crash (unhandled exception) in CBodyElement::HandleStartToken

VERIFIED DUPLICATE of bug 46269

Status

()

P4
normal
VERIFIED DUPLICATE of bug 46269
19 years ago
19 years ago

People

(Reporter: dbaron, Assigned: dbaron)

Tracking

({crash})

Trunk
x86
Windows 98
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

DESCRIPTION:  I sometimes (not all that reliably) crash with the stack below 
running the table regression tests in a debug build of viewer.  The top of 
the stack is as follows:

CStartToken::IsEmpty() line 220 + 3 bytes
CBodyElement::HandleStartToken(nsIParserNode * 0x02c86d30, nsHTMLTag 
eHTMLTag_newline, nsDTDContext * 0x02e90560, nsIHTMLContentSink * 0x02d9d900) 
line 1917 + 8 bytes
COtherDTD::HandleStartToken(CToken * 0x0302ffc0) line 783 + 33 bytes
COtherDTD::HandleToken(COtherDTD * const 0x02e90960, CToken * 0x0302ffc0, 
nsIParser * 0x02d943f0) line 580 + 12 bytes
COtherDTD::BuildModel(COtherDTD * const 0x02e90960, nsIParser * 0x02d943f0, 
nsITokenizer * 0x02e90390, nsITokenObserver * 0x00000000, nsIContentSink * 
0x02d9d900) line 475 + 20 bytes
nsParser::BuildModel() line 1775 + 34 bytes
nsParser::ResumeParse(int 1, int 0) line 1656 + 11 bytes

The problem is that theToken is a CNewlineToken, which doesn't have an IsEmpty() 
method.

STEPS TO REPRODUCE:
 * sometimes happens loading mozilla/layout/html/tests/table/bugs/bug2479-4.html
 in the table regression tests

BUGGY ON:
 * Win98 debug build, viewer, 2000-06-16 (?)

Comment 1

19 years ago
Ack; true enough. 

Comment 2

19 years ago
This just in: the crash is not caused by calling CNewlineToken::IsEmpty(). 
CStartToken::IsEmpty() is legal, and CNewLineToken is a legit subclass of 
CStartToken.

Comment 3

19 years ago
In fact, I can't seem to crash (on NT) using his testcase. David, can you find 
any more data to help narrow this down?

Comment 4

19 years ago
here's something: I did manage to crash (just now) but the stack trace pointed 
to the HashTable code, not the tokens. The machine locked up on me, so I can't 
post the stack trace here. (I'd have to call this circumstantial evidence).

Comment 5

19 years ago
Harish: I can't reproduce this, and the IsEmpty() call is perfectly legal (as I 
pointed out earlier). Can you please try to reproduce this on a 98 box? Thanks.

Comment 6

19 years ago
Reassigning in hopes of finding a testcase.
Assignee: rickg → harishd

Comment 7

19 years ago
David, I'm giving this bug to you for a couple of reasons!

1) Need a reproducable test case.
2) You build on Win98! ( I don't see the crash on NT ).

Thanx.
Assignee: harishd → dbaron

Comment 8

19 years ago
Adding crash keyword
Keywords: crash
CNewlineToken is not a subclass of CStartToken.  They're both subclasses of
CHTMLToken, so I really don't see how this works at all.

Comment 11

19 years ago
fixed with the fix for bug 46269?

*** This bug has been marked as a duplicate of 46269 ***
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → DUPLICATE

Comment 13

19 years ago
verified
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.