Closed
Bug 501113
Opened 15 years ago
Closed 15 years ago
HTML5 Crash EXCEPTION_INT_DIVIDE_BY_ZERO [@ _aulldiv - nsHtml5TreeBuilder::Flush] loading complex pages
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
VERIFIED
FIXED
mozilla1.9.2a1
Tracking | Status | |
---|---|---|
status1.9.2 | --- | beta1-fixed |
People
(Reporter: jmjjeffery, Assigned: timeless)
References
Details
(Keywords: crash)
Crash Data
Attachments
(2 files, 2 obsolete files)
2.79 KB,
patch
|
sicking
:
review+
sicking
:
superreview+
|
Details | Diff | Splinter Review |
2.81 KB,
patch
|
Details | Diff | Splinter Review |
Loading any complex page with the new HTML5 parser set to 'true' crashes the browser on page load. 1. Load www.cnn.com 2. crash before page loads Crash-report here: http://crash-stats.mozilla.com/report/index/14604f15-d79d-4ef1-8f9c-5343b2090629?p=1 Using nightly build: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2a1pre) Gecko/20090629 Minefield/3.6a1pre Firefox/3.0.11 ID:20090629044912 changeset: http://hg.mozilla.org/mozilla-central/rev/643cdff78555
Signature _aulldiv UUID 14604f15-d79d-4ef1-8f9c-5343b2090629 Time 2009-06-29 06:45:52.502461 Uptime 35 Last Crash 37626 seconds before submission Product Firefox Version 3.6a1pre Build ID 20090629044912 Branch 1.9.2 OS Windows NT OS Version 6.1.7100 CPU x86 CPU Info AuthenticAMD family 16 model 2 stepping 3 Crash Reason EXCEPTION_INT_DIVIDE_BY_ZERO Crash Address 0x68ebc924 User Comments HTML5 enabled - crash loading CNN Processor Notes Crashing Thread Frame Module Signature [Expand] Source 0 xul.dll _aulldiv ulldiv.asm:87 1 xul.dll nsHtml5TreeBuilder::end parser/html/nsHtml5TreeBuilderCppSupplement.h:281 2 xul.dll nsHtml5TreeBuilder::endTokenization parser/html/nsHtml5TreeBuilder.cpp:555 3 xul.dll nsHtml5Tokenizer::end parser/html/nsHtml5Tokenizer.cpp:3181 4 xul.dll nsHtml5Parser::ParseFragment parser/html/nsHtml5Parser.cpp:527 ted suggests: http://hg.mozilla.org/mozilla-central/annotate/643cdff78555/parser/html/nsHtml5TreeBuilderCppSupplement.h#l487 hsivonen@29805 487 sTreeOpQueueMaxLength = (PRUint32)((NS_HTML5_TREE_BUILDER_MAX_QUEUE_TIME * (PRUint64)opQueueLength) / (PR_Now() - flushStart)); and he notes that flushStart is assigned from PR_Now() earlier.
Keywords: crash
Summary: HTML5 Crash [@ _aulldiv ] loading complex pages → HTML5 Crash EXCEPTION_INT_DIVIDE_BY_ZERO [@ _aulldiv - nsHtml5TreeBuilder::Flush] loading complex pages
Comment 2•15 years ago
|
||
ted mentioned PR_IntervalNow() bsmedberg recommended mozilla::TimeStamp
Crashing Thread on Win XP: 0 xul.dll _aulldiv ulldiv.asm:87 1 xul.dll nsHtml5TreeBuilder::end parser/html/nsHtml5TreeBuilderCppSupplement.h:281 2 xul.dll nsHtml5TreeBuilder::endTokenization parser/html/nsHtml5TreeBuilder.cpp:555 3 xul.dll nsHtml5Tokenizer::end parser/html/nsHtml5Tokenizer.cpp:3181 4 xul.dll nsHtml5Parser::DidBuildModel parser/html/nsHtml5Parser.cpp:789 5 xul.dll nsHtml5Parser::ParseUntilSuspend parser/html/nsHtml5Parser.cpp:1200 6 xul.dll nsHtml5Parser::OnStopRequest parser/html/nsHtml5Parser.cpp:655 7 xul.dll nsDocumentOpenInfo::OnStopRequest uriloader/base/nsURILoader.cpp:323 8 xul.dll nsStreamListenerTee::OnStopRequest netwerk/base/src/nsStreamListenerTee.cpp:65 9 xul.dll nsHttpChannel::OnStopRequest netwerk/protocol/http/src/nsHttpChannel.cpp:5031 10 xul.dll nsInputStreamPump::OnStateStop netwerk/base/src/nsInputStreamPump.cpp:576 11 xul.dll nsInputStreamPump::OnInputStreamReady netwerk/base/src/nsInputStreamPump.cpp:401 12 xul.dll nsOutputStreamReadyEvent::Run xpcom/io/nsStreamUtils.cpp:190 13 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:527 14 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:170 15 xul.dll nsAppStartup::Run toolkit/components/startup/src/nsAppStartup.cpp:193 16 nspr4.dll PR_GetEnv 17 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:110 18 firefox.exe firefox.exe@0x21a7 19 kernel32.dll kernel32.dll@0x17076
Comment 4•15 years ago
|
||
Martijn, I think this is the crash you were seeing?
Comment 5•15 years ago
|
||
Could be, I have these crash reports: http://crash-stats.mozilla.com/report/index/c31e85f6-ad13-4418-9585-6b6a02090629?p=1 http://crash-stats.mozilla.com/report/index/6b081bc2-3f59-443a-9201-912ec2090629?p=1
Updated•15 years ago
|
Blocks: html5-parsing-land
Flags: blocking1.9.2?
Comment 6•15 years ago
|
||
Could this be at fault: http://hg.mozilla.org/mozilla-central/annotate/643cdff78555/parser/html/nsHtml5TreeBuilderCppSupplement.h#l487 ?
Comment 7•15 years ago
|
||
To be more specific: PRNow() is only accurate to 15 miliseconds iirc, so the second call to PRNow could be of equivalent value to flushStart hence making the division by zero...
Comment 8•15 years ago
|
||
henri, et al: looks like same stack as when loading http://tinderbox.mozilla.org/showbuilds.cgi?tree=Firefox in case you're looking for a test case that's a bit less a moving target than cnn http://crash-stats.mozilla.com/report/index/2ec2d988-805c-4bcc-9cda-cc47b2090629?p=1
Assignee | ||
Comment 10•15 years ago
|
||
Attachment #385845 -
Attachment is obsolete: true
Attachment #385847 -
Flags: review?(hsivonen)
Attachment #385845 -
Flags: review?(hsivonen)
Comment 11•15 years ago
|
||
Docs say PR_IntervalNow() and PR_Now() have different units, so need to change the magic constant accordingly.
Attachment #385847 -
Attachment is obsolete: true
Attachment #385847 -
Flags: review?(hsivonen)
Comment 12•15 years ago
|
||
Comment on attachment 385983 [details] [diff] [review] Change the constant to milliseconds, too The patch seems to work. Thanks, timeless! However, my Windows box is a virtual machine, so I may not seeing the same timing as one would have on a real box.
Attachment #385983 -
Flags: superreview?(mrbkap)
Attachment #385983 -
Flags: review?(jonas)
Attachment #385983 -
Flags: superreview?(mrbkap)
Attachment #385983 -
Flags: superreview+
Attachment #385983 -
Flags: review?(jonas)
Attachment #385983 -
Flags: review+
Comment on attachment 385983 [details] [diff] [review] Change the constant to milliseconds, too You can't assume that PRIntervalNow returns milliseconds. You have to use PR_IntervalToMilliseconds r/sr=me with that
Comment 14•15 years ago
|
||
Pushed patch for the record. With PR_IntervalToMilliseconds. Thanks.
Comment 15•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/231fe6f453d8
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 16•15 years ago
|
||
Verified fixed, no more instant crash on complex pages with HTMO5 = True changeset: http://hg.mozilla.org/mozilla-central/rev/231fe6f453d8 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2a1pre) Gecko/20090702 Minefield/3.6a1pre Firefox/3.0.11 ID:20090702004326
Status: RESOLVED → VERIFIED
Updated•15 years ago
|
status1.9.2:
--- → beta1-fixed
Flags: blocking1.9.2? → blocking1.9.2-
Updated•13 years ago
|
Crash Signature: [@ _aulldiv - nsHtml5TreeBuilder::Flush]
You need to log in
before you can comment on or make changes to this bug.
Description
•