Closed Bug 320621 Opened 20 years ago Closed 20 years ago

Crash [@ nsFrameLoader::CheckForRecursiveLoad ] on loading of moz-icon:// URI in an iframe.

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Version:
1.8 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: bugzilla, Assigned: pavlov)

References

(
URL
)

Details

(Keywords: crash, fixed1.8.1, verified1.8.0.2, Whiteboard: [rft-dl])

Crash Data

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 Firefox fails with access violation in: Module: firefox.exe Version Number: 1.8.20051.11116 Offset: 00218261 Reproducible: Always Steps to Reproduce: 1. Load a document with, or dynamically set, the "src" attribute of an iframe to a moz-icon URI, like src="moz-icon://null". OS: Windows XP Home /w SP2 Test Case: http://mlabs.org/bugzilla/iframe_moz-icon_testcase.html
Confirming on Firefox 1.5 [Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5]. Talkback ID: TB13045496E
Assignee: nobody → pavlov
Status: UNCONFIRMED → NEW
Component: General → ImageLib
Ever confirmed: true
Keywords: crash, talkbackid
Product: Firefox → Core
QA Contact: general
Version: unspecified → 1.8 Branch
Stack Signature nsFrameLoader::CheckForRecursiveLoad 8cec3e42 Product ID Firefox15 Build ID 2005111116 Trigger Time 2005-12-17 00:13:32.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module FIREFOX.EXE + (00218261) URL visited User Comments Since Last Crash 210164 sec Total Uptime 1047744 sec Trigger Reason Access violation Source File, Line No. c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsFrameLoader.cpp, line 474 Stack Trace nsFrameLoader::CheckForRecursiveLoad [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsFrameLoader.cpp, line 474] nsFrameLoader::LoadFrame [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsFrameLoader.cpp, line 165] nsGenericHTMLFrameElement::LoadSrc [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/html/content/src/nsGenericHTMLElement.cpp, line 3538] nsGenericHTMLElement::SetAttribute [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/html/content/src/nsGenericHTMLElement.cpp, line 376] XPTC_InvokeByIndex [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 102] XPCWrappedNative::CallMethod [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2139] XPC_WN_CallMethod [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1444] js_Invoke [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177] js_Interpret [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3523] js_Invoke [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197] js_InternalInvoke [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1274] JS_CallFunctionValue [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsapi.c, line 4158] nsJSContext::CallEventHandler [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1411] nsJSEventListener::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/dom/src/events/nsJSEventListener.cpp, line 195] nsEventListenerManager::HandleEventSubType [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1685] nsEventListenerManager::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1786] nsGenericElement::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 2169] nsHTMLInputElement::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/html/content/src/nsHTMLInputElement.cpp, line 1395] PresShell::HandleEventInternal [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6367] PresShell::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6203] nsViewManager::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp, line 2559] nsViewManager::DispatchEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp, line 2246] HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/view/src/nsView.cpp, line 174] nsWindow::DispatchEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1252] nsWindow::DispatchMouseEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 5982] ChildWindow::DispatchMouseEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 6233] nsWindow::WindowProc [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1434] USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0x89cd (0x77d489cd) USER32.dll + 0x8a10 (0x77d48a10) nsAppShell::Run [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsAppShell.cpp, line 159] nsAppStartup::Run [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 151] main [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 61] kernel32.dll + 0x16d4f (0x7c816d4f)
Component: ImageLib → Build Config
Product: Core → Firefox
Summary: Crash on loading of moz-icon:// URI in an iframe. → Crash [@ nsFrameLoader::CheckForRecursiveLoad ] on loading of moz-icon:// URI in an iframe.
Version: 1.8 Branch → 1.0 Branch
Assignee: pavlov → nobody
Product: Firefox → Core
QA Contact: build-config
Component: Build Config → ImageLib
Version: 1.0 Branch → 1.8 Branch
Assignee: nobody → pavlov
QA Contact: build-config
Assignee: pavlov → nobody
Component: ImageLib → Layout: HTML Frames
QA Contact: layout.html-frames
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051216 Firefox/1.6a1 ID:2005121605 I can't get it to crash in trunk.
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20051216 Firefox/1.6a1 ID:2005121619 clicking the button gives me Error: uncaught exception: [Exception... "Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIDOMHTMLIFrameElement.setAttribute]" nsresult: "0x80004001 (NS_ERROR_NOT_IMPLEMENTED)" location: "JS frame :: http://mlabs.org/bugzilla/iframe_moz-icon_testcase.html :: onmouseup :: line 1" data: no] but no crash
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8) Gecko/20051205 Firefox/1.5 ID:2005120504 crash-> TB13049225Z
well, moz-icon's Clone method does nothing and just returns NS_OK http://lxr.mozilla.org/mozilla1.8/source/modules/libpr0n/decoders/icon/nsIconURI.cpp#434 This was fixed on trunk by bug 312241's patch, I think we should take it on branch (1.8.0 and 1.8)
Assignee: nobody → pavlov
Component: Layout: HTML Frames → ImageLib
QA Contact: layout.html-frames
Depends on: 312241
The fix for this (bug 312241) was checked into trunk, 1.8 and 1.8.0 branches -- I think this can be marked "fixed" now.
Status: NEW → RESOLVED
Closed: 20 years ago
Keywords: fixed1.8.0.2, fixed1.8.1
Resolution: --- → FIXED
Whiteboard: [rft-dl]
v.fixed on 1.8.0 branch with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060302 Firefox/1.5.0.1, no crash with testcase, just an uncaught exception in jsc (same as Peter's with the Trunk build in comment #4): Error: uncaught exception: [Exception... "Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIDOMHTMLIFrameElement.setAttribute]" nsresult: "0x80004001 (NS_ERROR_NOT_IMPLEMENTED)" location: "JS frame :: http://mlabs.org/bugzilla/iframe_moz-icon_testcase.html :: onmouseup :: line 1" data: no]
Keywords: fixed1.8.0.2verified1.8.0.2
Crash Signature: [@ nsFrameLoader::CheckForRecursiveLoad ]
You need to log in before you can comment on or make changes to this bug.