Closed Bug 300730 Opened 20 years ago Closed 19 years ago

crash if printing iframe of malformed declaration [@ JS_GetFrameFunctionObject]

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
1.0 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 279678

People

(Reporter: jkolonko, Unassigned)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50215; Avalon 6.0.4030; %WAP version%) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 In the page http://grupa-net.pwr.wroc.pl/jk/ff2.html I show the example of malformed html (opening iframe tag not closed) that causes FF to crash. Document tree is not built correctly and the iframe fails to print. Reproducible: Always Steps to Reproduce: 1. Start Firefox 2. Go to http://grupa-net.pwr.wroc.pl/jk/ff2.html Actual Results: crash Expected Results: iframe displayed, frame printing script ignored (or run)
I can't reproduce the crash on the trunk; is probably 1.0 branch only.
reporter: talkback incidents are the only way anything will happen, the following is from mook, if your incident points the finger elsewhere then you'll need to get the incident to someone's eyes, otherwise your discovery will be lost. Incident ID: 7468381 Stack Signature JS_GetFrameFunctionObject deeff97f Product ID Firefox10 Build ID 2005051112 Trigger Time 2005-07-13 23:23:24.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module js3250.dll + (0000d8ab) URL visited http://grupa-net.pwr.wroc.pl/jk/ff2.html User Comments crash for bug 300730 Since Last Crash 112845 sec Total Uptime 112845 sec Trigger Reason Access violation Source File, Line No. d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsdbgapi.c, line 770 Stack Trace JS_GetFrameFunctionObject [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsdbgapi.c, line 770] nsScriptSecurityManager::GetPrincipalAndFrame [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/caps/src/nsScriptSecurityManager.cpp, line 1891] nsScriptSecurityManager::GetSubjectPrincipal [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/caps/src/nsScriptSecurityManager.cpp, line 1931] nsScriptSecurityManager::GetSubjectPrincipal [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/caps/src/nsScriptSecurityManager.cpp, line 1594] nsContentUtils::IsCallerChrome [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/base/src/nsContentUtils.cpp, line 921] PresShell::HandleEventInternal [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/layout/html/base/src/nsPresShell.cpp, line 6027] PresShell::HandleEvent [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/layout/html/base/src/nsPresShell.cpp, line 5921] nsViewManager::HandleEvent [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/view/src/nsViewManager.cpp, line 2280] nsViewManager::DispatchEvent [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/view/src/nsViewManager.cpp, line 2066] HandleEvent [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/view/src/nsView.cpp, line 77] nsWindow::DispatchEvent [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1067] nsWindow::DispatchFocus [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 5451] nsWindow::ProcessMessage [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 4216] nsWindow::WindowProc [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1349] USER32.dll + 0x8734 (0x77d18734) USER32.dll + 0x8816 (0x77d18816) USER32.dll + 0xb4c0 (0x77d1b4c0) USER32.dll + 0xb50c (0x77d1b50c) ntdll.dll + 0xeae3 (0x7c92eae3) USER32.dll + 0x9402 (0x77d19402) PeekKeyAndIMEMessage [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/widget/src/windows/nsAppShell.cpp, line 91] nsAppShell::Run [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/widget/src/windows/nsAppShell.cpp, line 128] nsAppShellService::Run [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/xpfe/appshell/src/nsAppShellService.cpp, line 495] main [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 58] kernel32.dll + 0x16d4f (0x7c816d4f)
Keywords: crash
Summary: crash if printing iframe of malformed declaration → crash if printing iframe of malformed declaration [@ JS_GetFrameFunctionObject]
Whiteboard: DUPEME
Version: unspecified → 1.0 Branch
stack appears to match bug 279678 (can't access URL cited in this bug) *** This bug has been marked as a duplicate of 279678 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Crash Signature: [@ JS_GetFrameFunctionObject]
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.