Closed Bug 265858 Opened 21 years ago Closed 20 years ago

crash opening local malformed HTML [@ nsViewManager::Refresh()]

Categories

(Core :: Web Painting, defect)

Product:
Core
Component:
Web Painting
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: titusstahl+bugzilla, Assigned: roc)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041023 Firefox/1.0 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041023 Firefox/1.0 Opening a specific local HTML file crashes Firefox. Reproducible: Always Steps to Reproduce: 1. Download the HTML file at the given URL (will attach testcase) with wget. 2. Open it in tonight's build 3. Firefox crashes Expected Results: no crash Trackback-ID: TB1491343Y I am programatically creating malformed HTML and have already reported <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=265761">Bug 265761</a> - maybe this bug is related
Sorry, the file is too big to be a testcase. You have to download it from the URL.
Keywords: crash
Keywords: talkbackid
Is this a dup of bug 265761 ? The URL looks different
Keywords: talkbackid
please resubmit another talkback id using a recent trunk build from http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/ in future, please add the "talkbackid" keyword when you provide the id, and put the talkback id in the Status Whiteboard.
asqueella@gmail.com: last i checked, people w/o editbugs couldn't add keywords, in the future, please don't suggest they add keywords.
Recent Talkback-ID as requested: TB4879353K with Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b2) Gecko/20050405 Firefox/1.0+
Incident ID: 4879353 Stack Signature nsViewManager::Refresh() 04cca51d Product ID FirefoxTrunk Build ID 2005040507 Trigger Time 2005-04-06 01:31:12.0 Platform LinuxIntel Operating System Linux 2.6.8-24-default Module firefox-bin + (00352d18) URL visited User Comments Since Last Crash 0 sec Total Uptime 0 sec Trigger Reason SIGSEGV: Segmentation Fault: (signal 11) Source File, Line No. /builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/view/src/nsViewManager.cpp, line 485 Stack Trace nsViewManager::Refresh() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/view/src/nsViewManager.cpp, line 485] nsViewManager::DispatchEvent() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/view/src/nsViewManager.cpp, line 842] HandleEvent() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/view/src/nsView.cpp, line 249] nsCommonWidget::DispatchEvent() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/gtk2/nsCommonWidget.cpp, line 218] nsWindow::OnExposeEvent() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/gtk2/nsWindow.cpp, line 842] expose_event_cb() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/gtk2/nsWindow.cpp, line 3582] libgtk-x11-2.0.so.0 + 0x117fa4 (0x402cafa4) libgobject-2.0.so.0 + 0x8bfb (0x40565bfb) libgobject-2.0.so.0 + 0x19fb0 (0x40576fb0) libgobject-2.0.so.0 + 0x1b3f6 (0x405783f6) libgobject-2.0.so.0 + 0x1b9b2 (0x405789b2) libgtk-x11-2.0.so.0 + 0x20fd64 (0x403c2d64) libgtk-x11-2.0.so.0 + 0x1119b9 (0x402c49b9) libgdk-x11-2.0.so.0 + 0x2b167 (0x404a4167) libgdk-x11-2.0.so.0 + 0x2b327 (0x404a4327) libgdk-x11-2.0.so.0 + 0x2b3b3 (0x404a43b3) libglib-2.0.so.0 + 0x220a1 (0x405bd0a1) libglib-2.0.so.0 + 0x23d17 (0x405bed17) libglib-2.0.so.0 + 0x26467 (0x405c1467) libglib-2.0.so.0 + 0x26563 (0x405c1563) nsAppShell::DispatchNativeEvent() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/gtk2/nsAppShell.cpp, line 276] nsXULWindow::ShowModal() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/xpfe/appshell/src/nsXULWindow.cpp, line 848] nsContentTreeOwner::ShowAsModal() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/xpfe/appshell/src/nsContentTreeOwner.cpp, line 428] nsWindowWatcher::OpenWindowJS() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp, line 848] nsWindowWatcher::OpenWindow() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp, line 464] nsPromptService::DoDialog() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/embedding/components/windowwatcher/src/nsPromptService.cpp, line 848] nsPromptService::Alert() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/embedding/components/windowwatcher/src/nsPromptService.cpp, line 63] nsPrompt::Alert() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/embedding/components/windowwatcher/src/nsPrompt.cpp, line 848] nsDocShell::DisplayLoadError() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/docshell/base/nsDocShell.cpp, line 848] nsDocShell::InternalLoad() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/docshell/base/nsDocShell.cpp, line 200] nsDocShell::LoadURI() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/docshell/base/nsDocShell.cpp, line 842] nsFrameLoader::LoadFrame() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/content/base/src/nsFrameLoader.cpp, line 848] nsGenericHTMLFrameElement::LoadSrc() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/content/html/content/src/nsGenericHTMLElement.cpp, line 848] nsGenericElement::AppendChildTo() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/content/base/src/nsGenericElement.cpp, line 2659] SinkContext::CloseContainer() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/content/html/document/src/nsHTMLContentSink.cpp, line 1367] CNavDTD::CloseContainer() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/parser/htmlparser/src/CNavDTD.cpp, line 3358] CNavDTD::CloseContainersTo() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/parser/htmlparser/src/CNavDTD.cpp, line 3394] CNavDTD::CloseContainersTo() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/parser/htmlparser/src/CNavDTD.cpp, line 3580] CNavDTD::HandleEndToken() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/parser/htmlparser/src/CNavDTD.cpp, line 1932] CNavDTD::HandleToken() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/parser/htmlparser/src/CNavDTD.cpp, line 924] CNavDTD::BuildModel() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/parser/htmlparser/src/CNavDTD.cpp, line 460] nsParser::BuildModel() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/parser/htmlparser/src/nsParser.cpp, line 842] nsParser::ResumeParse() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/parser/htmlparser/src/nsParser.cpp, line 1938] nsParser::OnDataAvailable() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/parser/htmlparser/src/nsParser.cpp, line 2616] nsDocumentOpenInfo::OnDataAvailable() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/uriloader/base/nsURILoader.cpp, line 848] nsFileChannel::OnDataAvailable() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp, line 561] nsInputStreamPump::OnStateTransfer() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/netwerk/base/src/nsInputStreamPump.cpp, line 440] nsInputStreamPump::OnInputStreamReady() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/netwerk/base/src/nsInputStreamPump.cpp, line 341] nsInputStreamReadyEvent::EventHandler() PL_HandleEvent() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/xpcom/threads/plevent.c, line 699] PL_ProcessPendingEvents() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/xpcom/threads/plevent.c, line 633] nsEventQueueImpl::ProcessPendingEvents() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/xpcom/threads/nsEventQueue.cpp, line 422] event_processor_callback() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/gtk2/nsAppShell.cpp, line 67] libglib-2.0.so.0 + 0x4ad5f (0x405e5d5f) libglib-2.0.so.0 + 0x23d17 (0x405bed17) libglib-2.0.so.0 + 0x26467 (0x405c1467) libglib-2.0.so.0 + 0x27677 (0x405c2677) libgtk-x11-2.0.so.0 + 0x111e43 (0x402c4e43) nsAppShell::Run() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/gtk2/nsAppShell.cpp, line 141] nsAppStartup::Run() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 145] XRE_main() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/toolkit/xre/nsAppRunner.cpp, line 830] main() [/builds/tinderbox/firefox/Linux_2.4.20-28.8_Clobber/mozilla/browser/app/nsBrowserApp.cpp, line 61] libc.so.6 + 0x14b10 (0x4098cb10)
Assignee: firefox → roc
Component: General → Layout: View Rendering
Product: Firefox → Core
QA Contact: general → ian
Summary: crash opening local malformed HTML → crash opening local malformed HTML [@ nsViewManager::Refresh()]
Version: unspecified → Trunk
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b2) Gecko/20050602 Firefox/1.0+ I didn't have to access the page locally, it crashed straight from the url. Trackback-ID: TB6357655x
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20050822 Firefox/1.6a1 I think that this is WFM, but I am still working on the sister: Bug 265761 "crash with malformed html"
Titus, the URL is no longer valid. Could you update it so we can see if this is still crashing? If not this is going to be INVALID.
Sorry for that, my fault. The URL works again now.
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20051123 Firefox/1.6a1 In a debug build from the 23rd, this doesn't crash. CPU goes to 100% and the terminal spits out gobs of CSS and JS warnings, but after leaving it open for > 2 minutes I still don't crash. Is it still crashing for anyone else?
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20051211 Firefox/1.6a1 No crash on that URL with lastest trunk in both Linux and Windows. Reopen if you can reproduce in anything recent.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
Crash Signature: [@ nsViewManager::Refresh()]
Component: Layout: View Rendering → Layout: Web Painting
You need to log in before you can comment on or make changes to this bug.