If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Crash when using document.write()

VERIFIED DUPLICATE of bug 34351

Status

()

Core
HTML: Parser
P2
major
VERIFIED DUPLICATE of bug 34351
18 years ago
17 years ago

People

(Reporter: Robert John Churchill, Assigned: harishd)

Tracking

({crash})

Trunk
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

18 years ago
Rick, I'm seeing a crash with what might be the parser when using 
document.write() to output HTML into a frame.

This happens when doing searchs against more than one search engine.

To reproduce:
o download the attached search file and save it into $(DIST)/res/rdf/datasets 
(along with all the other .src files)
o run Mozilla
o select the "Search" sidebar panel
o from the popup, select the "All Engines" category
o check the "Shop@Netscape" search engine
o check one other engine (such as "Netscape")
o enter "Bike" (no quotes) into the text input field (in the "Search" sidebar 
panel)
o click the "Search" button (in the "Search" sidebar panel)

After the search has completed, you'll see (at the top of the content area of 
the browser) three tabs running along the top:

[All Results combined]   View by search engine: [Netscape] [Shop@Netscape]

o  If you click on the "Shop@Netscape" tab, Mozilla will crash.

----------

Note: when you clicked on that tab, some JavaScript executes which basically is 
doing a document.write() with a big chunk of HTML into the lower frame.
(Reporter)

Comment 1

18 years ago
Created attachment 7647 [details]
Shop@Netscape file (needs to be installed in $(DIST)/res/rdf/datasets/
(Reporter)

Comment 2

18 years ago
Note: this bug is affecting Netcenter... who really would enjoy having this 
working before beta2.  :^)
Priority: P3 → P2
(Reporter)

Comment 3

18 years ago
cc'ing various Netcenter folks.
(Reporter)

Comment 4

18 years ago
Helpful hint:  when installing the "Shop@Netscape" file, make sure that the 
filename ends with ".src" otherwise it won't be recognized as a search file.
(Reporter)

Comment 5

18 years ago
Here's a stack trace (under Win98):

[the parser seems to be passing in NS_GENERATE_PARSER_KEY() as an argument which 
is being used as an "nsISupports *" much higher up in the stack.]

nsDocLoaderImpl::GetContentViewerContainer(nsDocLoaderImpl * const 0x01949810, 
nsISupports * 0x80000001, nsIContentViewerContainer * * 0x0095d824) line 344 + 
12 bytes
nsObserverBase::NotifyWebShell(nsObserverBase * const 0x0168ba78, nsISupports * 
0x80000001, const char * 0x02d954e0, nsCharsetSource kCharsetFromMetaTag) line 
54 + 20 bytes
nsMetaCharsetObserver::Notify(nsMetaCharsetObserver * const 0x0168ba70, 
nsISupports * 0x80000001, const nsDeque * 0x03a3fc98, const nsDeque * 
0x03a3fccc) line 294 + 29 bytes
nsMetaCharsetObserver::Notify(nsMetaCharsetObserver * const 0x0168ba70, 
nsISupports * 0x80000001, const unsigned short * 0x0095dbe8, const nsDeque * 
0x03a3fc98, const nsDeque * 0x03a3fccc) line 192
nsObserverNotifier::operator()(void * 0x0168ba70) line 358 + 40 bytes
nsDeque::FirstThat(nsDequeFunctor & {...}) line 364 + 14 bytes
nsObserverTopic::Notify(nsHTMLTag eHTMLTag_meta, nsIParserNode & {...}, void * 
0x80000001, nsIParser * 0x03a3ff40) line 999
CObserverService::Notify(nsHTMLTag eHTMLTag_meta, nsIParserNode & {...}, void * 
0x80000001, const nsString & {...}, nsIParser * 0x03a3ff40) line 1147 + 24 bytes
CNavDTD::WillHandleStartTag(CToken * 0x0321c7b0, nsHTMLTag eHTMLTag_meta, 
nsCParserNode & {...}) line 1132 + 51 bytes
CNavDTD::HandleStartToken(CToken * 0x0321c7b0) line 1330 + 20 bytes
CNavDTD::HandleToken(CNavDTD * const 0x039c7a90, CToken * 0x0321c7b0, nsIParser 
* 0x03a3ff40) line 771 + 12 bytes
CNavDTD::BuildModel(CNavDTD * const 0x039c7a90, nsIParser * 0x03a3ff40, 
nsITokenizer * 0x0398d580, nsITokenObserver * 0x00000000, nsIContentSink * 
0x03a3f760) line 509 + 20 bytes
nsParser::BuildModel() line 1298 + 34 bytes
nsParser::ResumeParse(int 0, int 0) line 1182 + 11 bytes
nsParser::Parse(const nsString & {...}, void * 0x80000001, const nsString & 
{...}, int 0, int 0, eParseMode eParseMode_autodetect) line 993 + 15 bytes
nsHTMLDocument::ScriptWriteCommon(JSContext * 0x031cf240, long * 0x025bf778, 
unsigned int 1, int 1) line 2010 + 183 bytes
nsHTMLDocument::Writeln(nsHTMLDocument * const 0x031e6c68, JSContext * 
0x031cf240, long * 0x025bf778, unsigned int 1) line 2030
NSHTMLDocumentWriteln(JSContext * 0x031cf240, JSObject * 0x00c56620, unsigned 
int 1, long * 0x025bf778, long * 0x0095e3f8) line 907 + 35 bytes

Comment 6

18 years ago
Harish: another one for you. If the crash is between metacharset code and 
docloader, please reassign to ftang.
Assignee: rickg → harishd
(Assignee)

Comment 7

18 years ago

*** This bug has been marked as a duplicate of 34351 ***
Status: NEW → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → DUPLICATE

Comment 8

17 years ago
Adding crash keyword
Keywords: crash

Comment 9

17 years ago
marking verified. meta charset document.write bug.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.