Closed
Bug 30885
Opened 25 years ago
Closed 25 years ago
Crash on above page
Categories
(Core :: DOM: HTML Parser, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: waqar, Assigned: harishd)
References
()
Details
(Keywords: crash)
Visit the above URL and you will get a segment fault and the browser will carsh. Program received signal SIGSEGV, Segmentation fault. 0x0 in ?? () Here is the stack crawl (gdb) where #0 0x0 in ?? () #1 0x413d8a0c in CNavDTD::~CNavDTD (this=0x85c88f0, __in_chrg=3) at CNavDTD.cpp:303 #2 0x413d84f5 in CNavDTD::Release (this=0x85c88f0) at CNavDTD.cpp:128 #3 0x413ef847 in CParserContext::~CParserContext (this=0x8672db8, __in_chrg=3) at CParserContext.cpp:74 #4 0x413ecb28 in nsParser::~nsParser (this=0x8674378, __in_chrg=3) at nsParser.cpp:232 #5 0x413ecce0 in nsParser::Release (this=0x8674378) at nsParser.cpp:237 #6 0x402911e2 in nsCOMPtr<nsIStreamListener>::assign_assuming_AddRef (this=0x8646538, newPtr=0x0) at ../../dist/include/nsCOMPtr.h:416 #7 0x40ce676c in nsCOMPtr<nsIStreamListener>::assign_with_AddRef (this=0x8646538, rawPtr=0x0) at ../../dist/include/nsCOMPtr.h:787 #8 0x40ce86c7 in nsCOMPtr<nsIStreamListener>::operator= (this=0x8646538, rhs=0x0) at ../../dist/include/nsCOMPtr.h:526 #9 0x40ce2357 in nsDocumentOpenInfo::OnStopRequest (this=0x8646528, aChannel=0x8646428, aCtxt=0x0, aStatus=0, errorMsg=0x0) at nsURILoader.cpp:277 #10 0x41903912 in InterceptStreamListener::OnStopRequest (this=0x8646028, channel=0x8646428, ctxt=0x0, status=0, errorMsg=0x0) at nsCachedNetData.cpp:1117 #11 0x41898d80 in nsHTTPChannel::ResponseCompleted (this=0x8646428, aListener=0x8646028, aStatus=0, aMsg=0x0) at nsHTTPChannel.cpp:1315 #12 0x4189df7e in nsHTTPServerListener::OnStopRequest (this=0x866fbf0, channel=0x8649fe4, i_pContext=0x8646428, i_Status=0, i_pMsg=0x0) at nsHTTPResponseListener.cpp:410 #13 0x40c23e2f in nsOnStopRequestEvent::HandleEvent (this=0x8660ba0) at nsAsyncStreamListener.cpp:291 #14 0x40c234d7 in nsStreamListenerEvent::HandlePLEvent (aEvent=0x8660bc0) at nsAsyncStreamListener.cpp:97 #15 0x4018dc1e in PL_HandleEvent (self=0x8660bc0) at plevent.c:556 #16 0x4018dacc in PL_ProcessPendingEvents (self=0x812c2f0) at plevent.c:501 #17 0x4018f750 in nsEventQueueImpl::ProcessPendingEvents (this=0x812c2c8) at nsEventQueue.cpp:314 #18 0x406fc884 in event_processor_callback (data=0x812c2c8, source=9, condition=GDK_INPUT_READ) at nsAppShell.cpp:141 #19 0x406fc49f in our_gdk_io_invoke (source=0x833c178, condition=G_IO_IN, data=0x836e980) at nsAppShell.cpp:54 #20 0x408c052a in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0 #21 0x408c1be6 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0 #22 0x408c21a1 in g_main_iterate () from /usr/lib/libglib-1.2.so.0 #23 0x408c2341 in g_main_run () from /usr/lib/libglib-1.2.so.0 #24 0x407e7859 in gtk_main () from /usr/lib/libgtk-1.2.so.0 #25 0x406fce87 in nsAppShell::Run (this=0x812f1a0) at nsAppShell.cpp:304 #26 0x40655c5d in nsAppShellService::Run (this=0x812c0b8) at nsAppShellService.cpp:392 #27 0x804ec22 in main1 (argc=1, argv=0xbffff934, splashScreen=0x0) at nsAppRunner.cpp:769 #28 0x804f1c0 in main (argc=1, argv=0xbffff934) at nsAppRunner.cpp:889
reduced case:
<HTML>
<BODY>
<TABLE BORDER="1">
<TR>
<TD>
<A HREF="foo.htm">
<FONT></A>
<A HREF="bar.htm">
<FONT>
MacDesktops</A>
</FONT>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>Okay this bug is killed. Fixed by tweaking the residual style handling where a node, in the style stack, that got released did not get popped out.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
*** Bug 30874 has been marked as a duplicate of this bug. ***
|
||
Comment 7•15 years ago
|
||
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/5a6def05ccbc
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•