Closed Bug 31870 Opened 24 years ago Closed 24 years ago

crash in JS_PushArguments() upon re-entering page with IFRAME

Categories

(Core :: Layout, defect, P1)

x86
Linux
defect

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: msuencks, Assigned: travis)

References

()

Details

(Keywords: crash)

the following setup:

go to a page with an IFRAME. then navigate "back" 
and then "forward" again. Mozilla will crash.

the URL provides a small test case which however contains
no Javascript at all.

mozilla will crash wheter Javascript is enabled or not.


here is also a gdb stack trace, hope it helps !

Program received signal SIGSEGV, Segmentation fault.
0x4042a295 in __DTOR_END__ () from
/home/msuencks/Moz14/package/components/libnsappshell.so
(gdb) bt
#0  0x4042a295 in __DTOR_END__ () from
/home/msuencks/Moz14/package/components/libnsappshell.so
#1  0x40436038 in NSGetModule () from
/home/msuencks/Moz14/package/components/libnsappshell.so
#2  0x4042a8b0 in __DTOR_END__ () from
/home/msuencks/Moz14/package/components/libnsappshell.so
#3  0x4042b323 in __DTOR_END__ () from
/home/msuencks/Moz14/package/components/libnsappshell.so
#4  0x4019318c in nsWebShell::LoadURL () from
/home/msuencks/Moz14/package/libraptorwebwidget.so
#5  0x40190cf8 in nsWebShell::LoadURL () from
/home/msuencks/Moz14/package/libraptorwebwidget.so
#6  0x40191d93 in nsWebShell::LoadURI () from
/home/msuencks/Moz14/package/libraptorwebwidget.so
#7  0x40bec7ab in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#8  0x40b3831f in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#9  0x40beafe4 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#10 0x40b4f3f9 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#11 0x40b3220f in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#12 0x40b32067 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#13 0x40b31edd in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#14 0x40b31da7 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#15 0x40b30bec in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#16 0x40b30588 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#17 0x40b2f3b3 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#18 0x40b35a87 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#19 0x40b3180c in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#20 0x40b30943 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#21 0x40b30588 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#22 0x40b2f3b3 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#23 0x40b2cf9a in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#24 0x40b3831f in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#25 0x40b446e9 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#26 0x40b3831f in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#27 0x40b698b3 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#28 0x40b3831f in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#29 0x40b680a6 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#30 0x40b68235 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#31 0x40b670c4 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#32 0x40b3831f in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#33 0x40b665a4 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#34 0x40b45714 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#35 0x40b58f4b in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#36 0x40b56e8d in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#37 0x40b59d7b in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#38 0x40cc3cef in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#39 0x40be60de in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#40 0x40be0a8b in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#41 0x40bdc168 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#42 0x40bdda88 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtml.so
#43 0x40dd08eb in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtmlpars.so
#44 0x40dd101a in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtmlpars.so
#45 0x40dd1118 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtmlpars.so
#46 0x40dd1309 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtmlpars.so
#47 0x40dcdd48 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtmlpars.so
#48 0x40ddcd8c in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtmlpars.so
#49 0x40ddd816 in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtmlpars.so
#50 0x40dde03c in NSGetModule () from
/home/msuencks/Moz14/package/components/libraptorhtmlpars.so
#51 0x408734c2 in NSGetModule () from
/home/msuencks/Moz14/package/components/liburiloader.so
---Type <return> to continue, or q <return> to quit--- 
#52 0x40ee1e62 in NSGetModule () from
/home/msuencks/Moz14/package/components/libnecko_http.so
#53 0x40ee44b4 in NSGetModule () from
/home/msuencks/Moz14/package/components/libnecko_http.so
#54 0x40f1867e in NSGetModule () from
/home/msuencks/Moz14/package/components/libnecko_cache.so
#55 0x408219fa in NSGetModule () from
/home/msuencks/Moz14/package/components/libnecko.so
#56 0x408214b0 in NSGetModule () from
/home/msuencks/Moz14/package/components/libnecko.so
#57 0x4010177b in PL_HandleEvent () from
/home/msuencks/Moz14/package/libxpcom.so
#58 0x401016b6 in PL_ProcessPendingEvents () from
/home/msuencks/Moz14/package/libxpcom.so
#59 0x40102378 in nsEventQueueImpl::ProcessPendingEvents () from
/home/msuencks/Moz14/package/libxpcom.so
#60 0x4047c2bf in nsAppShell::SetDispatchListener () from
/home/msuencks/Moz14/package/libwidget_gtk.so
#61 0x4047c08d in keysym2ucs () from
/home/msuencks/Moz14/package/libwidget_gtk.so
#62 0x40615568 in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0
#63 0x40616df2 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
#64 0x4061745b in g_main_iterate () from /usr/lib/libglib-1.2.so.0
#65 0x40617611 in g_main_run () from /usr/lib/libglib-1.2.so.0
#66 0x4053dddb in gtk_main () from /usr/lib/libgtk-1.2.so.0
#67 0x4047c77a in nsAppShell::Run () from
/home/msuencks/Moz14/package/libwidget_gtk.so
#68 0x4041fa32 in __DTOR_END__ () from
/home/msuencks/Moz14/package/components/libnsappshell.so
#69 0x804af9c in JS_PushArguments ()
#70 0x804b2bc in JS_PushArguments ()
#71 0x402ee1eb in __libc_start_main (main=0x804b130 <JS_PushArguments+7344>,
argc=1, argv=0xbffff024, 
    init=0x8049190 <_init>, fini=0x804c0c0 <_fini>, rtld_fini=0x4000a610
<_dl_fini>, stack_end=0xbffff01c)
    at ../sysdeps/generic/libc-start.c:90
(gdb)
I see the crash on Linux with 2000-03-18-08.
Confirm, adding crash keyword, reassigning to HTML Element.
Status: UNCONFIRMED → NEW
Component: Javascript Engine → HTML Element
Ever confirmed: true
Keywords: crash
I was just about to write that the bug
has disappeared with the latest builds
but with build 2000031909 it seems to be back again.

here's a real site - click on any article
on this site: http://www.theregister.co.uk/

there is a doubleClick Ad-Iframe in there.

gdb traceback:

Program received signal SIGSEGV, Segmentation fault.
0x40415047 in NSGetModule () from
/home/msuencks/package/components/libnsappshell.so
(gdb) bt
#0  0x40415047 in NSGetModule () from
/home/msuencks/package/components/libnsappshell.so
#1  0x40415224 in NSGetModule () from
/home/msuencks/package/components/libnsappshell.so
#2  0x4041661d in NSGetModule () from
/home/msuencks/package/components/libnsappshell.so
#3  0x4019384c in nsWebShell::LoadURL () from
/home/msuencks/package/libraptorwebwidget.so
#4  0x401945ba in nsWebShell::HandleLinkClickEvent () from
/home/msuencks/package/libraptorwebwidget.so
#5  0x40194291 in nsWebShell::SetRendering () from
/home/msuencks/package/libraptorwebwidget.so
#6  0x401018cb in PL_HandleEvent () from /home/msuencks/package/libxpcom.so
#7  0x40101806 in PL_ProcessPendingEvents () from
/home/msuencks/package/libxpcom.so
#8  0x401024c8 in nsEventQueueImpl::ProcessPendingEvents () from
/home/msuencks/package/libxpcom.so
#9  0x404644ef in nsAppShell::SetDispatchListener () from
/home/msuencks/package/libwidget_gtk.so
#10 0x404642bd in keysym2ucs () from /home/msuencks/package/libwidget_gtk.so
#11 0x406c425a in g_io_unix_dispatch (source_data=0x8285f18,
current_time=0xbfffee58, user_data=0x81fe378)
    at giounix.c:135
#12 0x406c5796 in g_main_dispatch (dispatch_time=0xbfffee58) at gmain.c:656
#13 0x406c5d51 in g_main_iterate (block=1, dispatch=1) at gmain.c:877
#14 0x406c5ec9 in g_main_run (loop=0x81fe2d0) at gmain.c:935
#15 0x4053360a in gtk_main () at gtkmain.c:476
#16 0x404649aa in nsAppShell::Run () from
/home/msuencks/package/libwidget_gtk.so
#17 0x4040acf2 in NSGetModule () from
/home/msuencks/package/components/libnsappshell.so
#18 0x804af9c in JS_PushArguments ()
#19 0x804b2bc in JS_PushArguments ()
#20 0x402ed1eb in __libc_start_main (main=0x804b130 <JS_PushArguments+7344>,
argc=1, argv=0xbffff034, 
    init=0x8049190 <_init>, fini=0x804c0a0 <_fini>, rtld_fini=0x4000a610
<_dl_fini>, stack_end=0xbffff02c)
    at ../sysdeps/generic/libc-start.c:90




fixing owner
Assignee: rogerl → rickg
QA Contact: rginda → petersen
Travis -- is this related to your recent webshell changes?
Assignee: rickg → travis
*** Bug 32806 has been marked as a duplicate of this bug. ***
Travis ...?
Priority: P3 → P1
Target Milestone: --- → M16
I believe it's the Disk Cache. I saw the crash in www.mozillazine.org, ran with

gdb, and saw the same kind of trace (begginning at JS_PushArguments followed by

lots of NsGetModule). Disabling the Disk Cache (in Debug) made the crash go away.

Forgot to say, mine is 2000041915
I can't reproduce anything mentioned in this bug on PC/Linux with build
2000042809. Recommend WORKSFORME.

msuencks@marcant.de: Are you still seeing this on a recent build? 

cesarb@dcc.ufrj.br: It is likely that your crash is something different
because there are lots of stack traces that start with "JS_PushArguments"
right after "main". If it is not exactly "re-entering page with IFRAME"
what makes you crash, could you please open a separate bug with a detailed
description how to reproduce? Speaking for myself, I prefer the Bug Helper 
http://www.mozilla.org/quality/help/bug-form.html 
for reporting new bugs because it always reminds me of something I would
have forgotten otherwise. It will also help if you attach the stack trace
to the bug. Adding you and me to the CC list of this bug.
I test build 2000042809: the reported crash does not occur anymore !

(maybe it disappeared earlier)
Marking WORKSFORME then, based on reporter's statement.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WORKSFORME
Works for me in the July 11th builds.
Status: RESOLVED → VERIFIED
SPAM. HTML Element component is deprecated, changing to Layout component. See
bug 88132 for details.
Come on Bugzilla, you can do it...
Component: HTML Element → Layout
You need to log in before you can comment on or make changes to this bug.