Closed Bug 43174 Opened 24 years ago Closed 24 years ago

Blow the stack going to www.internet.com -- nasty crash

Categories

(Core :: Layout, defect, P3)

Product:
Core
Component:
Layout
Platform:
PowerPC
Mac System 8.5
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 42138

People

(Reporter: Brade, Assigned: harishd)

References

(
URL
)

Details

(Keywords: crash, platform-parity, top100)

Attachments

(3 files)

Mac OS Macsbug stdlog on the crasj
14.88 KB, text/plain
Details
Example of a large stack loading this page
119.71 KB, text/plain
Details
original text of http://www.internet.com/
108.66 KB, text/html
Details 
With a debug Macintosh build from this morning, I crash when I go to http://
www.internet.com.  I discovered this bug when I was running chofmann's browser 
buster (top 100 sites)
adding some keywords; not sure if this is cross-platform or not
Keywords: crash, top100
hmmm, it works in win32 2000062008, but loads wierdly
this crashes me on Mac os9 but not winNT
Works on Linux 2000-06-19-08, loads slowly.

www.internet.com loads fine on PC/Linux with build 2000062220.
However, I see lots of JavaScript errors in the shell output:
 
http://www.internet.com/home-d.html line 48: curDoc.layers has no properties

I got this to work about once every other time by downloading the source in 4.7
and removing the large block of white space from the page. However, this only
works about half the time so I don?t think it will help, but you never know.
updating component and setting defualt owner. macsbug sc output from 071108 
mozilla build:

Calling chain using A6/R1 links
  Back chain  ISA  Caller
  00000000    PPC  1F2B7D64  
  0D6B5800    PPC  1F2A28A8  main+00130
  0D6B57A0    PPC  1F2A1DA4  main1(int, char**, nsISupports*)+00944
  0D6B54E0    PPC  1F03609C  nsAppShellService::Run()+00018
  0D6B54A0    PPC  1EB528B4  nsAppShell::Run()+00038
  0D6B5450    PPC  1EB52FB0  nsMacMessagePump::DoMessagePump()+0003C
  0D6B5400    PPC  1EB535B8  nsMacMessagePump::DispatchEvent(int, EventRecord*)+
00174
  0D6B53B0    PPC  1EB68D2C  Repeater::DoRepeaters(const EventRecord&)+00030
  0D6B5370    PPC  1EB30E88  nsMacNSPREventQueueHandler::RepeatAction(const 
EventRecord&)+000
0C
  0D6B5330    PPC  1EB30FA0  nsMacNSPREventQueueHandler::ProcessPLEventQueue()+
000B0
  0D6B52C0    PPC  1EE04DE8  nsEventQueueImpl::ProcessPendingEvents()+00038
  0D6B5250    PPC  1EE61DE0  PL_ProcessPendingEvents+0004C
  0D6B5210    PPC  1EE61EC8  PL_HandleEvent+00020
  0D6B51D0    PPC  1EA15F30  nsStreamListenerEvent::HandlePLEvent(PLEvent*)+00024
  0D6B5180    PPC  1EA1710C  nsOnDataAvailableEvent::HandleEvent()+00068
  0D6B5130    PPC  1EA90CF4  nsHTTPServerListener::OnDataAvailable(nsIChannel*, 
nsISupports*,
 nsIInputStream*, unsigned int, unsigned int)+00C68
  0D6B4D70    PPC  1EA46EAC  InterceptStreamListener::OnDataAvailable(nsIChannel*
, nsISupport
s*, nsIInputStream*, unsigned int, unsigned int)+00060
  0D6B4D20    PPC  1EA92788  nsHTTPFinalListener::OnDataAvailable(nsIChannel*, 
nsISupports*, 
nsIInputStream*, unsigned int, unsigned int)+00094
  0D6B4CC0    PPC  1F115998  nsDocumentOpenInfo::OnDataAvailable(nsIChannel*, 
nsISupports*, n
sIInputStream*, unsigned int, unsigned int)+00068
  0D6B4C60    PPC  1EAFA8E8  ImageConsumer::OnDataAvailable(nsIChannel*, 
nsISupports*, nsIInp
utStream*, unsigned int, unsigned int)+002A4
  0D6B4BC0    PPC  1F28FF54  NetReaderImpl::Write(const unsigned char*, long)+
00018
  0D6B4B80    PPC  1F293B34  IL_StreamWrite(il_container_struct*, const unsigned 
char*, long)
+00074
  0D6B4B30    PPC  1FC9689C  GIFDecoder::ImgDWrite(const unsigned char*, long)+
00018
  0D6B4AF0    PPC  1FC982F8  il_gif_write(il_container_struct*, const unsigned 
char*, long)+0
0B70
  0D6B4A80    PPC  1F2923BC  ImgDCallbk::ImgDCBImageSize()+0001C
  0D6B4A40    PPC  1F293584  il_size(il_container_struct*)+003B0
  0D6B49D0    PPC  1EAF45E0  ImageRendererImpl::NewPixmap(void*, int, int, 
_NI_Pixmap*, _NI_P
ixmap*)+000DC
  0D6B4960    PPC  1EAFE0FC  nsImageMac::Init(int, int, int, nsMaskRequirements)+
000DC
  0D6B4900    PPC  1EAFEBB8  nsImageMac::AllocateGWorld(short, ColorTable**, 
const Rect&, CGr
afPort**)+00030
  0D6B48B0    PPC  FFD1946C  PurgeSpace+00028
  0D6B4870    PPC  20008874  __PurgeSpace+00018
Assignee: asa → pnunn
Component: Browser-General → ImageLib
QA Contact: doronr → elig
Status: NEW → ASSIGNED
I ran chofmann's browser buster page (again) on today's mac (debug) build.
I managed to load **78** pages before I crashed at this website.

Nominate this for nsbeta2 since this is a top100 page.
Keywords: nsbeta2
Ah, we're getting heap corruption here. That's bad.
Target Milestone: --- → M17
What's happening here is that we're blowing the stack. This site seems to use 
close to 1Mb of stack to lay out. I'll attach one example of a big, frame 
construction stack.

Sorry to doom you, Chris.
Assignee: pnunn → waterson
Status: ASSIGNED → NEW
Component: ImageLib → Layout
Summary: crash going to www.internet.com → Blow the stack going to www.internet.com -- nasty crash
actually the stack needs to be about 555K or so (for this url to not crash)

PDT--can we make the stack larger for nsbeta2 (on the branch)?

add pp keyword; cc buster (since table code may be the culprit), pierre, and 
kmcclusk
Keywords: pp
sounds like increasing stack size may change the behaviour of the app in 
unmeasurable ways exposing unknown bugs. risky for beta. is there any other 
way to fix this? less risky way to fix this?
Whiteboard: NEED INFO
Increasing the stack size has low risk; it is very unlikely to cause any new 
bugs.

This is unclosed-tag city. I'll attach the original page for posterity's sake, 
but it looks like there are about 100 unclosed <input type="hidden"> fields that 
are probably blowing the content model to hell in a bucket. harishd, this is 
probably your department...
Assignee: waterson → harishd
harishd: what appears to be blowing its mind is -not- the <input type=hidden>, 
but instead the sekret tags in the head, which cuase the content model to get 
deeply nested. I tried removing all of those tags (everything between 
<csactions>...</csaction>), and life got much better.

Why do we let those tags affect the body?
ChrisW: <input> has no end tag anyway; that's why the unclosed <input>s are not
causing a problem. It is rather fun to see us trying interpret the unknown tags
and then failing dismally when we discover they don't have end tags though...

There is (or was) a bug on this issue already.
Increasing the stack is * a * solution ( though I'm unsure of the side effects ) 
but not * the * solution.  I'll be tackling a similar bug ( unclosed FONT ) for 
beta3 and therefore will look into this bug for beta3 ( since we don't have a 
lot of time for beta2 ).
Status: NEW → ASSIGNED
Putting on [nsbeta2+] radar for beta2 fix. The + is for a hack fix to increase 
the stack.
Whiteboard: NEED INFO → [nsbeta2+]
Chris, will have to work with you..since I don't have a Mac. system!!!

HEEEEELLLLLLPPPP.
Whiteboard: [nsbeta2+]
PDT: please assign your "+" to bug 46722 instead. That way, we won't lose this 
one in the shuffle.
moving to nsbeta3
Keywords: nsbeta2nsbeta3
Making a testcase for this one.
Keywords: makingtest
Scrap the makingtest idea. I just don't have the time.
Keywords: makingtest

*** This bug has been marked as a duplicate of 42138 ***
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Verified  dupe.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: