Closed
Bug 239572
Opened 21 years ago
Closed 21 years ago
M17beta crash in [@ GetDocumentFromScriptContext] XMLEXTRAS.DLL when killing loading popup
Categories
(Core :: XML, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: hhschwab, Assigned: sicking)
References
()
Details
(Keywords: crash, regression, topcrash, Whiteboard: TB11668G)
Crash Data
Attachments
(2 files)
785 bytes,
text/html
|
Details | |
862 bytes,
patch
|
jst
:
review+
jst
:
superreview+
chofmann
:
approval1.7+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7b) Gecko/20040316 Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7b) Gecko/20040316 If seen crashes in xmlextras.html for some time, but now found an URL were I could reproduce it. Original code is invalid and ugly, I´ll attach a testcase. Reproducible: Always Steps to Reproduce: 1.enable Javascript, Popups, loading of images 2.http://www.terravista.pt/mussulo/1978/Biography.html 3. When a popup starts to load, kill it using the top right [x] Actual Results: As long as the popup was showing empty while loading, Mozilla crashed, if I closed it. When it didn´t crash, I just did a reload, and tried again. Expected Results: not crash
Reporter | ||
Comment 1•21 years ago
|
||
testcase, be sure to have loading of images, popups and Javascript enabled. Load testcase When Popup opens, close it before it starts to show something, crash after some seconds. Talkback from testcase, crashed on second try: TB11668G Talkbacks from the original URL: TB11512G, TB11505Q, TB11504Y, TB11502H, TB11501M crashes also on current nightly
Updated•21 years ago
|
Keywords: crash,
stackwanted
Whiteboard: TB11668G
Comment 2•21 years ago
|
||
WFM, Mozilla 1.7b and Mozilla 20040401 WinXP. The best I could get was an assertion which I got only once in my 1.7b debug build: ###!!! ASSERTION: OnStopDecode called multiple times.: '!(mState & onStopDecode)', file e:/mozilla/d ebug/mozilla/modules/libpr0n/src/imgRequest.cpp, line 517
Keywords: talkbackid
Reporter | ||
Comment 3•21 years ago
|
||
regressed between working BuildID 2004031008 and crashing BuildID 2004031619 code of the testcase: <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252"> <TITLE>Bug239572</TITLE> <script language="JavaScript"> if (navigator.appName.indexOf("Netscape")!=-1) { window.open("http://www.terravista.pt/meco/ad/ad.asp?param=" + top.window.location.href ,"Pub","width=480,height=60,resizable=no,scrollbars=no,menubar=no,toolbar=no,directories=no,location=no,status=no"); } else { window.open("http://www.terravista.pt/meco/ad/ad.asp?param=" + top.window.location.href ,"Pub","width=470,height=60,resizable=no,scrollbars=no,menubar=no,toolbar=no,directories=no,location=no,status=no"); } </script> </HEAD> <BODY TEXT="#000000" LINK="#0000ff" VLINK="#800080" background="http://www.mozilla.org/images/mozilla-banner.gif"> </BODY> </HTML> I had have a background in the body, I assume otherwise the popup was loading too fast to close it near the start of loading. To reproduce the bug, you must have Javascript, images and popups enabled, and I assume, also a fairly slow connection (ISDN) and a slow computer? If you don´t succeed on the testcase, try the original URL. It contains bigger images, and some invalid code. the URLs loaded from Javascript: http://www.terravista.pt/meco/ad/ad.asp?param=http://www.terravista.pt/mussulo/1978/Biography.html http://www.terravista.pt/meco/ad/ad.asp?param=http://bugzilla.mozilla.org/attachment.cgi?id=145412&action=view text/html, Quirks mode, ISO-8859-1
Reporter | ||
Comment 4•21 years ago
|
||
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=SeaMonkeyAll&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2004-03-10+08%3A00&maxdate=2004-03-16+19%3A00&cvsroot=%2Fcvsroot 2004-03-16 14:00 Bug 237685 - make xmlextras not point to green.nscp. Not part of build. 2004-03-15 22:34 Bug 237319. Adding support for server push of XML documents to an XMLHttpRequest using "multipart/x-mixed-replace".
Reporter | ||
Comment 5•21 years ago
|
||
Regression, working BuildID 2004031508, crashing 2004031608 Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7b) Gecko/20040316 tested on an Athlon XP1600, DSL, Win98SE http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=SeaMonkeyAll&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2004-03-15+08%3A00&maxdate=2004-03-16+08%3A00&cvsroot=%2Fcvsroot 2004-03-15 22:34 jst%mozilla.jstenback.com mozilla/ extensions/ xmlextras/ base/ src/ nsXMLHttpRequest.h mozilla/ extensions/ xmlextras/ base/ src/ nsXMLHttpRequest.cpp mozilla/ extensions/ xmlextras/ base/ src/ nsLoadListenerProxy.cpp mozilla/ extensions/ xmlextras/ base/ public/ nsIXMLHttpRequest.idl Bug 237319 Add support for server push using multipart/x-mixed-replace with XMLHttpRequest.
Keywords: regression
Comment 6•21 years ago
|
||
This is a topcrash with Mozilla 1.7 beta: Count Offset Real Signature [ 14 GetDocumentFromScriptContext 182a0d18 - GetDocumentFromScriptContext ] [ 9 GetDocumentFromScriptContext 60de5baf - GetDocumentFromScriptContext ] Crash date range: 01-APR-04 to 31-MAR-04 Min/Max Seconds since last crash: 45 - 372537 Min/Max Runtime: 4961 - 517724 Count Platform List 9 [Windows NT 5.1 build 2600] 9 [Windows 98 4.10 build 67766222] 4 [Windows NT 5.0 build 2195] 1 [Windows 98 4.90 build 73010104] Count Build Id List 23 2004031615 No of Unique Users 14 Stack trace(Frame) GetDocumentFromScriptContext [c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp line 250] nsXMLHttpRequest::GetBaseURI [c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp line 711] nsXMLHttpRequest::OnStartRequest [c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp line 1164] nsHttpChannel::CallOnStartRequest [c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp line 638] nsHttpChannel::OnStartRequest [c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp line 3328] nsInputStreamPump::OnStateStart [c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/netwerk/base/src/nsInputStreamPump.cpp line 381] nsInputStreamPump::OnInputStreamReady [c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/netwerk/base/src/nsInputStreamPump.cpp line 343] nsInputStreamReadyEvent::EventHandler [c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/xpcom/io/nsStreamUtils.cpp line 119] PL_HandleEvent [c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/xpcom/threads/plevent.c line 672] PL_ProcessPendingEvents [c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/xpcom/threads/plevent.c line 610] nsEventQueueImpl::ProcessPendingEvents [c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/xpcom/threads/nsEventQueue.cpp line 395] (11682) URL: http://bugzilla.mozilla.org/attachment.cgi?id=145412&action=view (11682) Comments: Bug 239572 crash in XMLEXTRAS.DLL when killing loading popup was loadin tescase above crash when closing the still loading popup (11668) URL: http://www.terravista.pt/mussulo/1978/Biography.html (11668) Comments: Bug 239572 testcase loaded testcase closed popup ok. Did a reload closed popup before it did show something crash after some seconds. (11665) URL: http://www.brezen.cz (11512) URL: http://www.terravista.pt/mussulo/1978/Biography.html (11512) Comments: http://www.terravista.pt/mussulo/1978/Biography.html This website starts a popup: http://setemares.terravista.pt/ Killing this popup when it starts loading crashes Mozilla. See Talkbacks 11495Z .. TB11505Q (11505) URL: http://www.terravista.pt/mussulo/1978/Biography.html (11504) URL: http://www.terravista.pt/mussulo/1978/Biography.html (11504) Comments: http://www.terravista.pt/mussulo/1978/Biography.html going to this URL openes a popup and if you kill it before it has loaded Mozilla crashes: TB11491Y TB11495Z TB11501M TB11502H (11502) URL: http://bugzilla.mozilla.org/attachment.cgi?id=139119&action=view (11502) Comments: killing a popup (11501) URL: http://bugzilla.mozilla.org/attachment.cgi?id=139119&action=view (11501) Comments: opened groupmark with links from TB11491Y and TB11495Z and killed a popup before it even loaded crashed some seconds later. Maybe this URL called the popup the complete list of URLS is in the other reports. (11501) Comments: http://www.terravista.pt/mussulo/1978/Biography.html (11495) URL: http://bugzilla.mozilla.org/attachment.cgi?id=139119&action=view (11495) Comments: Followup to TB11491Y Opened http://www.heise.de/newsticker/meldung/46268 in 1st tab and from there opened some links which together produced TB11491Y one after another this time waiting untill it has loaded before proceeding to the next. No crash (11495) Comments: this way so I closed all tabs besides the first and from there again opened the links this time as fast as i Could not waiting until it had loaded. When the popup came up i killed it. After some seconds crash and talkback came up. 1st URL (11495) Comments: holding the others: http://www.heise.de/newsticker/meldung/46268 the others from the 6th paragraph of the text: *** Bleiben wir bei der Musik und wenden uns von Ice Vanilla Bowie und Queen der leidenden deutschen Musikindustrie zu die in ihrer Not (11495) Comments: das Kriegsbeil ausgegraben hat. Wer nicht versteht dass wieder einmal der zyklische Wechsel der Musikformate abl??uft muss wohl kriminell werden und den Zorn rechtschaffen(d)er Fans aushalten. Ach das waren noch sch??ne Zeiten als sich vor 30 Jahren (11495) Comments: Abba aufmachte die Welt zu betr??llern. ??brigens gegen den Widerstand besagter Industrie die Waterloo ablehnte. Was ist von einer Industrie zu halten die es nicht schafft den heute sich j??hrenden Todestag von Arthur Russell zu begehen einem der (11495) Comments: wichtigsten Musiker des ausgelaufenen Jahrhunderts der in vielen Welten zu Hause war? Wie sang noch Frau von Kappelhoff die Jubilarin: Que sera sera? -- the future is not ours to see. http://www.heise.de/newsticker/meldung/46115/ (11495) Comments: http://www.taz.de/pt/2004/04/01/a0248.nf/text http://www.heise.de/newsticker/meldung/46159/ http://www.taz.de/pt/2004/04/03/a0314.nf/text http://www.lyrics007.com/Abba%20Lyrics/Waterloo%20(German%20version)%20Lyrics.html (11495) Comments: http://www.terravista.pt/mussulo/1978/Biography.html http://www.pitchforkmedia.com/record-reviews/r/russell_arthur/world-of.shtml http://www.heute.t-online.de/ZDFheute/artikel/11/0 1367 MAG-0-2116363 00.html (11491) URL: http://bugzilla.mozilla.org/attachment.cgi?id=139119&action=view (11491) Comments: there are a lot of links in this article: http://www.heise.de/newsticker/meldung/46268 and when I opened some in the middle Mozila reproducible crashed. I had this crash in XMLEXTRAS.DLL seen some more times but now I could reproduce it using (11491) Comments: Mozilla 1.7b with Talkback. First crash was with current nightly. Links I opened: http://www.heise.de/newsticker/meldung/46115/ http://www.taz.de/pt/2004/04/01/a0248.nf/text http://www.heise.de/newsticker/meldung/46159/ (11491) Comments: http://www.taz.de/pt/2004/04/03/a0314.nf/text http://www.lyrics007.com/Abba%20Lyrics/Waterloo%20(German%20version)%20Lyrics.html http://www.terravista.pt/mussulo/1978/Biography.html (11491) Comments: http://www.pitchforkmedia.com/record-reviews/r/russell_arthur/world-of.shtml http://www.heute.t-online.de/ZDFheute/artikel/11/0 1367 MAG-0-2116363 00.html I opened all of these links loading in the background killed one popup and after half a (11491) Comments: minute crash. IA'll look further which of these links is crashing. (9753) Comments: I unblocked a popup window for a site closed the site window and re-opened it. Upon loading the site and popup it crashed. (8596) Comments: Open Javascript Debugger and changed my mind. Crashed when I tried to close it. (7037) URL: http://www.brezen.cz (7017) URL: www.cnn.com (6357) URL: http://forums.shareaza.com//newthread.php?s=&action=newthread&forumid=2 (6357) Comments: Typing a small tutorial and using the DownloadWith plugin's config screen for reference. I personally have not been able to reproduce with either MozillaTrunk 2004040413 or Mozilla 1.7 beta on Windows XP.
Summary: crash in XMLEXTRAS.DLL when killing loading popup → M17beta crash in [@ GetDocumentFromScriptContext] XMLEXTRAS.DLL when killing loading popup
Comment 7•21 years ago
|
||
==> XML "NEW" bugs in Browser-General aren't very useful.
Assignee: general → hjtoi-bugzilla
Component: Browser-General → XML
QA Contact: general → ashshbhatt
Assignee | ||
Comment 9•21 years ago
|
||
I can't reproduce the crash (i might be sitting on a too fast line), so i can't verify that this actually fixes it. However looking at the stack and the code it looks like the problem is calling CallQueryInterface on a nullpointer.
Assignee: hjtoi-bugzilla → bugmail
Status: NEW → ASSIGNED
Assignee | ||
Updated•21 years ago
|
Attachment #145516 -
Flags: superreview?(jst)
Attachment #145516 -
Flags: review?(jst)
Comment 10•21 years ago
|
||
Comment on attachment 145516 [details] [diff] [review] hopefully the fix Yeah, this looks like the fix for this crash, and even if it doesn't fix this crash, it's the right thing to do. r+sr=jst Requesting approval.
Attachment #145516 -
Flags: superreview?(jst)
Attachment #145516 -
Flags: superreview+
Attachment #145516 -
Flags: review?(jst)
Attachment #145516 -
Flags: review+
Attachment #145516 -
Flags: approval1.7?
Comment 11•21 years ago
|
||
Comment on attachment 145516 [details] [diff] [review] hopefully the fix a=chofmann for 1.7
Attachment #145516 -
Flags: approval1.7? → approval1.7+
Assignee | ||
Comment 12•21 years ago
|
||
checked in. Hermann: Could you please try tomorrows nighly and see if the problem is fixed there. If you still can reproduce it please reopen this bug, otherwise go ahead and mark it verified.
Updated•21 years ago
|
Keywords: talkbackid
Reporter | ||
Comment 13•21 years ago
|
||
verified BuildID 2004040610 (Creature) Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7b) Gecko/20040406
Status: RESOLVED → VERIFIED
Updated•13 years ago
|
Crash Signature: [@ GetDocumentFromScriptContext]
You need to log in
before you can comment on or make changes to this bug.
Description
•