Closed Bug 300730 Opened 19 years ago Closed 19 years ago

crash if printing iframe of malformed declaration [@ JS_GetFrameFunctionObject]

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
1.0 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 279678

People

(Reporter: jkolonko, Unassigned)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50215; Avalon 6.0.4030; %WAP version%)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5

In the page http://grupa-net.pwr.wroc.pl/jk/ff2.html I show the example of 
malformed html (opening iframe tag not closed) that causes FF to crash. 
Document tree is not built correctly and the iframe fails to print.

Reproducible: Always

Steps to Reproduce:
1. Start Firefox
2. Go to http://grupa-net.pwr.wroc.pl/jk/ff2.html


Actual Results:  
crash

Expected Results:  
iframe displayed, frame printing script ignored (or run)
I can't reproduce the crash on the trunk; is probably 1.0 branch only.
reporter: talkback incidents are the only way anything will happen, the 
following is from mook, if your incident points the finger elsewhere then 
you'll need to get the incident to someone's eyes, otherwise your discovery 
will be lost.

Incident ID: 7468381 
Stack Signature JS_GetFrameFunctionObject deeff97f 
Product ID Firefox10 
Build ID 2005051112 
Trigger Time 2005-07-13 23:23:24.0 
Platform Win32 
Operating System Windows NT 5.1 build 2600 
Module js3250.dll + (0000d8ab) 
URL visited http://grupa-net.pwr.wroc.pl/jk/ff2.html 
User Comments crash for bug 300730 
Since Last Crash 112845 sec 
Total Uptime 112845 sec 
Trigger Reason Access violation 
Source File, Line No. d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsdbgapi.c, line 770 
Stack Trace  

JS_GetFrameFunctionObject  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsdbgapi.c, line 770]
nsScriptSecurityManager::GetPrincipalAndFrame  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/caps/src/nsScriptSecurityManager.cpp, line 
1891]
nsScriptSecurityManager::GetSubjectPrincipal  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/caps/src/nsScriptSecurityManager.cpp, line 
1931]
nsScriptSecurityManager::GetSubjectPrincipal  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/caps/src/nsScriptSecurityManager.cpp, line 
1594]
nsContentUtils::IsCallerChrome  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/base/src/nsContentUtils.cpp, line 
921]
PresShell::HandleEventInternal  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/layout/html/base/src/nsPresShell.cpp, line 
6027]
PresShell::HandleEvent  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/layout/html/base/src/nsPresShell.cpp, line 
5921]
nsViewManager::HandleEvent  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/view/src/nsViewManager.cpp, line 2280]
nsViewManager::DispatchEvent  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/view/src/nsViewManager.cpp, line 2066]
HandleEvent  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/view/src/nsView.cpp, line 77]
nsWindow::DispatchEvent  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1067]
nsWindow::DispatchFocus  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 5451]
nsWindow::ProcessMessage  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 4216]
nsWindow::WindowProc  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1349]
USER32.dll + 0x8734 (0x77d18734)
USER32.dll + 0x8816 (0x77d18816)
USER32.dll + 0xb4c0 (0x77d1b4c0)
USER32.dll + 0xb50c (0x77d1b50c)
ntdll.dll + 0xeae3 (0x7c92eae3)
USER32.dll + 0x9402 (0x77d19402)
PeekKeyAndIMEMessage  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/widget/src/windows/nsAppShell.cpp, line 91]
nsAppShell::Run  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/widget/src/windows/nsAppShell.cpp, line 
128]
nsAppShellService::Run  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/xpfe/appshell/src/nsAppShellService.cpp, 
line 495]
main  [d:/builds/tinderbox/Fx-
Aviary1.0.1/WINNT_5.0_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 58]
kernel32.dll + 0x16d4f (0x7c816d4f)
Keywords: crash
Summary: crash if printing iframe of malformed declaration → crash if printing iframe of malformed declaration [@ JS_GetFrameFunctionObject]
Whiteboard: DUPEME
Version: unspecified → 1.0 Branch
stack appears to match bug 279678

(can't access URL cited in this bug)

*** This bug has been marked as a duplicate of 279678 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Crash Signature: [@ JS_GetFrameFunctionObject]
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.