Closed Bug 55354 Opened 24 years ago Closed 24 years ago

Crash when going to winmag url

Categories

(Core :: Layout, defect, P1)

Product:
Core
Component:
Layout
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 53317

People

(Reporter: kmcclusk, Assigned: attinasi)

References

(
URL
)

Details

(Keywords: crash)

Attachments

(1 file)

min test case, 100% reproducable, derived from bug 54876
229 bytes, text/html
Details 
Go to the url above.
N6 loads most of the page then crashes in FrameImageLoader.
100% reproducible using todays N6-commerical build on WINNT.
Added crash keyword
Keywords: crash
CC'ing buster since he may have time to help.

Rod, do you have a stack trace? Kevin suggested you might...
Status: NEW → ASSIGNED
A couple of interesting things I just learned:

1) Crashes with today's trunk build in mozilla, but NOT in viewer
2) In nsFrameImageLoader where the crash occurs, it basically loops off into 
memory, I put a counter in the loop and it looped up to 6479 and then crashed.
nsFrameImageLoader::NotifyFrames(int 0) line 569 + 3 bytes
nsFrameImageLoader::Notify(nsIImageRequest * 0x052b0440, nsIImage * 0x05271290, 
nsImageNotification nsImageNotification_kImageComplete, int 0, int 0, void * 
0x00000000) line 505
ns_observer_proc(void * 0x052b02e0, long 7, void * 0x0012fbc4, void * 
0x052b0440) line 113
XP_NotifyObservers(OpaqueObserverList * 0x052b0370, long 7, void * 0x0012fbc4) 
line 259 + 28 bytes
il_image_complete_notify(il_container_struct * 0x052b1f00) line 327 + 18 bytes
il_image_complete(il_container_struct * 0x052b1f00) line 1652 + 9 bytes
ImgDCallbk::ImgDCBHaveImageAll(ImgDCallbk * const 0x052b0030) line 189 + 12 
bytes
process_buffered_gif_input_data(gif_struct * 0x05274a20) line 694
gif_delay_time_callback(void * 0x052b1f00) line 725 + 9 bytes
timer_callback(nsITimer * 0x05277240, void * 0x05274060) line 70 + 12 bytes
nsTimer::Fire() line 194 + 17 bytes
nsTimerManager::FireNextReadyTimer(nsTimerManager * const 0x02922680, unsigned 
int 0) line 117
nsAppShell::Run(nsAppShell * const 0x00af9260) line 116
nsAppShellService::Run(nsAppShellService * const 0x00af8400) line 408
main1(int 1, char * * 0x00a234b0, nsISupports * 0x00000000) line 1024 + 32 bytes
main(int 1, char * * 0x00a234b0) line 1205 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77f1ba06()

this looks like the same bug as pnunn's crasher bug 54876

*** Bug 54876 has been marked as a duplicate of this bug. ***
100% reproducable crash on several high profile sites (including mp3.com), I
think we must fix for rtm.  Setting Priority to P1, severity to critical.
Severity: normal → critical
Keywords: rtm
Priority: P3 → P1
Some more observations pertaining to the test case I just attached:
1. doesn't matter which image is used, as long as the same image is used twice
2. img's must be within a table, and table must have a width (fixed or percent)
3. img must have percent width and fixed height
4. only crashes on initial load.  if you change the test case, load
successfully, then change the test case back to what it was and reload, then you
will not crash.

The call stack looks exactly like the call stack of
#53317. And the value of pfd is the same. I heard a
fix will be ready RealSoonNow.
-p

*** This bug has been marked as a duplicate of 53317 ***
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Verified dupe.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: