Closed
Bug 297268
Opened 19 years ago
Closed 16 years ago
Crash browsing www.internetfrog.com [@ RtlAllocateHeap]
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: stephend, Unassigned)
References
()
Details
(Keywords: crash)
Crash Data
Build ID: 2005-06-09-06, Windows XP Seamonkey trunk. I was just browsing around http://www.internetfrog.com (just finished doing the speed test, actually), and I crashed here: ntdll.dll + 0x106ce (0x7c9106ce) msvcrt.dll + 0x1c3c9 (0x77c2c3c9) msvcrt.dll + 0x1c3e7 (0x77c2c3e7) msvcrt.dll + 0x19cd4 (0x77c29cd4) XPCStringConvert::JSStringToReadable [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcstring.cpp, line 140] XPCWrappedNative::CallMethod [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 1950] XPC_WN_CallMethod [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1348] js_Invoke [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 1178] js_Interpret [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 3469] js_Invoke [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 1198] js_InternalInvoke [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 1275] js_InternalGetOrSet [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 1318] js_GetProperty [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/jsobj.c, line 2805] JS_GetProperty [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/jsapi.c, line 2642] nsXPCWrappedJSClass::CallMethod [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1318] nsXPCWrappedJS::CallMethod [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 450] SharedStub [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 147] nsTextBoxFrame::UpdateAttributes [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/xul/base/src/nsTextBoxFrame.cpp, line 255] nsTextBoxFrame::Init [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/xul/base/src/nsTextBoxFrame.cpp, line 180] nsCSSFrameConstructor::InitAndRestoreFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 6728] nsCSSFrameConstructor::ConstructXULFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 6113] nsCSSFrameConstructor::ConstructFrameInternal [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7606] nsCSSFrameConstructor::ConstructFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7491] nsCSSFrameConstructor::ProcessChildren [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 11798] nsCSSFrameConstructor::ConstructXULFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 6192] nsCSSFrameConstructor::ConstructFrameInternal [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7606] nsCSSFrameConstructor::ConstructFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7491] nsCSSFrameConstructor::ProcessChildren [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 11798] nsCSSFrameConstructor::ConstructXULFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 6192] nsCSSFrameConstructor::ConstructFrameInternal [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7606] nsCSSFrameConstructor::ConstructFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7491] nsCSSFrameConstructor::ProcessChildren [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 11798] nsCSSFrameConstructor::ConstructXULFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 6192] nsCSSFrameConstructor::ConstructFrameInternal [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7606] nsCSSFrameConstructor::ConstructFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7491] nsCSSFrameConstructor::ProcessChildren [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 11798] nsCSSFrameConstructor::ConstructXULFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 6192] nsCSSFrameConstructor::ConstructFrameInternal [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7606] nsCSSFrameConstructor::ConstructFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7491] nsCSSFrameConstructor::ProcessChildren [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 11798] nsCSSFrameConstructor::ConstructXULFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 6192] nsCSSFrameConstructor::ConstructFrameInternal [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7606] nsCSSFrameConstructor::ConstructFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7491] nsCSSFrameConstructor::ProcessChildren [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 11798] nsCSSFrameConstructor::ConstructXULFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 6192] nsCSSFrameConstructor::ConstructFrameInternal [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7606] nsCSSFrameConstructor::ConstructFrame [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 7491] nsCSSFrameConstructor::ContentInserted [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9221] nsCSSFrameConstructor::RecreateFramesForContent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 11664] nsCSSFrameConstructor::MaybeRecreateFramesForContent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 11559] nsCSSFrameConstructor::RestyleElement [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 10224] nsCSSFrameConstructor::ProcessOneRestyle [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 13628] nsCSSFrameConstructor::AttributeChanged [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 10407] PresShell::AttributeChanged [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsPresShell.cpp, line 5421] nsXULElement::SetAttrAndNotify [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp, line 1564] nsXULElement::SetAttr [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp, line 1485] nsMenuFrame::MarkAsGenerated [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/xul/base/src/nsMenuFrame.cpp, line 618] nsMenuBarFrame::SetCurrentMenuItem [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/xul/base/src/nsMenuBarFrame.cpp, line 565] nsMenuFrame::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/xul/base/src/nsMenuFrame.cpp, line 499] PresShell::HandleEventInternal [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsPresShell.cpp, line 6387] PresShell::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsPresShell.cpp, line 6167] nsViewManager::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsViewManager.cpp, line 2502] nsViewManager::DispatchEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsViewManager.cpp, line 2224] HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsView.cpp, line 174]
the top four frames of the stack should be: ntdll!RtlAllocateHeap + 0xfa msvcrt!_heap_alloc + 0xe0 msvcrt!_nh_malloc + 0x13 msvcrt!operator new + 0xf fwiw ntdll!RtlAllocateHeap (0x7c9105d4) ... 7c9106ce 884704 mov [edi+0x4],al 7c9106d1 f6450c08 test byte ptr [ebp+0xc],0x8 7c9106d5 756d jnz ntdll!RtlAllocateHeap+0x1ee (7c910744) 7c9106d7 f605f002fe7f02 test byte ptr [SharedUserData+0x2f0 (7ffe02f0)],0x2 7c9106de 0f851fb20200 jne ntdll!RtlAllocateHeap+0x20d (7c93b903) 7c9106e4 8bc6 mov eax,esi 7c9106e6 e817e7ffff call ntdll!_SEH_epilog (7c90ee02) 7c9106eb c20c00 ret 0xc 7c9106ee 90 nop 7c9106ef 90 nop 7c9106f0 ffff ??? ntdll!RtlpAllocateFromHeapLookaside (0x7c910701)
Summary: Crash browing www.internetfrog.com → Crash browing www.internetfrog.com [@ RtlAllocateHeap]
|
||
Comment 2•19 years ago
|
||
Mmmm, heap corruption. Time for valgrind or Purify. Did you try to reproduce? I'll see if I can turn up anything with Purify, though my version is dated and gets a little irrated at VC++ 7.
Summary: Crash browing www.internetfrog.com [@ RtlAllocateHeap] → Crash browsing www.internetfrog.com [@ RtlAllocateHeap]
|
||
Updated•18 years ago
|
Assignee: dbradley → nobody
|
|
||
Updated•18 years ago
|
QA Contact: pschwartau → xpconnect
|
Reporter | |
Comment 3•17 years ago
|
||
http://crash-stats.mozilla.com/report/list?range_unit=weeks&query_search=signature&query_type=contains&signature=RtlAllocateHeap&query=RtlAllocateHeap&range_value=1
|
|
Reporter | |
Comment 4•16 years ago
|
||
I don't know if comment 3 is useful enough, but I've tried pretty hard to get it to reproduce with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b4pre) Gecko/2008021304 Minefield/3.0b4pre and haven't...
|
|
Reporter | |
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@ RtlAllocateHeap]
You need to log in
before you can comment on or make changes to this bug.
Description
•