Closed
Bug 286733
Opened 20 years ago
Closed 20 years ago
crash: nightly crash with form and embedded table. SinkContext::Begin
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: taviso, Assigned: mrbkap)
References
Details
(4 keywords)
Attachments
(4 files, 2 obsolete files)
4.16 KB,
text/plain
|
Details | |
98 bytes,
text/html
|
Details | |
102 bytes,
text/html
|
Details | |
3.64 KB,
patch
|
jst
:
review+
rbs
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050305 Firefox/1.0.1 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050305 Firefox/1.0.1 testcase attached seems to crash nightly. Reproducible: Always
Reporter | ||
Comment 1•20 years ago
|
||
Reporter | ||
Updated•20 years ago
|
Reporter | ||
Updated•20 years ago
|
Severity: normal → critical
Comment 2•20 years ago
|
||
Updated•20 years ago
|
Assignee: nobody → parser
Component: Layout → HTML: Parser
QA Contact: layout → mrbkap
Reporter | ||
Comment 3•20 years ago
|
||
TB4435667K (Linux) TB4435581W (Windows) This is reliably reproduced on Linux, in windows I'm told it happens sometimes, but everytime if you use: start->run->mozilla https://bugzilla.mozilla.org/attachment.cgi?id=177869
Keywords: regression
Summary: nightly crash, form with table. → crash: nightly crash with form and embedded table. SinkContext::Begin
Comment 4•20 years ago
|
||
Regression window: 2005-01-25-06 -- 2005-01-26-06 (possibly bug 147446?)
Comment 6•20 years ago
|
||
<TABLE> <FRAMESET><FRAME></FRAMESET> <TR><TD><TABLE> <TR><BR><TD><MAP><TABLE><BR></MAP>
Attachment #177869 -
Attachment is obsolete: true
Comment 7•20 years ago
|
||
This also crash after backing out bug 147446, so the problem was also present after bug 58942. If I add back eHTMLTag_map to gTRKids this crash also goes away. It's almost the same as the last testcase - just added a <TR>: <TABLE> <FRAMESET><FRAME></FRAMESET> <TR><TD><TABLE> <TR><BR><TD><MAP><TABLE><TR><BR></MAP> -----------------------------------^^
Comment 8•20 years ago
|
||
Removing 'eHTMLTag_map' from 'gHtmlKids' fixes all the crashes - I have to admit I don't understand exactly why though...
Attachment #177916 -
Flags: review?(mrbkap)
Assignee | ||
Comment 9•20 years ago
|
||
Comment on attachment 177916 [details] [diff] [review] Patch rev. 1 I don't think this fixes the root cause of this bug. Actually, I think the root cause is mentioned in bug 269095 comment 10. I think mBodyContext->mContextTopIndex is getting modified to point to a removed element (see CNavDTD::HandleOmittedTag and then look at http://lxr.mozilla.org/seamonkey/source/parser/htmlparser/src/CNavDTD.cpp#2012) . Note that mBodyContext->mContextTopIndex is not modified, leaving it pointing to a closed index. I'll attach a patch that fixes this bug, and handles mBodyContext->mContextTopIndex more properly.
Attachment #177916 -
Flags: review?(mrbkap) → review-
Assignee | ||
Comment 10•20 years ago
|
||
This patch should apply from mozilla/parser/htmlparser. It works as described above.
Attachment #177930 -
Flags: review?(jst)
Comment 11•20 years ago
|
||
Comment on attachment 177930 [details] [diff] [review] alternative approach Seems reasonable. r=jst
Attachment #177930 -
Flags: review?(jst) → review+
Updated•20 years ago
|
Assignee: mats.palmgren → mrbkap
Assignee | ||
Updated•20 years ago
|
Attachment #177930 -
Flags: superreview?(rbs)
Assignee | ||
Updated•20 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Updated•20 years ago
|
Attachment #177916 -
Attachment is obsolete: true
Assignee | ||
Updated•20 years ago
|
Flags: blocking1.8b2?
Comment 12•20 years ago
|
||
Comment on attachment 177930 [details] [diff] [review] alternative approach sr=rbs
Attachment #177930 -
Flags: superreview?(rbs) → superreview+
Assignee | ||
Comment 13•20 years ago
|
||
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Updated•20 years ago
|
Flags: blocking1.8b2?
Verified FIXED: all testcases work for me here now with build 2005-04-10-05 on Windows XP Seamonkey trunk.
Status: RESOLVED → VERIFIED
Updated•19 years ago
|
Blocks: ZDI-CAN-008
Updated•19 years ago
|
Flags: blocking1.7.13+
Flags: blocking-aviary1.0.8+
Updated•19 years ago
|
Keywords: fixed-aviary1.0.8,
fixed1.7.13
Comment 15•19 years ago
|
||
verified fixed on the 1.0.1 branch using Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20060210 Firefox/1.0.7. I loaded the testcases and no crash. Adding keyword.
Keywords: fixed-aviary1.0.8 → verified-aviary1.0.8
Comment 16•19 years ago
|
||
verified fixed using Mozilla 1.7.12 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20060210. No crash with testcases. Adding keyword.
Keywords: fixed1.7.13 → verified1.7.13
Comment 17•16 years ago
|
||
parser/htmlparser/tests/crashtests/286733-1.html parser/htmlparser/tests/crashtests/286733-2.html http://hg.mozilla.org/mozilla-central/rev/b0337b6287f3
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•