The default bug view has changed. See this FAQ.

Crash [@ nsFrameLoader::CheckForRecursiveLoad ] on loading of moz-icon:// URI in an iframe.

RESOLVED FIXED

Status

()

Core
ImageLib
--
critical
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: M. Taylor, Assigned: Stuart Parmenter)

Tracking

({crash, fixed1.8.1, verified1.8.0.2})

1.8 Branch
x86
Windows XP
crash, fixed1.8.1, verified1.8.0.2
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [rft-dl], crash signature, URL)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5

Firefox fails with access violation in:
  Module: firefox.exe
  Version Number: 1.8.20051.11116
  Offset: 00218261

Reproducible: Always

Steps to Reproduce:
1. Load a document with, or dynamically set, the "src" attribute of an iframe to a moz-icon URI, like src="moz-icon://null".




OS: Windows XP Home /w SP2
Test Case: http://mlabs.org/bugzilla/iframe_moz-icon_testcase.html
Confirming on Firefox 1.5 [Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5].

Talkback ID: TB13045496E
Assignee: nobody → pavlov
Status: UNCONFIRMED → NEW
Component: General → ImageLib
Ever confirmed: true
Keywords: crash, talkbackid
Product: Firefox → Core
QA Contact: general
Version: unspecified → 1.8 Branch
Stack Signature	 nsFrameLoader::CheckForRecursiveLoad 8cec3e42
Product ID	Firefox15
Build ID	2005111116
Trigger Time	2005-12-17 00:13:32.0
Platform	Win32
Operating System	Windows NT 5.1 build 2600
Module	FIREFOX.EXE + (00218261)
URL visited	
User Comments	
Since Last Crash	210164 sec
Total Uptime	1047744 sec
Trigger Reason	Access violation
Source File, Line No.	c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsFrameLoader.cpp, line 474
Stack Trace 	
nsFrameLoader::CheckForRecursiveLoad  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsFrameLoader.cpp, line 474]
nsFrameLoader::LoadFrame  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsFrameLoader.cpp, line 165]
nsGenericHTMLFrameElement::LoadSrc  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/html/content/src/nsGenericHTMLElement.cpp, line 3538]
nsGenericHTMLElement::SetAttribute  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/html/content/src/nsGenericHTMLElement.cpp, line 376]
XPTC_InvokeByIndex  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 102]
XPCWrappedNative::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2139]
XPC_WN_CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1444]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3523]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
js_InternalInvoke  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1274]
JS_CallFunctionValue  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsapi.c, line 4158]
nsJSContext::CallEventHandler  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1411]
nsJSEventListener::HandleEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/dom/src/events/nsJSEventListener.cpp, line 195]
nsEventListenerManager::HandleEventSubType  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1685]
nsEventListenerManager::HandleEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1786]
nsGenericElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 2169]
nsHTMLInputElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/html/content/src/nsHTMLInputElement.cpp, line 1395]
PresShell::HandleEventInternal  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6367]
PresShell::HandleEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6203]
nsViewManager::HandleEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp, line 2559]
nsViewManager::DispatchEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp, line 2246]
HandleEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/view/src/nsView.cpp, line 174]
nsWindow::DispatchEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1252]
nsWindow::DispatchMouseEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 5982]
ChildWindow::DispatchMouseEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 6233]
nsWindow::WindowProc  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1434]
USER32.dll + 0x8734 (0x77d48734)
USER32.dll + 0x8816 (0x77d48816)
USER32.dll + 0x89cd (0x77d489cd)
USER32.dll + 0x8a10 (0x77d48a10)
nsAppShell::Run  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsAppShell.cpp, line 159]
nsAppStartup::Run  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 151]
main  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 61]
kernel32.dll + 0x16d4f (0x7c816d4f)
Component: ImageLib → Build Config
Product: Core → Firefox
Summary: Crash on loading of moz-icon:// URI in an iframe. → Crash [@ nsFrameLoader::CheckForRecursiveLoad ] on loading of moz-icon:// URI in an iframe.
Version: 1.8 Branch → 1.0 Branch
Keywords: talkbackid
Assignee: pavlov → nobody
Component: Build Config → Build Config
Product: Firefox → Core
QA Contact: build-config
Component: Build Config → ImageLib
Version: 1.0 Branch → 1.8 Branch
Assignee: nobody → pavlov
QA Contact: build-config
Assignee: pavlov → nobody
Component: ImageLib → Layout: HTML Frames
QA Contact: layout.html-frames
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051216 Firefox/1.6a1 ID:2005121605

I can't get it to crash in trunk.
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20051216 Firefox/1.6a1 ID:2005121619

clicking the button gives me

Error: uncaught exception: [Exception... "Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIDOMHTMLIFrameElement.setAttribute]"  nsresult: "0x80004001 (NS_ERROR_NOT_IMPLEMENTED)"  location: "JS frame :: http://mlabs.org/bugzilla/iframe_moz-icon_testcase.html :: onmouseup :: line 1"  data: no]

but no crash
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8) Gecko/20051205 Firefox/1.5 ID:2005120504

crash-> TB13049225Z
well, moz-icon's Clone method does nothing and just returns NS_OK
http://lxr.mozilla.org/mozilla1.8/source/modules/libpr0n/decoders/icon/nsIconURI.cpp#434

This was fixed on trunk by bug 312241's patch, I think we should take it on branch (1.8.0 and 1.8)
Assignee: nobody → pavlov
Component: Layout: HTML Frames → ImageLib
QA Contact: layout.html-frames

Updated

11 years ago
Depends on: 312241
The fix for this (bug 312241) was checked into trunk, 1.8 and 1.8.0 branches -- I think this can be marked "fixed" now.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Keywords: fixed1.8.0.2, fixed1.8.1
Resolution: --- → FIXED

Updated

11 years ago
Whiteboard: [rft-dl]

Comment 8

11 years ago
v.fixed on 1.8.0 branch with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060302 Firefox/1.5.0.1, no crash with testcase, just an uncaught exception in jsc (same as Peter's with the Trunk build in comment #4):

Error: uncaught exception: [Exception... "Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIDOMHTMLIFrameElement.setAttribute]"  nsresult: "0x80004001 (NS_ERROR_NOT_IMPLEMENTED)"  location: "JS frame :: http://mlabs.org/bugzilla/iframe_moz-icon_testcase.html :: onmouseup :: line 1"  data: no]
Keywords: fixed1.8.0.2 → verified1.8.0.2
Crash Signature: [@ nsFrameLoader::CheckForRecursiveLoad ]
You need to log in before you can comment on or make changes to this bug.