Closed Bug 465583 Opened 17 years ago Closed 16 years ago

Crash [@ memmove] [@ nsAttrAndChildArray::RemoveChildAt]

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: martijn.martijn, Unassigned)

Details

(Keywords: crash)

Crash Data

I can crash fairly regurlarly with this stacktrace, when using this function, mixed in a quite big file (140kb): function doe() { document.write("<script>"); document.write("var x=document.getElementsByTagName('script'); for (var i=0;i<x.length;i++) {document.documentElement.appendChild(x[i]);}"); document.write("<\/script>"); } setTimeout(doe, 100);setTimeout(doe, 100);setTimeout(doe, 100); But I haven't been able to get a minimized testcase of it. But maybe this crash can be fixed, without a testcase, by sprinkling some null checks? http://crash-stats.mozilla.com/report/index/aff725ae-403b-4f8e-a97d-8fb220081118?p=1 0 mozcrt19.dll memmove MEMCPY.ASM:188 1 xul.dll nsAttrAndChildArray::RemoveChildAt content/base/src/nsAttrAndChildArray.cpp:228 2 xul.dll nsHTMLDocument::OpenCommon content/html/document/src/nsHTMLDocument.cpp:1961 3 xul.dll nsHTMLDocument::Open content/html/document/src/nsHTMLDocument.cpp:2068 4 xul.dll nsHTMLDocument::Open content/html/document/src/nsHTMLDocument.cpp:2061 5 xul.dll nsHTMLDocument::WriteCommon content/html/document/src/nsHTMLDocument.cpp:2169 6 xul.dll nsHTMLDocument::ScriptWriteCommon content/html/document/src/nsHTMLDocument.cpp:2261 7 xul.dll nsHTMLDocument::Write content/html/document/src/nsHTMLDocument.cpp:2289 8 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101 9 xul.dll XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2422
Summary: Crash [@ memmove] → Crash [@ memmove] [@ nsAttrAndChildArray::RemoveChildAt]
Martijn, how exactly do I reproduce this? Is the big file necessary?
I'm afraid there is no easy way to reproduce this. I'll try one more time to get a minimized testcase for this bug.
I thought I had a case of this stored somewhere on my computer where it happened sometimes. But I can't find that one back. I'll just mark this bug incomplete and I'll reopen if I find some way to reproduce.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INCOMPLETE
Crash Signature: [@ memmove] [@ nsAttrAndChildArray::RemoveChildAt]
You need to log in before you can comment on or make changes to this bug.