crash if I scroll caret through URL bar while loading page

VERIFIED FIXED in M15

Status

()

Core
XPCOM
P3
critical
VERIFIED FIXED
19 years ago
18 years ago

People

(Reporter: Andrew Brobston, Assigned: vidur (gone))

Tracking

({crash})

Trunk
x86
Windows 98
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [PDT-][HAVE FIX], URL)

Attachments

(1 attachment)

(Reporter)

Description

19 years ago
From Bug Helper:
User-Agent: Mozilla/4.7 [en]C-CCK-MCD NSCPCD47  (Win98; I)
BuildID:    2000012520
While loading from the "Site Map" link on http://levis.alis.com:8080/ and 
viewing the URL bar by scrolling the cursor through it, Mozilla crashes.
Reproducible: Always
Steps to Reproduce:
1. Open browser. Go to http://levis.alis.com:8080/
2. Click the link that says "Site Map."
3. While the page loads (or rather, never finishes loading), click in the URL 
bar at the top of the screen.
4. Use the left and right arrows to scroll through the URL. It may be necessary 
to scroll the cursor off the end of the URL bar to the right. If that happens, 
click in the URL bar again and repeat.
5. It might take some time to get the bug to appear.
Actual Results:  Mozilla crashes. Info from Dr. Watson below.
Expected Results:  Um, not crash? :)

XPCOM.DLL performed an invalid memory access.

Module Name: XPCOM.DLL

Application Name: Mozilla.exe

Command line: "C:\Program Files\Netscape\Seamonkey\mozilla.exe" 

Trap 0e 0000 - Invalid page fault
eax=00000000 ebx=0063f360 ecx=426bab20 edx=00000001 esi=ffffffff edi=426bab20
eip=60c21660 esp=0063f29c ebp=0063f2c4         -- -- -- nv up EI pl nz na po nc
cs=015f ss=0167 ds=0167 es=0167 fs=6a2f gs=0000
XPCOM.DLL:.text 0x10660:
>015f:60c21660 668b11              mov     dx,word ptr [ecx]

   sel  type base     lim/bot
   ---- ---- -------- --------
cs 015f r-x- 00000000 ffffffff
ss 0167 rw-e 00000000 0000fe60
ds 0167 rw-e 00000000 0000fe60
es 0167 rw-e 00000000 0000fe60
fs 6a2f rw-- 8bcf66fc 00000037
gs 0000 ----

stack base:   00540000
TIB limits:   00630000 - 00640000

(Let me know if you need the rest of the information from the Details page.)

Comment 1

19 years ago
I hit this assertion when viewing this page on linux. Assigning to parser folks.

And the url never stops loading on linux.



###!!! ASSERTION: NS_ENSURE_TRUE(globalObject) failed: 'globalObject', file

nsHTMLContentSink.cpp, line 4056

###!!! Break: at file nsHTMLContentSink.cpp, line 4056

Error loading URL

http://levis.alis.com:8080/sitemap.html?AlisFramesTgtDoc&AlisTargetHost=http://www.alis.com

###!!! ASSERTION: NS_ENSURE_TRUE(globalObject) failed: 'globalObject', file

nsHTMLContentSink.cpp, line 4056

###!!! Break: at file nsHTMLContentSink.cpp, line 4056

Error loading URL

http://levis.alis.com:8080/sitemap.html?AlisFramesTgtDoc&AlisTargetHost=http://www.alis.com



Nominating for beta.

Assignee: dp → harishd
Keywords: beta1

Comment 2

19 years ago
Putting on the PDT+ radar for beta1.
Whiteboard: [PDT+]

Comment 3

19 years ago
Created attachment 5346 [details]
simpler test case

Comment 4

19 years ago
The URL never stops loading because...it's wacky ( see the simpler test case ).
This is not a commonly seen problem and therefore would not qualify as PDT+.
Would be a nice fix for beta1...though ;)
Whiteboard: [PDT+] → [PDT+] *** RECONSIDER ***

Comment 5

19 years ago
Something wrong with my attachment.....

Here is the simpler test case:

<!--~ Changed by: Lloyd-Eden Keays, webmaster@alis.com, DATE: 1999-08-10,  ~-->
<HTML>
<SCRIPT>
<!--
 if (self != top) top.location.href = window.location.href;
//-->
</SCRIPT>

<FRAMESET cols="*,143" frameborder="0" border=0 framespacing="0">
 <FRAME src="27953.htm">
</FRAMESET>
<body>This site requires the use of frames.


</body></HTML>

Note: Make sure to save this as 27953.htm.

Comment 6

19 years ago
Since the content sink is involved..i'm ccing vidur@netscape.com

Comment 7

19 years ago
vidur, could you take a look at this?  

Giving bug to vidur ;)
Assignee: harishd → vidur
(Assignee)

Comment 8

19 years ago
Removed the PDT+ designation, but left beta1 so that it can reconsidered by the 
PDT team. It's a crash, but as far as I can tell, the page is doing something 
pretty whacky and it's not commonly done. Not a beta showstopper in my mind.
Keywords: crash
Whiteboard: [PDT+] *** RECONSIDER ***

Comment 9

19 years ago
will reconsider if it's top 100 site.
Whiteboard: [PDT-]
(Reporter)

Comment 10

19 years ago
Well, actually, I found out about the website by using the "translate" function 
in Mozilla... does that make it somewhat important? (I was trying to figure out 
why the translation server wasn't doing anything.)
(Assignee)

Comment 11

19 years ago
I have a fix that gets us a bit more in line with what I would expect (and IE 
does) for the page - we get into a loop, reloading the page into the top 
frameset. The fix terminates further parsing of a page if a SCRIPT causes the 
page to be unloaded (e.g. by setting the location). This was supposed to have 
been dealt with by bug 3571, but the fix checked in was incomplete.
Whiteboard: [PDT-] → [PDT-][HAVE FIX]
(Assignee)

Updated

19 years ago
Status: NEW → ASSIGNED
(Assignee)

Updated

19 years ago
Target Milestone: M15

Comment 12

19 years ago
Vidur--can you attach the patch so someone else could check it in while you are 
away?

Comment 13

18 years ago
change summary to "caret" rather than "cursor"
Summary: crash if I scroll cursor through URL bar while loading page → crash if I scroll caret through URL bar while loading page

Comment 14

18 years ago
CC ing jst. He probably has the patch. 
Yup, I believe I do have it and if all goes well I'll be checking it in
tomorrow (along with all other changes Vidur gave me).
Fix patch checked in. Marking FIXED but I was never able to reproduce this so
please reopen if it's still not fixed.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED

Comment 17

18 years ago
I cannot get this to reproduce with 2000-03-22-06 win32 build. Marking Verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.