Closed Bug 22015 Opened 25 years ago Closed 25 years ago

Mozilla Page Faults at URL

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows 95
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 21918

People

(Reporter: stephena, Assigned: leger)

References

(
URL
)

Details

(Whiteboard: [TESTCASE])

Attachments

(1 file)

Testcase
228 bytes, text/html
Details 
Using build 1999121612, mozilla regularly page faults on the URL.  The pagefault
dialog box often quotes the fault as occurring in a different DLL each time.   I
am attempting to pear down the page's HTML and retrieve the pictures and
JavaScript locally so I can try to isolate what part exactly is causing the page
fault.

I am running W95 OSR2 with 128MB RAM.
Severity: normal → critical
As I have been working to isolate the section of the HTML causing the invalid
page fault, I have repeatedly been getting:

Invalid page fault in Kernel32.dll at 0137:bff9a5d0

If that means anything to anybody...
Component: Browser-General → Javascript Engine
I think it is a JavaScript problem.   Down in the middle of the <BODY> section
they have the following code:

<SCRIPT>
function email()
{
address=document.emailform.emailinput.value;
location='http://cnn.com/EMAIL/index.html?'+address;
}
</SCRIPT>

Then they have some more HTML followed by:

<SCRIPT>document.write('<FORM name="emailform" onsubmit="email();return
false;"><input type="text" name="emailinput" size="10">&nbsp;<input
type="submit"  value="go"></form>');
</SCRIPT>

Now, I've found removal of either of these two script sections stops mozilla
from page faulting.  BUT, inserting these two sections into a dummy HTML test
page do not cause a page fault.  There has to be another part to this somewhere
in the HTML...  I continue looking...
Attached file Testcase 

    
    

    
  
I have created a test case attachment.  It's pretty simple - but the problem
seems to be pretty complicated.  Here's the source of the testcase and what
I've discovered:

<HTML>
<HEAD>
<TITLE>Title</TITLE>
</HEAD>
<BODY>
   <TABLE>
<SCRIPT>
// Blah blah
</SCRIPT>
      <TR>
         <TD>
<SCRIPT>
document.write('blah');
</SCRIPT>
         </TD>
      </TR>
   </TABLE>
</BODY>
</HTML>

There are basically two SCRIPT sections planted inside a TABLE.  For the
invalid page fault to occur, the first SCRIPT section must be placed before the
first <TR> for the page fault to occur.  It does not seem to matter what the
contents of the first SCRIPT section are.  The second script section must fall
within a proper <TD> </TD> section for the page fault to occur.  Moving it out
into a <TR> </TR> or out just under the <TABLE> element like the first script
section makes the page fault go away.  Additionally, it seems the second SCRIPT
section must contain a document.write of some type.  If you replace it with
comments or a function definition, it will not page fault.

Now if you're like me your thinking those are a whole lot of specifications to
meet for a page fault to occur. Well, yes, but CNN has managed to meet all
those conditions.  Additionally, I'm getting a fair number of page faults with
mozilla during general use.  Hopefully this cockroach may lead back to the nest
;)

    
  
Whiteboard: [TESTCASE]

    
    

    
  
I don't know if this bug got created recently (within the last two or three
days) or CNN has changed how they're doing their website, but almost every
single one of their "Full story" links on their top stories causing this
invalid page fault crash.  And just as M12 is poking it's head up too.... rats.

    
    

    
  
Very nice work, stephena@hiwaay.net. Really well broken down. Thanks.

... which is why I'm hesitant in noting it, but, I believe that this is
a duplicate of bug #21918, which is also on cnn.com, and has an virtually
identical minimum test case.

But the good news is that a fix has already been checked in. (Amazingly,
it's a one-liner fix -- a typo that never got run until recently).

    
    

    
  
Thank you for pointing that out.  I hope indeed the fix works.  The testcase
for bug 21918 actually does not cause a crash on my W95 mozilla.  For a crash
to occur the second SCRIPT with the document.write (as seen in my testcase)
must be included in order to prompt a crash.

Hopefully that is a OS dependant thing and the fix for the other bug will also
fix this nearly identical one.  I wish I had seen that bug before writing this
one.  Oh well....  3jrgm would you mind taking a look at bug #22026 before I do
this all over agian?  <grin>

    
    

    
  
Added karnaze to the cc list so he can comment on whether the fix for bug#
21918 indeed adresses the same issue as this bug.

    
  
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE

    
    

    
  
Thanks for the test case and making the link to bug 21918.

*** This bug has been marked as a duplicate of 21918 ***

    
  
Status: RESOLVED → VERIFIED

    
    

    
      
  

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: