Closed Bug 37383 Opened 25 years ago Closed 25 years ago

htmlparser/nsScanner.cpp bails on invalid(?) conversion of some text

Categories

(Core :: DOM: HTML Parser, defect, P3)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 36558

People

(Reporter: brendan, Assigned: rods)

Details

I'm finding a consistent failure when I visit

http://www.newsnow.co.uk/-NewsFeed.Tech.htm

with a mozilla built recently (between April 20th and today, perhaps,
though I can't state that it's isolated to then).

The messages coming out relatively consistently are:

-- cut --
Null found at buffer[4735] provided by netlib...
WARNING: Error: possible unintended null in string, file nsString2.cpp, line
1261

Null found at buffer[1] provided by netlib...
WARNING: Error: possible unintended null in string, file nsString2.cpp, line
1261
-- cut --

Then it segfaults, with the call chain below. 

I'll do more digging, but wanted to drop this off.

B

#1  0x40d21b96 in nsLineBox::DeleteLineList (aPresContext=0x88d6c28, 
    aLine=0x8930e7c) at nsLineBox.cpp:250
#2  0x40cf05e5 in nsBlockFrame::Destroy (this=0x8922414, 
    aPresContext=0x88d6c28) at nsBlockFrame.cpp:1177
#3  0x40cece80 in nsAreaFrame::Destroy (this=0x8922414, aPresContext=0x88d6c28)
    at nsAreaFrame.cpp:69
#4  0x40dd0989 in nsComboboxControlFrame::Destroy (this=0x8922414, 
    aPresContext=0x88d6c28) at nsComboboxControlFrame.cpp:2266
#5  0x40f1c7d0 in nsFrameList::DestroyFrames (this=0x8922240, 
    aPresContext=0x88d6c28) at nsFrameList.cpp:35
#6  0x40cff834 in nsContainerFrame::Destroy (this=0x892220c, 
    aPresContext=0x88d6c28) at nsContainerFrame.cpp:95
#7  0x40f1c7d0 in nsFrameList::DestroyFrames (this=0x8922208, 
    aPresContext=0x88d6c28) at nsFrameList.cpp:35
#8  0x40cff834 in nsContainerFrame::Destroy (this=0x89221d4, 
    aPresContext=0x88d6c28) at nsContainerFrame.cpp:95
#9  0x40cf8837 in nsBlockFrame::DoRemoveFrame (this=0x8922124, 
    aPresContext=0x88d6c28, aDeletedFrame=0x89221d4) at nsBlockFrame.cpp:5240
#10 0x40cf84f4 in nsBlockFrame::RemoveFrame (this=0x8922124, 
    aPresContext=0x88d6c28, aPresShell=@0x88f26a0, aListName=0x0, 
    aOldFrame=0x89221d4) at nsBlockFrame.cpp:5139
#11 0x40dd9d7b in nsFormFrame::RemoveFrame (this=0x8922124, 
    aPresContext=0x88d6c28, aPresShell=@0x88f26a0, aListName=0x0, 
    aOldFrame=0x89221d4) at nsFormFrame.cpp:361
#12 0x40d0c98f in FrameManager::RemoveFrame (this=0x88f2c18, 
    aPresContext=0x88d6c28, aPresShell=@0x88f26a0, aParentFrame=0x8922124, 
    aListName=0x0, aOldFrame=0x89221d4) at nsFrameManager.cpp:632
#13 0x40e33882 in nsCSSFrameConstructor::ContentRemoved (this=0x88f2638, 
    aPresContext=0x88d6c28, aContainer=0x891a23c, aChild=0x891a580, 
    aIndexInContainer=0) at ../../../../dist/include/nsCOMPtr.h:620
#14 0x40f58515 in StyleSetImpl::ContentRemoved (this=0x88f25e0, 
    aPresContext=0x88d6c28, aContainer=0x891a23c, aChild=0x891a580, 
    aIndexInContainer=0) at nsStyleSet.cpp:1046
#15 0x40d355fb in PresShell::ContentRemoved (this=0x88f26a0, 
    aDocument=0x88d43c0, aContainer=0x891a23c, aChild=0x891a580, 
    aIndexInContainer=0) at ../../../../dist/include/nsCOMPtr.h:620
#16 0x40f0a881 in nsDocument::ContentRemoved (this=0x88d43c0, 
    aContainer=0x891a23c, aChild=0x891a580, aIndexInContainer=0)
    at nsDocument.cpp:1703
#17 0x40dbac63 in nsHTMLDocument::ContentRemoved (this=0x88d43c0, 
    aContainer=0x891a23c, aChild=0x891a580, aIndexInContainer=0)
    at nsHTMLDocument.cpp:1153
#18 0x40d58059 in nsGenericHTMLContainerElement::RemoveChildAt (
    this=0x891a250, aIndex=0, aNotify=1) at nsGenericHTMLElement.cpp:3155
#19 0x40f807c6 in nsHTMLFormElement::RemoveChildAt (this=0x891a230, aIndex=0, 
    aNotify=1) at nsHTMLFormElement.cpp:93
#20 0x40daa9f3 in SinkContext::DemoteContainer (this=0x88d6298, 
    aNode=@0xbfffec4c) at nsHTMLContentSink.cpp:1583
#21 0x40dade8c in HTMLContentSink::CloseForm (this=0x88d5338, 
    aNode=@0xbfffec4c) at nsHTMLContentSink.cpp:2824
#22 0x4111661c in CNavDTD::CloseForm (this=0x88f7df8, aNode=0xbfffec4c)
    at CNavDTD.cpp:2691
#23 0x41116d5c in CNavDTD::CloseContainer (this=0x88f7df8, aNode=0xbfffec4c, 
    aTarget=eHTMLTag_form, aClosedByStartTag=0) at CNavDTD.cpp:2959
#24 0x41114d58 in CNavDTD::HandleEndToken (this=0x88f7df8, aToken=0x842eef0)
    at CNavDTD.cpp:1547
#25 0x4111361c in CNavDTD::HandleToken (this=0x88f7df8, aToken=0x842eef0, 
    aParser=0x88d4d18) at CNavDTD.cpp:712
#26 0x41112fbd in CNavDTD::BuildModel (this=0x88f7df8, aParser=0x88d4d18, 
    aTokenizer=0x88f8440, anObserver=0x0, aSink=0x88d5338) at CNavDTD.cpp:447
#27 0x411271ba in nsParser::BuildModel (this=0x88d4d18) at nsParser.cpp:1224
#28 0x41126fb5 in nsParser::ResumeParse (this=0x88d4d18, allowIteration=1, 
    aIsFinalChunk=0) at nsParser.cpp:1108
#29 0x411279ca in nsParser::OnDataAvailable (this=0x88d4d18, 
    channel=0x886d228, aContext=0x0, pIStream=0x88c3f14, sourceOffset=0, 
    aLength=1448) at nsParser.cpp:1542
#30 0x40a6becb in nsDocumentOpenInfo::OnDataAvailable (this=0x886d318, 
    aChannel=0x886d228, aCtxt=0x0, inStr=0x88c3f14, sourceOffset=0, count=1448)
    at ../../dist/include/nsCOMPtr.h:620
#31 0x414c8d1a in InterceptStreamListener::OnDataAvailable (this=0x88c3f10, 
    channel=0x886d228, ctxt=0x0, inStr=0x882b12c, sourceOffset=0, count=1448)
    at ../../../dist/include/nsCOMPtr.h:620
#32 0x410b24c0 in nsHTTPServerListener::OnDataAvailable (this=0x884dfc8, 
    channel=0x886d72c, context=0x886d228, i_pStream=0x882b12c, 
    i_SourceOffset=2872, i_Length=1448)
    at ../../../../dist/include/nsCOMPtr.h:620
#33 0x409f4c0c in nsOnDataAvailableEvent::HandleEvent (this=0x41501590)
    at nsAsyncStreamListener.cpp:406
#34 0x409f3e01 in nsStreamListenerEvent::HandlePLEvent (aEvent=0x415016d8)
    at nsAsyncStreamListener.cpp:97
#35 0x4013e795 in PL_HandleEvent (self=0x415016d8) at plevent.c:575
#36 0x4013e667 in PL_ProcessPendingEvents (self=0x80e1fe8) at plevent.c:520
#37 0x401401ec in nsEventQueueImpl::ProcessPendingEvents (this=0x80e1fc0)
    at nsEventQueue.cpp:316
#38 0x405dd553 in event_processor_callback (data=0x80e1fc0, source=8, 
    condition=GDK_INPUT_READ) at nsAppShell.cpp:143
#39 0x405dd1c0 in our_gdk_io_invoke (source=0x8148978, condition=G_IO_IN, 
    data=0x8159b20) at nsAppShell.cpp:56
#40 0x4078952a in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0
#41 0x4078abe6 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
#42 0x4078b1a1 in g_main_iterate () from /usr/lib/libglib-1.2.so.0
#43 0x4078b341 in g_main_run () from /usr/lib/libglib-1.2.so.0
#44 0x406b5339 in gtk_main () from /usr/lib/libgtk-1.2.so.0
#45 0x405ddd89 in nsAppShell::Run (this=0x80e4380) at nsAppShell.cpp:313
#46 0x404fc75b in nsAppShellService::Run (this=0x80e1e60)
    at ../../../dist/include/nsCOMPtr.h:620
#47 0x804c8f3 in main1 (argc=2, argv=0xbffff654, splashScreen=0x0)
    at ../../dist/include/nsCOMPtr.h:620
#48 0x804cd70 in main (argc=2, argv=0xbffff654) at nsAppRunner.cpp:998
(gdb)
Status: UNCONFIRMED → NEW
Ever confirmed: true
it's doubtful that this is a parser problem, but I'll run it under the debugger 
later today. It looks like a combobox issue to me (based on the stack crawl).
Status: NEW → ASSIGNED
Rod: this surely looks like a combo box crasher to me; I've confirmed the crash 
under NT.
Assignee: rickg → rods
Status: ASSIGNED → NEW

*** This bug has been marked as a duplicate of 36558 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
verified
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.