Closed Bug 269603 Opened 20 years ago Closed 20 years ago

Crash at pageload

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 220542

People

(Reporter: bernd_mozilla, Unassigned)

References

(
URL
)

Details

(Keywords: crash) 

when I load the url in a debug build I get the following stack trace:
CNavDTD::BuildModel(CNavDTD * const 0x032b52b8, nsIParser * 0x0335cf10,
nsITokenizer * 0x04645a00, 

nsITokenObserver * 0x00000000, nsIContentSink * 0x033553c0) line 469 + 21 bytes
nsParser::BuildModel(nsParser * const 0x0335cf10) line 2027 + 31 bytes
nsParser::ResumeParse(int 0, int 0, int 0) line 1894 + 11 bytes
nsParser::Parse(nsParser * const 0x0335cf10, const nsAString & {...}, void *
0x00000001, const nsACString & 

{...}, int 0, int 1, nsDTDMode eDTDMode_autodetect) line 1757 + 17 bytes
nsHTMLDocument::WriteCommon(const nsAString & {...}, int 0) line 2218 + 187 bytes
nsHTMLDocument::ScriptWriteCommon(int 0) line 2300 + 21 bytes
nsHTMLDocument::Write(nsHTMLDocument * const 0x034210ec) line 2327
XPTC_InvokeByIndex(nsISupports * 0x034210ec, unsigned int 20, unsigned int 0,
nsXPTCVariant * 0x0012dd84) line 

102
XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode
CALL_METHOD) line 2034 + 31 bytes
XPC_WN_CallMethod(JSContext * 0x03616520, JSObject * 0x02fb0620, unsigned int 1,
long * 0x0464901c, long * 

0x0012e080) line 1287 + 14 bytes
js_Invoke(JSContext * 0x03616520, unsigned int 1, unsigned int 0) line 1286 + 19
bytes
js_Interpret(JSContext * 0x03616520, long * 0x0012ef50) line 3507 + 13 bytes
js_Execute(JSContext * 0x03616520, JSObject * 0x03502260, JSScript * 0x04645ca0,
JSStackFrame * 0x00000000, 

unsigned int 0, long * 0x0012f06c) line 1562 + 12 bytes
JS_EvaluateUCScriptForPrincipals(JSContext * 0x03616520, JSObject * 0x03502260,
JSPrincipals * 0x0343462c, const 

unsigned short * 0x0463e890, unsigned int 492, const char * 0x04489fa8, unsigned
int 1, long * 0x0012f06c) line 

3698 + 21 bytes
nsJSContext::EvaluateString(const nsAString & {...}, void * 0x03502260,
nsIPrincipal * 0x03434628, const char * 

0x04489fa8, unsigned int 1, const char * 0x0117a7e4 _js_default_str, nsAString *
0x00000000, int * 0x0012f0e4) 

line 995 + 67 bytes
nsScriptLoader::EvaluateScript(nsScriptLoadRequest * 0x04489f38, const nsString
& {...}) line 673
nsScriptLoader::ProcessRequest(nsScriptLoadRequest * 0x04489f38) line 586 + 20 bytes
nsScriptLoader::OnStreamComplete(nsScriptLoader * const 0x0335d044,
nsIStreamLoader * 0x044f8ce8, nsISupports * 

0x04489f38, unsigned int 0, unsigned int 4294967295, const unsigned char *
0x0463e855) line 922
nsStreamLoader::OnStopRequest(nsStreamLoader * const 0x044f8cec, nsIRequest *
0x045740a8, nsISupports * 

0x04489f38, unsigned int 0) line 137
nsHTTPCompressConv::OnStopRequest(nsHTTPCompressConv * const 0x044fc978,
nsIRequest * 0x045740a8, nsISupports * 

0x04489f38, unsigned int 0) line 135
nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x044fca30,
nsIRequest * 0x045740a8, nsISupports * 

0x04489f38, unsigned int 0) line 66
nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x045740b0, nsIRequest *
0x044a7ad0, nsISupports * 0x00000000, 

unsigned int 0) line 3755
nsInputStreamPump::OnStateStop() line 505
nsInputStreamPump::OnInputStreamReady(nsInputStreamPump * const 0x044a7ad4,
nsIAsyncInputStream * 0x044a7860) 

line 341 + 11 bytes
nsInputStreamReadyEvent::EventHandler(PLEvent * 0x044a8074) line 119
PL_HandleEvent(PLEvent * 0x044a8074) line 692 + 9 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00ed5010) line 627 + 8 bytes
nsEventQueueImpl::ProcessPendingEvents(nsEventQueueImpl * const 0x00ece218) line
394 + 11 bytes
nsWindow::DispatchPendingEvents() line 3721
nsWindow::ProcessMessage(unsigned int 512, unsigned int 0, long 40894619, long *
0x0012fc24) line 4027
nsWindow::WindowProc(HWND__ * 0x006b0334, unsigned int 512, unsigned int 0, long
40894619) line 1355 + 24 bytes
USER32! 77d18709()
USER32! 77d187eb()
USER32! 77d189a5()
USER32! 77d189e8()
nsAppShell::Run(nsAppShell * const 0x00f9ac00) line 135
nsAppStartup::Run(nsAppStartup * const 0x00f9a980) line 221
main1(int 3, char * * 0x002a4278, nsISupports * 0x00edbc80) line 1321 + 31 bytes
main(int 3, char * * 0x002a4278) line 1799 + 34 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 7c816d4f()

I dont understand why it crashes there.

However with a nightly 2004111204 I get
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=TB1920254Y
the result is however identical: it crashes
the talkback is probably from bug 269472 my debug build is a little bit older
URL: http://www.midifon.prv.plhttp://www.midifon.prv.pl/
Severity: normal → critical
Summary: crash at pageload → Crash at pageload
hmm this thing crashes randomly
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=TB1921551W
is talkback with a build from 2004-11-06
This may be related to bug 220542. What appears to happen is that there is a
document.write() of a <link> to a stylesheet. When the stylesheet completes
loading, we end up back in the parser, but the tokenizer is bogus, so we crash
in strange places (the vtable is messed up).

In fact, that's almost certainly what's happening. We're getting back into the
parser from this branch in nsCSSLoader.cpp:1356:
  if (NS_FAILED(rv)) {
    LOG_ERROR(("  Failed to create channel"));
-->    SheetComplete(aLoadData, PR_FALSE);
    return rv;
  }

And the document.write() output is: "<link rel=stylesheet href="http://"
type=text/css>".

I've also seen asserts in js on this page, so it could have more than one
problem, but based on all of this, I'm marking this as a DUPE of bug 220542.

*** This bug has been marked as a duplicate of 220542 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.