54214 - browser crashed after clicking on the link (stack trace included)

Status: RESOLVED WORKSFORME

(Core :: JavaScript Engine, defect, P3)

Description

[Aleks Totic]

From Bugzilla Helper:
User-Agent: Mozilla/4.6 [en] (X11; I; Linux 2.2.5-15 i686)
BuildID:    0 (9/26/00 AM pull)

I've crashed the browser when clicking on a link. It was my second
click. The URLs are company internal, so no reproducible case. It looks like
some threading problem, where you are walking stuff that has been deleted.

Reproducible: Didn't try
Steps to Reproduce:


Actual Results:  						

0x401c5e0c in js_ContextIterator (rt=0x8162d08, iterp=0xbfffeae0) at
jscntxt.c:255
#1  0x401e3650 in js_GC (cx=0x85256c0, gcflags=0) at jsgc.c:989
#2  0x401e33e8 in js_ForceGC (cx=0x85256c0) at jsgc.c:871
#3  0x401bb16e in JS_GC (cx=0x85256c0) at jsapi.c:1542
#4  0x40515d8d in nsJSContext::GC (this=0x8525680) at nsJSEnvironment.cpp:1286
#5  0x40529879 in GlobalWindowImpl::SetNewDocument (this=0x85255a0,
aDocument=0x8631604)
    at nsGlobalWindow.cpp:358
#6  0x419ee9a6 in DocumentViewerImpl::Init (this=0x8904af0,
aParentWidget=0x8641e48, aDeviceContext=0x85251c8, 
    aBounds=@0xbffff040) at nsDocumentViewer.cpp:535
#7  0x4107d5cd in nsDocShell::SetupNewViewer (this=0x8641830,
aNewViewer=0x8904af0) at nsDocShell.cpp:2775
#8  0x41085892 in nsWebShell::SetupNewViewer (this=0x8641830, aViewer=0x8904af0)
at nsWebShell.cpp:350
#9  0x4107b4f0 in nsDocShell::Embed (this=0x8641830, aContentViewer=0x8904af0,
aCommand=0x410ace24 "", 
    aExtraInfo=0x0) at nsDocShell.cpp:2409
#10 0x41085a6a in nsWebShell::Embed (this=0x8641830, aContentViewer=0x8904af0,
aCommand=0x410ace24 "", 
    aExtraInfo=0x0) at nsWebShell.cpp:379
#11 0x4107bf2c in nsDocShell::CreateContentViewer (this=0x8641830,
aContentType=0xbffff33c "text/html", 
    aOpenedChannel=0x88238b0, aContentHandler=0xbffff3a4) at nsDocShell.cpp:2588
#12 0x4108bad0 in nsDSURIContentListener::DoContent (this=0x8641130,
aContentType=0xbffff33c "text/html", 
    aCommand=1, aWindowTarget=0x4017e290 "", aOpenedChannel=0x88238b0,
aContentHandler=0xbffff3a4, 
    aAbortProcess=0xbffff37c) at nsDSURIContentListener.cpp:105
#13 0x40baa4a4 in nsDocumentOpenInfo::DispatchContent (this=0x8823ad0,
aChannel=0x88238b0, aCtxt=0x0)
    at nsURILoader.cpp:359
#14 0x40ba9db1 in nsDocumentOpenInfo::OnStartRequest (this=0x8823ad0,
aChannel=0x88238b0, aCtxt=0x0)
    at nsURILoader.cpp:233
#15 0x409da943 in nsHTTPFinalListener::OnStartRequest (this=0x8823b10,
aChannel=0x88238b0, aContext=0x0)
    at nsHTTPResponseListener.cpp:1121
#16 0x409a78e9 in InterceptStreamListener::OnStartRequest (this=0x8788a08,
channel=0x88238b0, ctxt=0x0)
    at nsCachedNetData.cpp:1177
#17 0x409da446 in nsHTTPServerListener::FinishedResponseHeaders (this=0x8902490)
    at nsHTTPResponseListener.cpp:1047
#18 0x409d87f9 in nsHTTPServerListener::OnDataAvailable (this=0x8902490,
channel=0x855a1d4, context=0x88238b0, 
    i_pStream=0x87c9520, i_SourceOffset=20553, i_Length=2598) at
nsHTTPResponseListener.cpp:427
#19 0x4096e05f in nsOnDataAvailableEvent::HandleEvent (this=0x8903d90) at
nsAsyncStreamListener.cpp:400
#20 0x4096d2e7 in nsStreamListenerEvent::HandlePLEvent (aEvent=0x8903db8) at
nsAsyncStreamListener.cpp:97
#21 0x401273b1 in PL_HandleEvent (self=0x8903db8) at plevent.c:575
#22 0x401271a0 in PL_ProcessPendingEvents (self=0x80ae148) at plevent.c:508
#23 0x40129059 in nsEventQueueImpl::ProcessPendingEvents (this=0x80ae120) at
nsEventQueue.cpp:356
#24 0x40c4fae4 in event_processor_callback (data=0x80ae120, source=7,
condition=GDK_INPUT_READ)
    at nsAppShell.cpp:158
#25 0x40c4f71f in our_gdk_io_invoke (source=0x81fe568, condition=G_IO_IN,
data=0x81fe558) at nsAppShell.cpp:58
#26 0x40e08d6a in g_io_unix_dispatch () at
../../../dist/include/nsIPageSequenceFrame.h:112
#27 0x40e0a2c6 in g_main_dispatch () at
../../../dist/include/nsIPageSequenceFrame.h:112
#28 0x40e0a801 in g_main_iterate () at
../../../dist/include/nsIPageSequenceFrame.h:112
#29 0x40e0a979 in g_main_run () at
../../../dist/include/nsIPageSequenceFrame.h:112
#30 0x40d3cf3a in gtk_main () at
../../../dist/include/nsIPageSequenceFrame.h:112
#31 0x40c501da in nsAppShell::Run (this=0x80fd600) at nsAppShell.cpp:335
#32 0x4072f414 in nsAppShellService::Run (this=0x814f5d0) at
nsAppShellService.cpp:407
#33 0x8055f55 in main1 (argc=1, argv=0xbffffa94, nativeApp=0x0) at
nsAppRunner.cpp:1004
#34 0x80565fe in main (argc=1, argv=0xbffffa94) at nsAppRunner.cpp:1185
#35 0x40367cb3 in __libc_start_main (main=0x805644c <main>, argc=1,
argv=0xbffffa94, init=0x8050c74 <_init>, 
    fini=0x8064ee0 <_fini>, rtld_fini=0x4000a350 <_dl_fini>,
stack_end=0xbffffa8c)
    at ../sysdeps/generic/libc-start.c:78
(gdb) p cx
$2 = (JSContext *) 0x0
(gdb) p rt->contextList
$3 = {next = 0x0, prev = 0x43500000}

Comment 1

[Phil Schwartau]

cc'ing Brendan in case this trace helps to understand other crashing bugs. 
Notice this at the bottom:

                      (gdb) p cx
                      $2 = (JSContext *) 0x0
                      (gdb) p rt->contextList
                      $3 = {next = 0x0, prev = 0x43500000}


Reporter, thank you for providing this trace. However, would it be possible to 
make a reduced test case for the crash and attach it to this bug? I'm going to 
have to close it if there is no way for us to reproduce it... 

Comment 2

[Aleks Totic]

Fully reproducible. The link followed causes a redirect, which probably
messes up your context list. The redirect is inside an HTML page:
Here is the doc that redirects:

<HEAD>
<META HTTP-EQUIV="Refresh" CONTENT="0;
url=http://dev.round-one.com/engineering/">
</HEAD>

Comment 3

[Brendan Eich [:brendan]]

Looks like a dup of bug 53094, again.  Was the build from source pulled after
the 19th?

/be

Comment 4

[Phil Schwartau]

Yes, I believe. The reporter mentions this at the top: 

                  BuildID: 0 (9/26/00 AM pull)

Comment 5

[Aleks Totic]

This morning's pull (26th), I've pulled and rebuilt. Did not make clean, though.

Comment 6

[Aleks Totic]

did a make clean, it no longer crashes