Closed Bug 43100 Opened 25 years ago Closed 25 years ago

crash (unhandled exception) in CBodyElement::HandleStartToken

Categories

(Core :: DOM: HTML Parser, defect, P4)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Windows 98
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 46269

People

(Reporter: dbaron, Assigned: dbaron)

Details

(Keywords: crash)

DESCRIPTION: I sometimes (not all that reliably) crash with the stack below running the table regression tests in a debug build of viewer. The top of the stack is as follows: CStartToken::IsEmpty() line 220 + 3 bytes CBodyElement::HandleStartToken(nsIParserNode * 0x02c86d30, nsHTMLTag eHTMLTag_newline, nsDTDContext * 0x02e90560, nsIHTMLContentSink * 0x02d9d900) line 1917 + 8 bytes COtherDTD::HandleStartToken(CToken * 0x0302ffc0) line 783 + 33 bytes COtherDTD::HandleToken(COtherDTD * const 0x02e90960, CToken * 0x0302ffc0, nsIParser * 0x02d943f0) line 580 + 12 bytes COtherDTD::BuildModel(COtherDTD * const 0x02e90960, nsIParser * 0x02d943f0, nsITokenizer * 0x02e90390, nsITokenObserver * 0x00000000, nsIContentSink * 0x02d9d900) line 475 + 20 bytes nsParser::BuildModel() line 1775 + 34 bytes nsParser::ResumeParse(int 1, int 0) line 1656 + 11 bytes The problem is that theToken is a CNewlineToken, which doesn't have an IsEmpty() method. STEPS TO REPRODUCE: * sometimes happens loading mozilla/layout/html/tests/table/bugs/bug2479-4.html in the table regression tests BUGGY ON: * Win98 debug build, viewer, 2000-06-16 (?)
Ack; true enough.
This just in: the crash is not caused by calling CNewlineToken::IsEmpty(). CStartToken::IsEmpty() is legal, and CNewLineToken is a legit subclass of CStartToken.
In fact, I can't seem to crash (on NT) using his testcase. David, can you find any more data to help narrow this down?
here's something: I did manage to crash (just now) but the stack trace pointed to the HashTable code, not the tokens. The machine locked up on me, so I can't post the stack trace here. (I'd have to call this circumstantial evidence).
Harish: I can't reproduce this, and the IsEmpty() call is perfectly legal (as I pointed out earlier). Can you please try to reproduce this on a 98 box? Thanks.
Reassigning in hopes of finding a testcase.
Assignee: rickg → harishd
David, I'm giving this bug to you for a couple of reasons! 1) Need a reproducable test case. 2) You build on Win98! ( I don't see the crash on NT ). Thanx.
Assignee: harishd → dbaron
Adding crash keyword
Keywords: crash
CNewlineToken is not a subclass of CStartToken. They're both subclasses of CHTMLToken, so I really don't see how this works at all.
fixed with the fix for bug 46269?
*** This bug has been marked as a duplicate of 46269 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
verified
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.