Closed Bug 542268 Opened 15 years ago Closed 15 years ago

[HTML5] frame construction stack overflow on radiofly.ws

Categories

(Core :: DOM: HTML Parser, defect, P2)

Product:
Core
Component:
DOM: HTML Parser
Version:
1.9.2 Branch
Platform:
x86
Windows XP
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: nightsoul.blackps, Unassigned)

References

(
URL
)

Details

(Keywords: crash)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Crash when loading a page,this is the first time is crashing usually it hangs,can somebody check the problem out? bp-e839b811-c74f-4a6f-a53e-6a3ff2100126 , i think it's ad addon problem but witch one? Thanks. Reproducible: Always
Well, you can disable your extensions one-by-one to find the culprit. then install that extension to a new separate profile and verify it's causing the crash in double-checking sense.
Keywords: crash
Version: unspecified → 3.5 Branch
First of all i`m using Firefox/3.6 and not 3.5 , and it's not an addon problem i have enable HTML 5 Parsing and i did try to visit a page and the browser has crushed. Thanks.
what page?
Version: 3.5 Branch → 3.6 Branch
confirming for 3.6. a local copy of that page does not trigger the crash. also today's trunk nightly is not affected. Signature nsRuleNode::GetStyleData(nsStyleStructID, nsStyleContext*, int) UUID d4a9a175-5a93-4710-b8ed-f787b2100126 Time 2010-01-26 16:05:58.774749 Uptime 19 Last Crash 74 seconds before submission Product Firefox Version 3.6 Build ID 20100115144158 Branch 1.9.2 OS Windows NT OS Version 5.1.2600 Service Pack 3 CPU x86 CPU Info GenuineIntel family 15 model 2 stepping 9 Crash Reason EXCEPTION_STACK_OVERFLOW Crash Address 0x10125fe4 User Comments Bug 542268 (safe-mode) Processor Notes This dump is too long and has triggered the automatic truncation routine Crashing Thread Frame Module Signature Source 0 xul.dll nsRuleNode::GetStyleData(nsStyleStructID,nsStyleContext*,int) layout/style/nsRuleNode.cpp:5744 1 xul.dll nsRuleNode::WalkRuleTree(nsStyleStructID,nsStyleContext*,nsRuleData*,nsCSSStruct*) layout/style/nsRuleNode.cpp:1926 2 xul.dll nsRuleNode::GetStyleData(nsStyleStructID,nsStyleContext*,int) layout/style/nsStyleStructList.h:89 3 xul.dll nsRuleNode::WalkRuleTree(nsStyleStructID,nsStyleContext*,nsRuleData*,nsCSSStruct*) layout/style/nsRuleNode.cpp:1926 ... 99 xul.dll nsRuleNode::WalkRuleTree(nsStyleStructID,nsStyleContext*,nsRuleData*,nsCSSStruct*) layout/style/nsRuleNode.cpp:1926 100 xul.dll nsRuleNode::GetStyleData(nsStyleStructID,nsStyleContext*,int) layout/style/nsStyleStructList.h:89 5225 xul.dll nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState&,nsCSSFrameConstructor::FrameConstructionItemList&,nsIFrame*,nsFrameItems&) layout/base/nsCSSFrameConstructor.cpp:9609 5226 xul.dll nsCSSFrameConstructor::ConstructInline(nsFrameConstructorState&,nsCSSFrameConstructor::FrameConstructionItem&,nsIFrame*,nsStyleDisplay const*,nsFrameItems&,nsIFrame**) layout/base/nsCSSFrameConstructor.cpp:10821 5227 xul.dll nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem&,nsFrameConstructorState&,nsIFrame*,nsFrameItems&) layout/base/nsCSSFrameConstructor.cpp:3933 5228 xul.dll nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState&,nsCSSFrameConstructor::FrameConstructionItemList::Iterator&,nsIFrame*,nsFrameItems&) layout/base/nsCSSFrameConstructor.cpp:5644 5229 xul.dll nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState&,nsCSSFrameConstructor::FrameConstructionItemList&,nsIFrame*,nsFrameItems&) layout/base/nsCSSFrameConstructor.cpp:9609 5230 xul.dll nsCSSFrameConstructor::ConstructInline(nsFrameConstructorState&,nsCSSFrameConstructor::FrameConstructionItem&,nsIFrame*,nsStyleDisplay const*,nsFrameItems&,nsIFrame**) layout/base/nsCSSFrameConstructor.cpp:10821 ... 5300 xul.dll nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState&,nsCSSFrameConstructor::FrameConstructionItemList::Iterator&,nsIFrame*,nsFrameItems&) layout/base/nsCSSFrameConstructor.cpp:5644 5301 xul.dll nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState&,nsIContent*,nsStyleContext*,nsIFrame*,int,nsFrameItems&,int,PendingBinding*) layout/base/nsCSSFrameConstructor.cpp:9717 5302 xul.dll nsCSSFrameConstructor::ConstructBlock(nsFrameConstructorState&,nsStyleDisplay const*,nsIContent*,nsIFrame*,nsIFrame*,nsStyleContext*,nsIFrame**,nsFrameItems&,int,PendingBinding*) layout/base/nsCSSFrameConstructor.cpp:10771 5303 xul.dll nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem&,nsFrameConstructorState&,nsIFrame*,nsFrameItems&) layout/base/nsCSSFrameConstructor.cpp:3933 5304 @0x4e4547f 5305 xul.dll nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState&,nsIContent*,nsStyleContext*,nsIFrame*,int,nsFrameItems&,int,PendingBinding*) layout/base/nsCSSFrameConstructor.cpp:9717 5306 xul.dll nsCSSFrameConstructor::ConstructBlock(nsFrameConstructorState&,nsStyleDisplay const*,nsIContent*,nsIFrame*,nsIFrame*,nsStyleContext*,nsIFrame**,nsFrameItems&,int,PendingBinding*) layout/base/nsCSSFrameConstructor.cpp:10771 5307 xul.dll nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem&,nsFrameConstructorState&,nsIFrame*,nsFrameItems&) layout/base/nsCSSFrameConstructor.cpp:3933 5308 @0x4e4547f 5309 xul.dll PresShell::ContentAppended(nsIDocument*,nsIContent*,int) layout/base/nsPresShell.cpp:5039 5310 xul.dll nsNodeUtils::ContentAppended(nsIContent*,int) content/base/src/nsNodeUtils.cpp:134 5311 xul.dll nsHtml5PendingNotification::Fire() parser/html/nsHtml5PendingNotification.h:60 5312 xul.dll nsHtml5TreeBuilder::FlushPendingAppendNotifications() parser/html/nsHtml5TreeBuilderHSupplement.h:118 5313 xul.dll nsHtml5TreeBuilder::Flush() parser/html/nsHtml5TreeBuilderCppSupplement.h:482 5314 xul.dll nsHtml5TreeBuilder::MaybeFlush() parser/html/nsHtml5TreeBuilderHSupplement.h:79 5315 xul.dll nsHtml5Parser::ContinueInterruptedParsing() parser/html/nsHtml5Parser.cpp:246 5316 xul.dll nsHtml5Parser::HandleParserContinueEvent(nsHtml5ParserContinueEvent*) parser/html/nsHtml5Parser.cpp:864 5317 xul.dll nsHtml5ParserContinueEvent::Run() parser/html/nsHtml5Parser.cpp:82 5318 xul.dll nsThread::ProcessNextEvent(int,int*) xpcom/threads/nsThread.cpp:527 5319 xul.dll nsBaseAppShell::Run() widget/src/xpwidgets/nsBaseAppShell.cpp:170 5320 xul.dll nsAppStartup::Run() toolkit/components/startup/src/nsAppStartup.cpp:182 5321 nspr4.dll PR_GetEnv 5322 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:120 5323 firefox.exe __tmainCRTStartup obj-firefox/memory/jemalloc/crtsrc/crtexe.c:591 5324 kernel32.dll BaseProcessStart
URL: http://www.radiofly.ws/filme.html
Status: UNCONFIRMED → NEW
Component: General → Layout
Ever confirmed: true
Product: Firefox → Core
QA Contact: general → layout
Summary: Crash Report [@ nsRuleNode::GetStyleData(nsStyleStructID, nsStyleContext*, int) ] → Crash [@ nsRuleNode::GetStyleData(nsStyleStructID, nsStyleContext*, int) ]
Version: 3.6 Branch → 1.9.2 Branch
Summary: Crash [@ nsRuleNode::GetStyleData(nsStyleStructID, nsStyleContext*, int) ] → frame construction stack overflow on radiofly.ws
Hmm. I can't reproduce (on Mac, though). Do you only see the problem with the html5 parser (which is _very_ broken in 3.6) enabled?
ugh, yes html5 is enabled for me when crashing. shame on me for not thinking of this. that said, it's crashing today's trunk build with html5 enabled too: bp-6fad6da2-34f1-4f0a-a345-cf33c2100126 [@ CSSStyleRuleImpl::MapRuleInfoInto(nsRuleData*) ]
Summary: frame construction stack overflow on radiofly.ws → [HTML5] frame construction stack overflow on radiofly.ws
OK. I can definitely not reproduce this on trunk, on mac. Can you try loading the page in a display:none iframe (so as to avoid that layout part that crashes) and comparing the DOM generated by the HTML5 parser to the one the normal parser generates? How do they differ?
Component: Layout → HTML: Parser
QA Contact: layout → parser
Should we just disable the HTML5 parser pref on 1.9.2 ?
I think we've been considering that, yes.
Crashes latest nightly on Windows for me, but debug Linux build doesn't show any problem.
Looks similar to bug 507119. (In reply to comment #9) > Should we just disable the HTML5 parser pref on 1.9.2 ? I think we should or, failing that, at minimum I think we should rename the pref on 1.9.2 to html5.obsolete.enable so that enabling the parser on trunk and sharing the profile with release builds doesn't end up enabling the parser on the release branch. See the discussion in bug 538722.
> but debug Linux build doesn't show any problem. Yeah, I think Windows tends to have a lower stack limit than OSX or Linux.
Depends on: 507119
Depends on: 483209
I expect a patch I just landed to fix this. Worth testing in tomorrow's Windows nightly.
Priority: -- → P2
WFM on XP. Maybe the site changed? In any case, the fix for bug 561874 should fix this one, too.
Depends on: 561874
Or maybe the fix from March fixed this and the fix for bug 561874 just doesn't regress this.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.