees of any reasonable layout, though.
Status: NEW → ASSIGNED
Well, I'm looking into it -- but the savetokens code is not acting in a predictable manner. It seems to be arbitrarily closing tags, but I don't yet know why.
Whiteboard: [PDT+][TESTCASE] → [PDT+][TESTCASE] hoping for 12/10, but this code hurts my head.
The only data point I have so far it that problem disappears if the <BR> is removed.
The following patch to nsHTMLContentSink.cpp (revision 3.281) prevents the crash, though it may not be the final fix. The patch is necessary anyway - the assertions aren't enough. Index: nsHTMLContentSink.cpp =================================================================== RCS file: /cvsroot/mozilla/layout/html/document/src/nsHTMLContentSink.cpp,v retrieving revision 3.281 diff -r3.281 nsHTMLContentSink.cpp 1182a1183,1185 > if (mStackPos <= 0) { > return NS_ERROR_FAILURE; > } 1255a1259,1261 > if (mStackPos <= 0) { > return NS_ERROR_FAILURE; > } 1566a1573,1575 > if (mStackPos <= 0) { > return NS_ERROR_FAILURE; > } 1868a1878,1880 > if (mStackPos <= 0) { > return NS_ERROR_FAILURE; > } 2303c2315,2317 < --- > if (mCurrentContext == nsnull) { > return NS_ERROR_FAILURE; > } 3918a3933,3935 > if (mCurrentContext->mStackPos <= 0) { > return NS_ERROR_FAILURE; > }
Assignee: rickg → harishd
Status: ASSIGNED → NEW
Whiteboard: [PDT+][TESTCASE] hoping for 12/10, but this code hurts my head. → [TESTCASE]
Target Milestone: M12 → M13
Checked in the content sink changes that allow us not to crash (though we still assert). Reassigning to harishd to come up with the real fix in the parser. Removing the PDT+ designation since we don't crash and moving to M13 for the real fix.
*** Bug 21214 has been marked as a duplicate of this bug. ***
*** Bug 21096 has been marked as a duplicate of this bug. ***
*** Bug 20331 has been marked as a duplicate of this bug. ***
Whiteboard: [TESTCASE] → [PDT-][TESTCASE]
Putting on PDT- radar. No longer crashing. Page somewhat readable. Good for dogfood. You should mark this one fixed and open a new layout bug.
Blocks: 21564
Priority: P3 → P1
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
The assertion was caused due to context mismatch. That is, in the example mentioned <CENTER> was trying to close P ( which happed to be in a different context ). FIXED by discarding CENTER -- emulating IE :( Nav.4.x does the right thing by not letting P to contain TABLE ( Gecko does!! ).
The page looks good in the Jan 18th build.
Status: RESOLVED → VERIFIED
No longer blocks: 21564
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: