Closed
Bug 55354
Opened 24 years ago
Closed 24 years ago
Crash when going to winmag url
Categories
(Core :: Layout, defect, P1)
Tracking
()
People
(Reporter: kmcclusk, Assigned: attinasi)
References
()
Details
(Keywords: crash)
Attachments
(1 file)
229 bytes,
text/html
|
Details |
Go to the url above. N6 loads most of the page then crashes in FrameImageLoader. 100% reproducible using todays N6-commerical build on WINNT.
Assignee | ||
Comment 2•24 years ago
|
||
CC'ing buster since he may have time to help. Rod, do you have a stack trace? Kevin suggested you might...
Status: NEW → ASSIGNED
Comment 3•24 years ago
|
||
A couple of interesting things I just learned: 1) Crashes with today's trunk build in mozilla, but NOT in viewer 2) In nsFrameImageLoader where the crash occurs, it basically loops off into memory, I put a counter in the loop and it looped up to 6479 and then crashed.
Comment 4•24 years ago
|
||
nsFrameImageLoader::NotifyFrames(int 0) line 569 + 3 bytes nsFrameImageLoader::Notify(nsIImageRequest * 0x052b0440, nsIImage * 0x05271290, nsImageNotification nsImageNotification_kImageComplete, int 0, int 0, void * 0x00000000) line 505 ns_observer_proc(void * 0x052b02e0, long 7, void * 0x0012fbc4, void * 0x052b0440) line 113 XP_NotifyObservers(OpaqueObserverList * 0x052b0370, long 7, void * 0x0012fbc4) line 259 + 28 bytes il_image_complete_notify(il_container_struct * 0x052b1f00) line 327 + 18 bytes il_image_complete(il_container_struct * 0x052b1f00) line 1652 + 9 bytes ImgDCallbk::ImgDCBHaveImageAll(ImgDCallbk * const 0x052b0030) line 189 + 12 bytes process_buffered_gif_input_data(gif_struct * 0x05274a20) line 694 gif_delay_time_callback(void * 0x052b1f00) line 725 + 9 bytes timer_callback(nsITimer * 0x05277240, void * 0x05274060) line 70 + 12 bytes nsTimer::Fire() line 194 + 17 bytes nsTimerManager::FireNextReadyTimer(nsTimerManager * const 0x02922680, unsigned int 0) line 117 nsAppShell::Run(nsAppShell * const 0x00af9260) line 116 nsAppShellService::Run(nsAppShellService * const 0x00af8400) line 408 main1(int 1, char * * 0x00a234b0, nsISupports * 0x00000000) line 1024 + 32 bytes main(int 1, char * * 0x00a234b0) line 1205 + 37 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77f1ba06()
100% reproducable crash on several high profile sites (including mp3.com), I think we must fix for rtm. Setting Priority to P1, severity to critical.
Some more observations pertaining to the test case I just attached: 1. doesn't matter which image is used, as long as the same image is used twice 2. img's must be within a table, and table must have a width (fixed or percent) 3. img must have percent width and fixed height 4. only crashes on initial load. if you change the test case, load successfully, then change the test case back to what it was and reload, then you will not crash.
Comment 10•24 years ago
|
||
The call stack looks exactly like the call stack of #53317. And the value of pfd is the same. I heard a fix will be ready RealSoonNow. -p *** This bug has been marked as a duplicate of 53317 ***
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•