Crash in nsDTDContext::GetStyles

VERIFIED FIXED

Status

()

Core
HTML: Parser
P3
normal
VERIFIED FIXED
19 years ago
19 years ago

People

(Reporter: Eric Pollmann, Assigned: rickg)

Tracking

Trunk
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

19 years ago
This crash is relatively new (did not crash here on this page last week).  I
found it while doing work on bug #3585.  This new crash is masking bug #3585 so
I would bet that you will still crash on that bug even when you get this one
fixed.

I load up the following document:
<HTML>
  <BODY ONLOAD="document.open(); document.close()">
    Foo
  </BODY>
</HTML>

And the browser crashes with this stack trace:
#0  0x405651bc in nsDTDContext::GetStyles (this=0x83d7048)
    at nsDTDUtils.cpp:269
#1  0x4056f78f in CNavDTD::UpdateStyleStackForCloseTag (this=0x8318740,
    aTag=eHTMLTag_html, anActualTag=eHTMLTag_html) at CNavDTD.cpp:2871
#2  0x4056cc09 in CNavDTD::HandleEndToken (this=0x8318740, aToken=0x830e048)
    at CNavDTD.cpp:1401
#3  0x4056a725 in NavDispatchTokenHandler (aToken=0x830e048, aDTD=0x8318740)
    at CNavDTD.cpp:250
#4  0x4057b394 in CTokenHandler::operator() (this=0x8318910, aToken=0x830e048,
    aDTD=0x8318740) at nsTokenHandler.cpp:80
#5  0x4056b3cd in CNavDTD::HandleToken (this=0x8318740, aToken=0x830e048,
    aParser=0x8316ae0) at CNavDTD.cpp:635
#6  0x4056b00a in CNavDTD::BuildModel (this=0x8318740, aParser=0x8316ae0,
    aTokenizer=0x83d7420, anObserver=0x0, aSink=0x8317b78) at CNavDTD.cpp:509
#7  0x405789c3 in nsParser::BuildModel (this=0x8316ae0) at nsParser.cpp:847
#8  0x405788b4 in nsParser::ResumeParse (this=0x8316ae0, aDefaultDTD=0x0)
    at nsParser.cpp:799
#9  0x4057871c in nsParser::Parse (this=0x8316ae0, aSourceBuffer=@0xbfffe538,
    aKey=0x80000001, aContentType=@0xbfffe528, aEnableVerify=0, aLastCall=1)
    at nsParser.cpp:742
#10 0x403b3d7c in nsHTMLDocument::Close (this=0x8387190)
    at nsHTMLDocument.cpp:1249
... (I'll attach a full stack trace, it's 40 levels deep)
(Reporter)

Comment 1

19 years ago
Created attachment 68 [details]
Full stack trace
(Assignee)

Updated

19 years ago
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED
(Assignee)

Comment 2

19 years ago
Caused by an oversight on my part in the access pathway to the new residual
style stack. Sorry for the inconvenience. Fixed by update to DTDUtils.
(Reporter)

Comment 3

19 years ago
Durn that was fast.
I think you deserve an award for "fastest bugfix in the West".  :)

Updated

19 years ago
QA Contact: 3847 → 4141

Comment 4

19 years ago
Attempting to steal gem's HTMLParser bugs all at once.  Changing QAContact to
janc.

Updated

19 years ago
Status: RESOLVED → VERIFIED

Comment 5

19 years ago
verified fixed.
199071308
You need to log in before you can comment on or make changes to this bug.