Closed
Bug 45713
Opened 24 years ago
Closed 24 years ago
Crash loading a URL via a JS 'prompt' URL
Categories
(Core :: XUL, defect, P2)
Tracking
()
RESOLVED
WORKSFORME
M18
People
(Reporter: sfraser_bugs, Assigned: sfraser_bugs)
References
()
Details
(Keywords: crash, Whiteboard: [nsbeta3+][p:2][pdtp2])
If I try to run the above URL in mozilla, typing "http://www.mozilla.org" in the prompt dialog and hitting return, I crash soon after. The crash seems to be a memory corruption-type bug. Sometimes I crash in StyleUserInterfaceImpl::CalcDifference doing a bad string compare, and sometimes when freeing some imglib data.
Assignee | ||
Comment 1•24 years ago
|
||
Trying to fix URL
Assignee | ||
Comment 2•24 years ago
|
||
fixing URL. The URL should be: javascript:url=prompt("Type a URL"); location.href=url;
Assignee | ||
Comment 3•24 years ago
|
||
This appears to be an imglib bug. More details coming.
Assignee: asa → pnunn
Component: Browser-General → ImageLib
Assignee | ||
Comment 4•24 years ago
|
||
This is proving hard to debug. I'm crashing in IL_ReleaseColorSpace(), called from il_delete_container(), and it's crashing because cmap->map has already been deleted, or points to bad memory.
Assignee | ||
Comment 5•24 years ago
|
||
Well, this isn't imglib. I'm seeing random memory trashing in various components. Someone is deleting something they shouldn't, somewhere.
Assignee: pnunn → asa
Component: ImageLib → Browser-General
Comment 7•24 years ago
|
||
I crash consistently in StyleUserInterfaceImpl::CalcDifference with this testcase.
Assignee | ||
Comment 8•24 years ago
|
||
Yup. I crashed consistently in some imglib code for a while. Don't look too closely at where it crashes; you'll have to use watchpoints to figure out where memory is getting trashed.
Comment 9•24 years ago
|
||
I don't know how to "use watchpoints to see where it trashes memory" I'll try if someone can point me to the "howto". If not I should hand this off to someone else for investigation. Any ideas who?
Comment 10•24 years ago
|
||
would this be more likely to get investigated in DOM component or possibly core javascript ebgine? It's probably going no where if it stays in my lap.
Comment 11•24 years ago
|
||
updating component and setting defualt owner.
Assignee: asa → rogerl
Component: Browser-General → Javascript Engine
QA Contact: doronr → pschwartau
Assignee | ||
Comment 12•24 years ago
|
||
Still happens. I'm sure that JS is not the culprit.
Assignee | ||
Comment 13•24 years ago
|
||
bruce, can you run purify over this?
Assignee: rogerl → sfraser
Component: Javascript Engine → XP Toolkit/Widgets
Comment 14•24 years ago
|
||
Still happening on Mac OS9 and WinNT; haven't crashed on Linux. Using Mozilla tip builds 2000-08-15 on WinNT, Linux; Using Mac commercial build 2000081413 For what it's worth, on WinNT I also crashed in IL_ReleaseColorSpace(), called from il_delete_container() : WINDOWS STACK TRACE _free_dbg_lk(void * 0x03ced9d0, int 1) line 1044 + 48 bytes _free_dbg(void * 0x03ced9d0, int 1) line 1001 + 13 bytes free(void * 0x03ced9d0) line 956 + 11 bytes PR_Free(void * 0x03ced9d0) line 66 + 10 bytes IL_ReleaseColorSpace(_NI_ColorSpace * 0x03beb560) line 454 + 22 bytes il_delete_container(il_container_struct * 0x03beb5c0) line 633 + 15 bytes IL_NetRequestDone(il_container_struct * 0x03beb5c0, ilIURL * 0x03beb320, int -201) line 1184 + 9 bytes NetReaderImpl::NetRequestDone(NetReaderImpl * const 0x03beb0d0, ilIURL * 0x03beb320, int -201) line 141 + 20 bytes ImageConsumer::OnStopRequest(ImageConsumer * const 0x03beb160, nsIChannel * 0x03bef300, nsISupports * 0x00000000, unsigned int 2147500037, const unsigned short * 0x00000000) line 547 nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x03bef290, nsIChannel * 0x03bef300, nsISupports * 0x00000000, unsigned int 2147500037, const unsigned short * 0x00000000) line 269 nsResChannel::EndRequest(unsigned int 2147500037, const unsigned short * 0x00000000) line 708 + 50 bytes nsResChannel::AsyncRead(nsResChannel * const 0x03bef300, nsIStreamListener * 0x03bef290, nsISupports * 0x00000000) line 416 nsResChannel::OnStopRequest(nsResChannel * const 0x03bef304, nsIChannel * 0x03bef0e0, nsISupports * 0x00000000, unsigned int 2147500036, const unsigned short * 0x100a1088 gCommonEmptyBuffer) line 694 + 43 bytes nsFileChannel::OnStopRequest(nsFileChannel * const 0x03bef0e8, nsIChannel * 0x03beab80, nsISupports * 0x00000000, unsigned int 2147500036, const unsigned short * 0x100a1088 gCommonEmptyBuffer) line 632 + 45 bytes nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x032bade0) line 302 nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x032bfaf0) line 97 + 12 bytes PL_HandleEvent(PLEvent * 0x032bfaf0) line 587 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x013219e0) line 528 + 9 bytes _md_EventReceiverProc(HWND__ * 0x042903cc, unsigned int 49411, unsigned int 0, long 20060640) line 1043 + 9 bytes USER32! 77e71820() 013219e0()
Comment 15•24 years ago
|
||
Using Mozilla tip build 2000-08-21 on WinNT. Today I crashed in Mozilla with exactly the same stack trace as directly above while doing something completely different than "loading a URL via a JS prompt". I was reloading this HTML file over and over when it crashed: http://bugzilla.mozilla.org/showattachment.cgi?attach_id=13269
Comment 16•24 years ago
|
||
*** Bug 50430 has been marked as a duplicate of this bug. ***
Updated•24 years ago
|
Severity: normal → critical
Keywords: nsbeta3
Priority: P3 → P2
Whiteboard: nsbeta3+
Target Milestone: --- → M18
Comment 17•24 years ago
|
||
dependency bug fixed, reaccess this bug
Assignee | ||
Comment 20•24 years ago
|
||
This doesn't crash for me any more.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•