Closed Bug 300667 Opened 19 years ago Closed 19 years ago

Crash @ nsExpatDriver::GetLine

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: bc, Unassigned)

Details

(Keywords: crash) 

Crash occured in a cvs build from this morning running a test version of Spider
<http://bclary.com/2004/07/10/mozilla-spiders> while testing Spider by scanning
bclary.com using the hook script
<http://bclary.com/2004/07/10/tests/combinedscripthooksnoevents.js>.

Spider has been updated to be a Firefox extension with xpcnativewrappers=yes but
I am not sure that is related. I ran scans with yesterday's builds on this
content with the old version of Spider and did not crash. I haven't pushed this
version to the web site yet because I am still testing it. Until I push the xpi
to bclary.com, please contact me directly for the xpi.

Just prior to the crash, the following page was loaded
<http://bclary.com/2004/03/13/example-document>. This document is actually
contains xml/xhtml markup but is served as text/html. Loading the page by itself
does not crash and subsequent runs with Spider have not crashed.

The following messages are repeatedable.

Security Error: Content at http://bclary.com/2004/rdfs2html.xsl may not load
data from http://www.w3.org/2002/07/01-style-xsl.xsl.
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
c:/work/mozilla/builds/ff/trunk/mozilla/content/xml/document/src/nsXMLContentSink.cpp,
line 636
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(result)) failed, file
c:/work/mozilla/builds/ff/trunk/mozilla/content/xml/document/src/nsXMLContentSink.cpp,
line 988
###!!! ASSERTION: ?: 'aOffset < aLength', file
c:/work/mozilla/builds/ff/trunk/mozilla/parser/htmlparser/src/nsExpatDriver.cpp,
line 870

nsExpatDriver::GetLine(const char * 0x03be20a8, unsigned int 0x00002000,
unsigned int 0xfffffac8, nsString & {...}) line 897 + 11 bytes
nsExpatDriver::HandleError(const char * 0x03be20a8, unsigned int 0x00002000, int
0x00000000) line 792
nsExpatDriver::ParseBuffer(const char * 0x03be20a8, unsigned int 0x00002000, int
0x00000000) line 844
nsExpatDriver::ConsumeToken(nsExpatDriver * const 0x03582d0c, nsScanner & {...},
int & 0x00000000) line 957 + 32 bytes
nsParser::Tokenize(int 0x00000001) line 2808 + 26 bytes
nsParser::ResumeParse(int 0x00000001, int 0x00000001, int 0x00000001) line 1977
+ 31 bytes
nsParser::ContinueInterruptedParsing(nsParser * const 0x0458bc58) line 1456 + 19
bytes
nsParser::ContinueParsing(nsParser * const 0x0458bc58) line 1435
CSSLoaderImpl::SheetComplete(SheetLoadData * 0x03d18348, int 0x00000001) line 1454
CSSLoaderImpl::ParseSheet(nsIUnicharInputStream * 0x036f2898, SheetLoadData *
0x03d18348, int & 0x00000001) line 1389
SheetLoadData::OnStreamComplete(SheetLoadData * const 0x03d18348,
nsIUnicharStreamLoader * 0x046ad0e8, nsISupports * 0x00000000, unsigned int
0x00000000, nsIUnicharInputStream * 0x036f2898) line 806 + 23 bytes
nsUnicharStreamLoader::OnStopRequest(nsUnicharStreamLoader * const 0x046ad0ec,
nsIRequest * 0x0355a368, nsISupports * 0x00000000, unsigned int 0x00000000) line 196
nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x0355a370, nsIRequest *
0x035ec028, nsISupports * 0x00000000, unsigned int 0x00000000) line 3981
nsInputStreamPump::OnStateStop() line 507
nsInputStreamPump::OnInputStreamReady(nsInputStreamPump * const 0x035ec02c,
nsIAsyncInputStream * 0x035ec0c0) line 343 + 11 bytes
nsInputStreamReadyEvent::EventHandler(PLEvent * 0x035661bc) line 120
PL_HandleEvent(PLEvent * 0x035661bc) line 685 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00b44750) line 620 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x00280246, unsigned int 0x0000c0f1, unsigned int
0x00000000, long 0x00b44750) line 1405 + 9 bytes
USER32! 77d48734()
USER32! 77d48816()
USER32! 77d489cd()
USER32! 77d48a10()
nsAppShell::Run(nsAppShell * const 0x00ba5750) line 135
nsAppStartup::Run(nsAppStartup * const 0x00ba56b0) line 145 + 26 bytes
XRE_main(int 0x00000005, char * * 0x003f6c88, const nsXREAppData * 0x0042101c
kAppData) line 2211 + 35 bytes
main(int 0x00000005, char * * 0x003f6c88) line 61 + 18 bytes
mainCRTStartup() line 338 + 17 bytes

	reachedStart	0x00000000
-	start	0x03be0ffe ""
		CXX0030: Error: expression cannot be evaluated
	startIndex	0x7ffff7ab
-	this	0x03582d08
+	nsIDTD	{...}
+	nsITokenizer	{...}
+	mRefCnt	{...}
+	_mOwningThread	{...}
+	mExpatParser	0x00b415c8
+	mLastLine	{...}
+	mCDataText	{...}
+	mDoctypeName	{...}
+	mSystemID	{...}
+	mPublicID	{...}
+	mInternalSubset	{...}
	mInCData	0x00 ''
	mInInternalSubset	0x00 ''
	mInExternalDTD	0x00 ''
	mBytePosition	0x00002000
	mInternalState	0x00000000
	mBytesParsed	0x00004000
+	mSink	{...}
+	mCatalogData	0x00000000
+	mURISpec	{...}

You can mark this as works for me if you wish. I justed wanted to keep a record
of the crash.
This looks a lot like bug 275564, where we end up reading random memory on an
XML error in certain conditions.
I think this did indeed get fixed by bug 275564. Please reopen if you run into
it again.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.