Closed
Bug 249748
Opened 21 years ago
Closed 21 years ago
Mozilla crashes at print preview [@ nsBulletListener::OnStartContainer]
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: mcsmurf, Unassigned)
References
()
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
2.82 KB,
text/plain
|
Details |
To reproduce:
1. Go to URL
2. Open Print Preview
Results:
Crash
Expected:
Not to crash
Reproducable with Trunk non-debug opt build and Trunk debug build on Win2K, also
reproducable with linux builds (found this crasher in a Newsgroup).
Stacktrace:
nsBulletListener::OnStartContainer(nsBulletListener * const 0x049ea740,
imgIRequest * 0x04620e40, imgIContainer * 0x05861980) line 1810 + 23 bytes
imgRequestProxy::OnStartContainer(imgIContainer * 0x05861980) line 386
imgRequest::OnStartContainer(imgRequest * const 0x039e4024, imgIRequest *
0x00000000, imgIContainer * 0x05861980) line 417
nsGIFDecoder2::BeginGIF(void * 0x04a4b890, unsigned int 0x0000000a, unsigned int
0x00000007, unsigned char 0x00) line 279
gif_write(gif_struct * 0x04b62ea8, const unsigned char * 0x025f209c, unsigned
int 0x00000047) line 615 + 41 bytes
nsGIFDecoder2::ProcessData(unsigned char * 0x025f209c, unsigned int 0x00000047,
unsigned int * 0x0012f2dc) line 213 + 20 bytes
ReadDataOut(nsIInputStream * 0x039e46f4, void * 0x04a4b890, const char *
0x025f209c, unsigned int 0x00000000, unsigned int 0x00000047, unsigned int *
0x0012f2dc) line 155 + 20 bytes
nsInputStreamTee::WriteSegmentFun(nsIInputStream * 0x039e46f4, void *
0x04144678, const char * 0x025f209c, unsigned int 0x00000000, unsigned int
0x00000047, unsigned int * 0x0012f2dc) line 102 + 33 bytes
nsPipeInputStream::ReadSegments(nsPipeInputStream * const 0x039e46f4, unsigned
int (nsIInputStream *, void *, const char *, unsigned int, unsigned int,
unsigned int *)* 0x10042bc0 nsInputStreamTee::WriteSegmentFun(nsIInputStream *,
void *, const char *, unsigned int, unsigned int, unsigned int *), void *
0x04144678, unsigned int 0x00000047, unsigned int * 0x0012f554) line 761 + 29
nsInputStreamTee::ReadSegments(nsInputStreamTee * const 0x04144678, unsigned int
(nsIInputStream *, void *, const char *, unsigned int, unsigned int, unsigned
int *)* 0x01ec3d70 ReadDataOut(nsIInputStream *, void *, const char *, unsigned
int, unsigned int, unsigned int *), void * 0x04a4b890, unsigned int 0x00000047,
unsigned int * 0x0012f554) line 157
nsGIFDecoder2::WriteFrom(nsGIFDecoder2 * const 0x04a4b890, nsIInputStream *
0x04144678, unsigned int 0x00000047, unsigned int * 0x0012f554) line 233 + 29 bytes
imgRequest::OnDataAvailable(imgRequest * const 0x039e4028, nsIRequest *
0x030694b8, nsISupports * 0x00000000, nsIInputStream * 0x04144678, unsigned int
0x00000000, unsigned int 0x00000047) line 812 + 47 bytes
ProxyListener::OnDataAvailable(ProxyListener * const 0x039e41a8, nsIRequest *
0x030694b8, nsISupports * 0x00000000, nsIInputStream * 0x04144678, unsigned int
0x00000000, unsigned int 0x00000047) line 884
nsStreamListenerTee::OnDataAvailable(nsStreamListenerTee * const 0x046209d0,
nsIRequest * 0x030694b8, nsISupports * 0x00000000, nsIInputStream * 0x039e46f4,
unsigned int 0x00000000, unsigned int 0x00000047) line 97 + 51 bytes
nsHttpChannel::OnDataAvailable(nsHttpChannel * const 0x030694c0, nsIRequest *
0x04620958, nsISupports * 0x00000000, nsIInputStream * 0x039e46f4, unsigned int
0x00000000, unsigned int 0x00000047) line 3705 + 63 bytes
nsInputStreamPump::OnStateTransfer() line 434 + 65 bytes
nsInputStreamPump::OnInputStreamReady(nsInputStreamPump * const 0x0462095c,
nsIAsyncInputStream * 0x039e46f4) line 337 + 11 bytes
nsInputStreamReadyEvent::EventHandler(PLEvent * 0x04620ddc) line 119
PL_HandleEvent(PLEvent * 0x04620ddc) line 692 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00edc280) line 627 + 9 bytes
nsEventQueueImpl::ProcessPendingEvents(nsEventQueueImpl * const 0x00edc1f0) line
391 + 12 bytes
nsWindow::DispatchPendingEvents() line 3624
nsWindow::ProcessMessage(unsigned int 0x00000200, unsigned int 0x00000000, long
0x0138027a, long * 0x0012fc28) line 3938
nsWindow::WindowProc(HWND__ * 0x001501ae, unsigned int 0x00000200, unsigned int
0x00000000, long 0x0138027a) line 1342 + 27 bytes
USER32! 77e01ef0()
USER32! 77e0204c()
USER32! 77e021af()
nsAppShellService::Run(nsAppShellService * const 0x00f74f78) line 524
main1(int 0x00000001, char * * 0x00263f50, nsISupports * 0x00f1a048) line 1334 +
32 bytes
main(int 0x00000001, char * * 0x00263f50) line 1811 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e81af6()
Disassembly of code where crash (don't know if that is helpful so):
1810: return mFrame->OnStartContainer(aRequest, aImage);
015AB513 mov ecx,dword ptr [aImage]
015AB516 push ecx
015AB517 mov edx,dword ptr [aRequest]
015AB51A push edx
015AB51B mov eax,dword ptr [this]
015AB51E mov ecx,dword ptr [eax+0Ch]
015AB521 mov edx,dword ptr [this]
015AB524 mov eax,dword ptr [edx+0Ch]
015AB527 mov ecx,dword ptr [ecx]
015AB529 push eax
015AB52A call dword ptr [ecx+13Ch]
Registers:
EAX = 0434CC30 EBX = C0000000 ECX = 00070007 EDX = 04347DB0 ESI = 0012FD48 EDI
= 0012FD40
EIP = 015AB52A ESP = 0012F100 EBP = 0012F10C EFL = 00200206
MM0 = B6AA8EB87FFDE000 MM1 = B6AA892CB6AA8934 MM2 = 0012CA2C7FFDE6CC MM3 =
0000003000000000 MM4 = 00000000B6AA8EB8
MM5 = B6AA88680012CA2C MM6 = 80408EF880461084 MM7 = 8E20340000000000
XMM0 = 00000046000001BEA0012FDF00000001 XMM1 = 000000000000000000000000A0346A30
XMM2 = 00000000000000000000004600486188
XMM3 = 0012CC98B6AA90E8B6AA8E44B6AA90E0 XMM4 = 8043111AB6AA897CB6AA8EB87FFDE000
XMM5 = 000801BE00486188B6AA89ECB6AA89F4
XMM6 = FE9CE440FE9CE4400012CA2C7FFDE6CC XMM7 = 0012CA6C000000180000003000000000
CS = 001B DS = 0023 ES = 0023 SS = 0023 FS = 0038 GS = 0000 OV=0 UP=0 EI=1 PL=0
ZR=0 AC=0 PE=1 CY=0
00070143 = ????????
XMM0DL = -1,60233094680401E-154 XMM0DH = +1,48539705587922E-312 XMM1DL =
+1,32794451251444E-314 XMM1DH = +0,00000000000000E+000
XMM2DL = +1,48542048997604E-312 XMM2DH = +0,00000000000000E+000 XMM3DL =
-2,32578200346105E-045 XMM3DH = +2,61435125649735E-308
XMM4DL = -2,32593673839964E-045 XMM4DH = -2,12125345494269E-307 XMM5DL =
-2,32429594628168E-045 XMM5DH = +1,11348334172000E-308
XMM6DL = +2,61303516590775E-308 XMM6DH = -7,73940400273658E+301 XMM7DL =
+1,01855797966333E-312 XMM7DH = +2,61316991270843E-308
XMM00 = +1,40130E-045 XMM01 = -1,09426E-019 XMM02 = +6,24979E-043 XMM03 =
+9,80909E-044
XMM10 = -1,52817E-019 XMM11 = +0,00000E+000 XMM12 = +0,00000E+000 XMM13 =
+0,00000E+000
XMM20 = +6,64714E-039 XMM21 = +9,80909E-044 XMM22 = +0,00000E+000 XMM23 =
+0,00000E+000
XMM30 = -5,08326E-006 XMM31 = -5,08296E-006 XMM32 = -5,08326E-006 XMM33 =
+1,72643E-039
XMM40 = +1,#QNANE+000 XMM41 = -5,08301E-006 XMM42 = -5,08240E-006 XMM43 =
-6,15911E-039
XMM50 = -5,08245E-006 XMM51 = -5,08245E-006 XMM52 = +6,64714E-039 XMM53 =
+7,35309E-040
XMM60 = +1,#QNANE+000 XMM61 = +1,72556E-039 XMM62 = -1,04272E+038 XMM63 =
-1,04272E+038
XMM70 = +0,00000E+000 XMM71 = +6,72623E-044 XMM72 = +3,36312E-044 XMM73 =
+1,72565E-039 MXCSR = 00001F80
ST0 = +0.00000000000000000e+0000 ST1 = +3.14022592248504310e+2584 ST2 =
-0.00414820898790518e+2793 ST3 = +0.00000000000000000e+0000
ST4 = -0.00000000220406539e+0970 ST5 = -4.64940762103594771e+2809 ST6 = 1#SNAN
ST7 = +4.65717800000000000e+0006
CTRL = 027F STAT = 0120 TAGS = FFFF EIP = 011B8360
CS = 001B DS = 0023 EDO = 00ECF390
(In reply to comment #0)
> To reproduce:
> 1. Go to URL
> 2. Open Print Preview
>
> Results:
> Crash
same behaviour on my Mozilla 1.7/WinXP
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616
(In reply to comment #1)
> same behaviour on my Mozilla 1.7/WinXP
> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616
--> Talkback ID TB222180H
|
Reporter | |
Comment 3•21 years ago
|
||
mFrame is not null here in case anyone wonders, it's 0x03cf5c18
|
|
Reporter | |
Comment 4•21 years ago
|
||
and mFrame looks like this:
- mFrame 0x03cf5c18
- nsFrame {...}
- nsIFrame {...}
- nsISupports {...}
+ __vfptr 0x00000000
- mRect {...}
x 0x00000174
y 0x000028ad
width 0x000001e5
height 0x0000011b
+ mContent 0x00000000
+ mStyleContext0xfdfdfdfd
+ mParent 0xdddd0004
+ mNextSibling 0x00090005
mState 0x03d00004
- nsIFrameDebug {...}
- nsISupports {...}
+ __vfptr 0x03ced478
mOrdinal 0x03d01428
- mPadding {...}
left 0xdddddddd
top 0xdddddddd
right 0xdddddddd
bottom 0xdddddddd
- mImageRequest {...}
+ mRawPtr 0xdddddddd
- mListener {...}
+ mRawPtr 0x0000dddd
- mIntrinsicSize {...}
width 0x00050029
height 0x00080104
- mComputedSize {...}
width 0x03cf4b68
height 0x03cecd50
+ mPresContext 0x00000000
|
||
Comment 5•21 years ago
|
||
(In reply to comment #1)
> (In reply to comment #0)
> > To reproduce:
> > 1. Go to URL
> > 2. Open Print Preview
> >
> > Results:
> > Crash
>
> same behaviour on my Mozilla 1.7/WinXP
> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616
I see the same behaviour in Moz 1.7/Win XP pro and Firefox 0.9.1/Win XP pro
(looks like Bug 248693) but I can't confirm the stack details in the description.
I observe the process taking 100% cpu time.
Reproducable with www.opticspages.com
(In reply to comment #0)
> To reproduce:
> 1. Go to URL
> 2. Open Print Preview
>
> Results:
> Crash
Works fine on Mozilla 1.7/Linux Debian Kernel 2.6.0
Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.7) Gecko/20040616
PS: the theme was Orbit3+1 1.5 Mik, if it does matter...
|
|
||
Comment 7•21 years ago
|
||
Can someone create a reduced testcase? I've been tracing through the code and
I'm not seeing how this could crash....
|
|
Reporter | |
Comment 8•21 years ago
|
||
(In reply to comment #7)
> Can someone create a reduced testcase? I've been tracing through the code and
> I'm not seeing how this could crash....
not from my side, i can't reproduce this bug anymore :/, neither with a trunk
build (opt and debug) nor with a 1.7 branch opt build.
|
||
Comment 9•21 years ago
|
||
I still crash with build 2004-07-16-09, Windows XP Seamonkey trunk.
|
|
||
Comment 10•21 years ago
|
||
The stack really doesn't help nearly as much as a minimal testcase would...
|
|
||
Comment 11•21 years ago
|
||
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a3) Gecko/20040720 Firefox/0.9.1+
The firefox-trunk does not crash on WIn98se.
However, the out-parts (>>) of bookmark's toolbar became to make wrong
behavior that is similar to the behavior after the test of Bug 248825 .
|
|
||
Comment 12•21 years ago
|
||
I can't reproduce on Aug. 6th nightly or on Mozilla 1.7.1 on Windows XP
I can't reproduce this bug anymore either. Frank, can you?
|
|
Reporter | |
Comment 14•21 years ago
|
||
No, let's close it.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
|
Assignee | |
Updated•14 years ago
|
Crash Signature: [@ nsBulletListener::OnStartContainer]
|
||
Updated•7 years ago
|
Product: Core → Core Graveyard
|
|
Assignee | |
Updated•7 years ago
|
Component: Layout: Misc Code → Layout
Product: Core Graveyard → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•