loading multi mixed image from Nabber 1.0 HTTP server does not work




18 years ago
6 years ago


(Reporter: uamjet602, Unassigned)




Firefox Tracking Flags

(Not tracked)




(2 attachments)



18 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.12-20 i686; en-US; m18) Gecko/20001019
BuildID:    2000101908

If you 'ask' the 8ball something, you will be directed to another page. You
first see the page loading, then, seemingly when the image loads, mozilla crashes.

Reproducible: Always
Steps to Reproduce:
1. Go to 8ball.federated.com
2. Type some words in the text field above the 'ask' button
3. click the ask button

Actual Results:  Mozilla starts to load the result page, then crashes.

Expected Results:  Display the page.

The mime type of the loaded image is:


It seems to be some strange kind of sequence of jpegs. The file command reports
it as 'data'. It displays correctly in netscape.

Comment 1

18 years ago
Created attachment 17859 [details]
The image that seems to crash mozilla

Comment 2

18 years ago
Site said it was slashdotted, someone needs to try later.

All I was able to get at this time was a response saying "IE may work now if you
have javascript on!"  Also, right & left arrow keys on Apple USB keyboard are
busted (Note:  I still have the "8 ball answers" window still open).

So far, no crash, but in running Mac Mozilla trunk installer build 2000102312,
there is some profoundly weird funkiness.  As I am typing this comment, when I
hit the space bar, Mozilla jumps to the bottom of the page!  As soon as I hit my
next letter key, Mozilla jumps back!

*profound weirdness*, perhaps we should have that as keyword(s)

Comment 3

18 years ago
I see this behavior on Linux, Windows 2000, Windows ME with build 
2000-10-24-09-MN6/  (All three crash) And on Mac I see the "IE may work now if 
you have javascript on! and then it crashes

Comment 4

18 years ago
tpreston: do you have any talkback reports generated on this?  correcting 
platform to all since tpreston's findings are on all platforms (except Mac 
doesn't crash, but still page doesn't show)
Keywords: crash
OS: Linux → All
Hardware: PC → All

Comment 5

18 years ago
Sorry but for some strange reason talkback is not coming up, I just crash and 
then Netscape closes

Comment 6

18 years ago
call stack:
memcpy(unsigned char * 0x03a81028, unsigned char * 0x04484fab, unsigned long 
0x00000d92) line 171
nsCRT::memcpy(void * 0x03a81028, const void * 0x04484fab, unsigned int 
0x00000d92) line 108 + 17 bytes
nsMultiMixedConv::BufferData(char * 0x04484fab, unsigned int 0x00000d92) line 
322 + 18 bytes
nsMultiMixedConv::OnDataAvailable(nsMultiMixedConv * const 0x04a313d0, 
nsIChannel * 0x04ad6360, nsISupports * 0x00000000, nsIInputStream * 0x04a351d4, 
unsigned int 0x00000000, unsigned int 0x00000da3) line 189 + 24 bytes
nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x04ad3460, 
nsIChannel * 0x04ad6360, nsISupports * 0x00000000, nsIInputStream * 0x04a351d4, 
unsigned int 0x00000000, unsigned int 0x00000da3) line 259 + 46 bytes
nsHTTPFinalListener::OnDataAvailable(nsHTTPFinalListener * const 0x04ad61b0, 
nsIChannel * 0x04ad6360, nsISupports * 0x00000000, nsIInputStream * 0x04a351d4, 
unsigned int 0x00000000, unsigned int 0x00000da3) line 1191 + 46 bytes
InterceptStreamListener::OnDataAvailable(InterceptStreamListener * const 
0x04a351d0, nsIChannel * 0x04ad6360, nsISupports * 0x00000000, nsIInputStream * 
0x04a37ce0, unsigned int 0x00000000, unsigned int 0x00000da3) line 1216
nsHTTPServerListener::OnDataAvailable(nsHTTPServerListener * const 0x04a368e0, 
nsIChannel * 0x04a379e4, nsISupports * 0x04ad6360, nsIInputStream * 0x04a37ce0, 
unsigned int 0x000003ce, unsigned int 0x00000da3) line 554 + 67 bytes
nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x04a35450) 
line 400 + 47 bytes
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x04a314b0) line 97 + 12 bytes
PL_HandleEvent(PLEvent * 0x04a314b0) line 580 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00a7d930) line 513 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x09ff05dc, unsigned int 0x0000c08c, unsigned int 
0x00000000, long 0x00a7d930) line 1049 + 9 bytes
USER32! 77e71820()

looks like problem in multi stream handling. 
Jud was working on this before....Gagan, who is picking
this up now?
Assignee: pnunn → gagan

Comment 7

18 years ago
I've reproduced this on M18 on Solaris; stack trace is:

(9df148, 0, 0, 8690d8, 0, 3f3) + 8c
 fdef06d8 SendData__16nsMultiMixedConvPcUi (0, ffbee3a8, 3f3, ffbee434,
fdefe334, 0) + 130
(0, d, 0, f5d314, 0, 9cbc20) + 36c
(bb97d8, 9f2b70, 0, f5d314, 0, 400) + 50
(9df190, 9f2b70, 0, f5d314, 0, 400) + 7c
(f5d310, 9f2b70, 0, aa638c, 0, 400) + 34
(7e22a0, ffbee660, 80000000, aa638c, 104c32c, 400) + bc8
 fded3d8c HandleEvent__22nsOnDataAvailableEvent (0, fded3d20, fed6e000, 2, 4d4,
aa0) + 6c
 fded349c HandlePLEvent__21nsStreamListenerEventP7PLEvent (f5d4a0, fded3480,
4d4, aa0, 4d4, aa0) + 1c
 ff215ca0 PL_HandleEvent (9d20a0, 39130, 0, 0, 0, 0) + 14
 ff215bd4 PL_ProcessPendingEvents (caca0, 0, 0, 0, 0, 0) + 68
 ff216a0c ProcessPendingEvents__16nsEventQueueImpl (38f50, ff2169dc, 1, 0, 0, 0)
+ 30
 fd3a5b9c ???????? (38f50, 5, 1, fd3a5b80, 0, 0)
 fd3a58ac ???????? (2ecbc8, 1, 2f78a8, fd3a5888, 1, 0)
 fe2d41ac g_io_unix_dispatch (1c6618, ffbeeb60, 2f78a8, 0, 0, ffbeeab8) + 18
 fe2d5e88 g_main_dispatch (470, 470, 4d4, aa0, 4d4, aa0) + 128
 fe2d6724 g_main_iterate (fe2fb944, fe2fb8b0, 4d4, aa0, 4d4, aa0) + 7bc
 fe2d6938 g_main_run (220e80, fe3f7060, 117bc8, 0, 0, 0) + b8
 fe1bfcf0 gtk_main (2c00, fd3a5f54, a0848, fda4c304, 0, 0) + 10c
 fd3a6184 Run__10nsAppShell (108b28, fd3a614c, 108b28, 1868d8, 0, ffe) + 38
 fc19de7c Run__17nsAppShellService (10ce00, fc19de68, 10ce00, fc19d1c4, 3f8, 1)
+ 14
 00016f9c ???????? (0, ff2cf650, 0, 5, 100d4, 0)
 00017488 main     (1, ffbeef6c, ffbeef74, 36e58, 0, 0) + 12c
 00014104 _start   (0, 0, 0, 0, 0, 0) + 5c

Comment 8

18 years ago
Page blows up Mac Mozilla trunk build 2000111108 nicely.  Running under Mac OS
9.0.4, with MRJ 2.2.3 and NS plugin installed.

Stdlog from Macsbug follows.

Comment 9

18 years ago
Created attachment 19110 [details]
MacsBug stdlog of crash on above URL

Comment 10

18 years ago

Comment 11

18 years ago
Assignee: gagan → neeti

Comment 12

18 years ago
I am not able to reproduce the crash on the branch build.

Comment 13

18 years ago
I jsut downloaded the latest nightly build from the website for solaris,
date 11-13-00... not sure if this is the same as the "trunk".... but the
problem reproduces there.

Comment 14

18 years ago
Crashed for me on Linux build 2000-11-07-09-MN6.

Comment 15

17 years ago
changing summary from: "crash while loading image".

This crash goes away w/ my patch to 39987, though that patch does not yield the 
same stack trace as the one pnunn produced in this bug.

I'm not sure whether or not the fact that this content is being served from 
a "Nabber 1.0" server is relevent, but the Nabber server *may* be responsible 
for adding the additional period, '.', to the multi/mixed boundary token.

Here's the response from the server.

HTTP/1.1 200 OK
Date: Sat, 24 Feb 2001 23:25:09 GMT
Server: Nabber/1.0
Expires: Sat, 24 Feb 2001 23:25:09 GMT
Content-type: multipart/x-mixed-replace;boundary=ThisIsTheLimit

And here are the two boundary tokens we receive before crashing:
Content-type: im

There's of course data before and after that snippit.

The next snippet is the *last* content we receive before crashing.

The ending '.' char may not be the issue, but rather the boundary token may be 
broken across reads, and we may be choking on that.

I can repro this on linux and windows trunk builds.
Summary: crash while loading image → crash loading multi mixed image from Nabber 1.0 HTTP server

Comment 16

17 years ago
I have the other multi crashers. I'll take this one too. tever, should you be 
the QA contact?
Assignee: neeti → valeski

Comment 17

17 years ago
4.x can render this content. IE cannot (show's broken image).
Keywords: 4xp

Comment 18

17 years ago
although the stacks aren't the same, I'm duping this w/ 39987 as my patch there 
addresses this crash as well.

*** This bug has been marked as a duplicate of 39987 ***
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE

Comment 19

17 years ago
No more crashing.

However, the resulting image is not displayed in Win32 or Linux (but does in MacOS).

Comment 20

17 years ago
Try opening the page info dialog, then clicking on the images tag.

-> crash.

The only thing that has changed is that this image does not display in the web
page anymore.
Resolution: DUPLICATE → ---

Comment 21

17 years ago
dougt got multi covered... :)
Assignee: valeski → dougt
Severity: critical → normal
Target Milestone: --- → mozilla0.9.3


17 years ago
Target Milestone: mozilla0.9.3 → mozilla1.0

Comment 22

17 years ago
what is milestone "mozilla1.0" anyway?  Moving to future.
Target Milestone: mozilla1.0 → Future

Comment 23

17 years ago
pav, can you look at this sometime?
Assignee: dougt → pavlov
Target Milestone: Future → ---

Comment 24

17 years ago
still happening on win NT4 10/20/01 branch, typically crashes after entering a 
few questions to the site

Comment 25

17 years ago
using a mozilla build from today, I'm not seeing the crash, but, we're not
handling the multipart/mixed response from the server. this worked pre libpr0n.
Keywords: regression

Comment 26

17 years ago
If I look at page info and click on images, I crash on win XP 2001111303, for
some reason, I'm unable to send talkback info :-(


16 years ago
Target Milestone: --- → Future
per commment 25, removing crash keyword
Keywords: crash
Summary: crash loading multi mixed image from Nabber 1.0 HTTP server → loading multi mixed image from Nabber 1.0 HTTP server does not work

Comment 28

14 years ago
Is this link broken?

No image viewed with Camino nightly build 20040208, Mac OS 10.3.2.


11 years ago
Assignee: pavlov → nobody
QA Contact: tpreston → imagelib

Comment 29

6 years ago
Closing since the URL is no longer accessible, and the bug was last reproduced over 10 years ago.
Last Resolved: 17 years ago6 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.