Closed
Bug 5606
Opened 25 years ago
Closed 25 years ago
Crash in nsDTDContext::GetStyles
Categories
(Core :: DOM: HTML Parser, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: pollmann, Assigned: rickg)
References
()
Details
Attachments
(1 file)
4.46 KB,
text/plain
|
Details |
This crash is relatively new (did not crash here on this page last week). I found it while doing work on bug #3585. This new crash is masking bug #3585 so I would bet that you will still crash on that bug even when you get this one fixed. I load up the following document: <HTML> <BODY ONLOAD="document.open(); document.close()"> Foo </BODY> </HTML> And the browser crashes with this stack trace: #0 0x405651bc in nsDTDContext::GetStyles (this=0x83d7048) at nsDTDUtils.cpp:269 #1 0x4056f78f in CNavDTD::UpdateStyleStackForCloseTag (this=0x8318740, aTag=eHTMLTag_html, anActualTag=eHTMLTag_html) at CNavDTD.cpp:2871 #2 0x4056cc09 in CNavDTD::HandleEndToken (this=0x8318740, aToken=0x830e048) at CNavDTD.cpp:1401 #3 0x4056a725 in NavDispatchTokenHandler (aToken=0x830e048, aDTD=0x8318740) at CNavDTD.cpp:250 #4 0x4057b394 in CTokenHandler::operator() (this=0x8318910, aToken=0x830e048, aDTD=0x8318740) at nsTokenHandler.cpp:80 #5 0x4056b3cd in CNavDTD::HandleToken (this=0x8318740, aToken=0x830e048, aParser=0x8316ae0) at CNavDTD.cpp:635 #6 0x4056b00a in CNavDTD::BuildModel (this=0x8318740, aParser=0x8316ae0, aTokenizer=0x83d7420, anObserver=0x0, aSink=0x8317b78) at CNavDTD.cpp:509 #7 0x405789c3 in nsParser::BuildModel (this=0x8316ae0) at nsParser.cpp:847 #8 0x405788b4 in nsParser::ResumeParse (this=0x8316ae0, aDefaultDTD=0x0) at nsParser.cpp:799 #9 0x4057871c in nsParser::Parse (this=0x8316ae0, aSourceBuffer=@0xbfffe538, aKey=0x80000001, aContentType=@0xbfffe528, aEnableVerify=0, aLastCall=1) at nsParser.cpp:742 #10 0x403b3d7c in nsHTMLDocument::Close (this=0x8387190) at nsHTMLDocument.cpp:1249 ... (I'll attach a full stack trace, it's 40 levels deep)
Reporter | ||
Comment 1•25 years ago
|
||
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Caused by an oversight on my part in the access pathway to the new residual style stack. Sorry for the inconvenience. Fixed by update to DTDUtils.
Reporter | ||
Comment 3•25 years ago
|
||
Durn that was fast. I think you deserve an award for "fastest bugfix in the West". :)
Updated•25 years ago
|
QA Contact: 3847 → 4141
Comment 4•25 years ago
|
||
Attempting to steal gem's HTMLParser bugs all at once. Changing QAContact to janc.
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
Comment 5•25 years ago
|
||
verified fixed. 199071308
You need to log in
before you can comment on or make changes to this bug.
Description
•