Closed Bug 5606 Opened 25 years ago Closed 25 years ago

Crash in nsDTDContext::GetStyles

Categories

(Core :: DOM: HTML Parser, defect, P3)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: pollmann, Assigned: rickg)

References

(
URL
)

Details

Attachments

(1 file)

Full stack trace
4.46 KB, text/plain
Details 
This crash is relatively new (did not crash here on this page last week).  I
found it while doing work on bug #3585.  This new crash is masking bug #3585 so
I would bet that you will still crash on that bug even when you get this one
fixed.

I load up the following document:
<HTML>
  <BODY ONLOAD="document.open(); document.close()">
    Foo
  </BODY>
</HTML>

And the browser crashes with this stack trace:
#0  0x405651bc in nsDTDContext::GetStyles (this=0x83d7048)
    at nsDTDUtils.cpp:269
#1  0x4056f78f in CNavDTD::UpdateStyleStackForCloseTag (this=0x8318740,
    aTag=eHTMLTag_html, anActualTag=eHTMLTag_html) at CNavDTD.cpp:2871
#2  0x4056cc09 in CNavDTD::HandleEndToken (this=0x8318740, aToken=0x830e048)
    at CNavDTD.cpp:1401
#3  0x4056a725 in NavDispatchTokenHandler (aToken=0x830e048, aDTD=0x8318740)
    at CNavDTD.cpp:250
#4  0x4057b394 in CTokenHandler::operator() (this=0x8318910, aToken=0x830e048,
    aDTD=0x8318740) at nsTokenHandler.cpp:80
#5  0x4056b3cd in CNavDTD::HandleToken (this=0x8318740, aToken=0x830e048,
    aParser=0x8316ae0) at CNavDTD.cpp:635
#6  0x4056b00a in CNavDTD::BuildModel (this=0x8318740, aParser=0x8316ae0,
    aTokenizer=0x83d7420, anObserver=0x0, aSink=0x8317b78) at CNavDTD.cpp:509
#7  0x405789c3 in nsParser::BuildModel (this=0x8316ae0) at nsParser.cpp:847
#8  0x405788b4 in nsParser::ResumeParse (this=0x8316ae0, aDefaultDTD=0x0)
    at nsParser.cpp:799
#9  0x4057871c in nsParser::Parse (this=0x8316ae0, aSourceBuffer=@0xbfffe538,
    aKey=0x80000001, aContentType=@0xbfffe528, aEnableVerify=0, aLastCall=1)
    at nsParser.cpp:742
#10 0x403b3d7c in nsHTMLDocument::Close (this=0x8387190)
    at nsHTMLDocument.cpp:1249
... (I'll attach a full stack trace, it's 40 levels deep)
Attached file Full stack trace 

    
  
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED

    
    

    
  
Caused by an oversight on my part in the access pathway to the new residual
style stack. Sorry for the inconvenience. Fixed by update to DTDUtils.

    
    

    
  
Durn that was fast.
I think you deserve an award for "fastest bugfix in the West".  :)

    
  
QA Contact: 3847 → 4141

    
    

    
  
Attempting to steal gem's HTMLParser bugs all at once.  Changing QAContact to
janc.

    
  
Status: RESOLVED → VERIFIED

    
    

    
  
verified fixed.
199071308

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: