From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.12-20 i686; en-US; m18) Gecko/20001019 BuildID: 2000101908 If you 'ask' the 8ball something, you will be directed to another page. You first see the page loading, then, seemingly when the image loads, mozilla crashes. Reproducible: Always Steps to Reproduce: 1. Go to 8ball.federated.com 2. Type some words in the text field above the 'ask' button 3. click the ask button Actual Results: Mozilla starts to load the result page, then crashes. Expected Results: Display the page. The mime type of the loaded image is: multipart/x-mixed-replace It seems to be some strange kind of sequence of jpegs. The file command reports it as 'data'. It displays correctly in netscape.
tpreston: do you have any talkback reports generated on this? correcting platform to all since tpreston's findings are on all platforms (except Mac doesn't crash, but still page doesn't show)
OS: Linux → All
Hardware: PC → All
Sorry but for some strange reason talkback is not coming up, I just crash and then Netscape closes
call stack: memcpy(unsigned char * 0x03a81028, unsigned char * 0x04484fab, unsigned long 0x00000d92) line 171 nsCRT::memcpy(void * 0x03a81028, const void * 0x04484fab, unsigned int 0x00000d92) line 108 + 17 bytes nsMultiMixedConv::BufferData(char * 0x04484fab, unsigned int 0x00000d92) line 322 + 18 bytes nsMultiMixedConv::OnDataAvailable(nsMultiMixedConv * const 0x04a313d0, nsIChannel * 0x04ad6360, nsISupports * 0x00000000, nsIInputStream * 0x04a351d4, unsigned int 0x00000000, unsigned int 0x00000da3) line 189 + 24 bytes nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x04ad3460, nsIChannel * 0x04ad6360, nsISupports * 0x00000000, nsIInputStream * 0x04a351d4, unsigned int 0x00000000, unsigned int 0x00000da3) line 259 + 46 bytes nsHTTPFinalListener::OnDataAvailable(nsHTTPFinalListener * const 0x04ad61b0, nsIChannel * 0x04ad6360, nsISupports * 0x00000000, nsIInputStream * 0x04a351d4, unsigned int 0x00000000, unsigned int 0x00000da3) line 1191 + 46 bytes InterceptStreamListener::OnDataAvailable(InterceptStreamListener * const 0x04a351d0, nsIChannel * 0x04ad6360, nsISupports * 0x00000000, nsIInputStream * 0x04a37ce0, unsigned int 0x00000000, unsigned int 0x00000da3) line 1216 nsHTTPServerListener::OnDataAvailable(nsHTTPServerListener * const 0x04a368e0, nsIChannel * 0x04a379e4, nsISupports * 0x04ad6360, nsIInputStream * 0x04a37ce0, unsigned int 0x000003ce, unsigned int 0x00000da3) line 554 + 67 bytes nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x04a35450) line 400 + 47 bytes nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x04a314b0) line 97 + 12 bytes PL_HandleEvent(PLEvent * 0x04a314b0) line 580 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00a7d930) line 513 + 9 bytes _md_EventReceiverProc(HWND__ * 0x09ff05dc, unsigned int 0x0000c08c, unsigned int 0x00000000, long 0x00a7d930) line 1049 + 9 bytes USER32! 77e71820() 00a7d930() looks like problem in multi stream handling. Jud was working on this before....Gagan, who is picking this up now?
Assignee: pnunn → gagan
I've reproduced this on M18 on Solaris; stack trace is: ff348d90 OnDataAvailable__13ImageConsumerP10nsIChannelP11nsISupportsP14nsIInputStreamUiUi (9df148, 0, 0, 8690d8, 0, 3f3) + 8c fdef06d8 SendData__16nsMultiMixedConvPcUi (0, ffbee3a8, 3f3, ffbee434, fdefe334, 0) + 130 fdeefae4 OnDataAvailable__16nsMultiMixedConvP10nsIChannelP11nsISupportsP14nsIInputStreamUiUi (0, d, 0, f5d314, 0, 9cbc20) + 36c fddcafb0 OnDataAvailable__18nsDocumentOpenInfoP10nsIChannelP11nsISupportsP14nsIInputStreamUiUi (bb97d8, 9f2b70, 0, f5d314, 0, 400) + 50 fdf20728 OnDataAvailable__19nsHTTPFinalListenerP10nsIChannelP11nsISupportsP14nsIInputStreamUiUi (9df190, 9f2b70, 0, f5d314, 0, 400) + 7c fdefe2d8 OnDataAvailable__23InterceptStreamListenerP10nsIChannelP11nsISupportsP14nsIInputStreamUiUi (f5d310, 9f2b70, 0, aa638c, 0, 400) + 34 fdf1f4c4 OnDataAvailable__20nsHTTPServerListenerP10nsIChannelP11nsISupportsP14nsIInputStreamUiUi (7e22a0, ffbee660, 80000000, aa638c, 104c32c, 400) + bc8 fded3d8c HandleEvent__22nsOnDataAvailableEvent (0, fded3d20, fed6e000, 2, 4d4, aa0) + 6c fded349c HandlePLEvent__21nsStreamListenerEventP7PLEvent (f5d4a0, fded3480, 4d4, aa0, 4d4, aa0) + 1c ff215ca0 PL_HandleEvent (9d20a0, 39130, 0, 0, 0, 0) + 14 ff215bd4 PL_ProcessPendingEvents (caca0, 0, 0, 0, 0, 0) + 68 ff216a0c ProcessPendingEvents__16nsEventQueueImpl (38f50, ff2169dc, 1, 0, 0, 0) + 30 fd3a5b9c ???????? (38f50, 5, 1, fd3a5b80, 0, 0) fd3a58ac ???????? (2ecbc8, 1, 2f78a8, fd3a5888, 1, 0) fe2d41ac g_io_unix_dispatch (1c6618, ffbeeb60, 2f78a8, 0, 0, ffbeeab8) + 18 fe2d5e88 g_main_dispatch (470, 470, 4d4, aa0, 4d4, aa0) + 128 fe2d6724 g_main_iterate (fe2fb944, fe2fb8b0, 4d4, aa0, 4d4, aa0) + 7bc fe2d6938 g_main_run (220e80, fe3f7060, 117bc8, 0, 0, 0) + b8 fe1bfcf0 gtk_main (2c00, fd3a5f54, a0848, fda4c304, 0, 0) + 10c fd3a6184 Run__10nsAppShell (108b28, fd3a614c, 108b28, 1868d8, 0, ffe) + 38 fc19de7c Run__17nsAppShellService (10ce00, fc19de68, 10ce00, fc19d1c4, 3f8, 1) + 14 00016f9c ???????? (0, ff2cf650, 0, 5, 100d4, 0) 00017488 main (1, ffbeef6c, ffbeef74, 36e58, 0, 0) + 12c 00014104 _start (0, 0, 0, 0, 0, 0) + 5c
Page blows up Mac Mozilla trunk build 2000111108 nicely. Running under Mac OS 9.0.4, with MRJ 2.2.3 and NS plugin installed. Stdlog from Macsbug follows.
Assignee: gagan → neeti
I am not able to reproduce the crash on the branch build.
I jsut downloaded the latest nightly build from the website for solaris, date 11-13-00... not sure if this is the same as the "trunk".... but the problem reproduces there.
Crashed for me on Linux build 2000-11-07-09-MN6.
changing summary from: "crash while loading image". This crash goes away w/ my patch to 39987, though that patch does not yield the same stack trace as the one pnunn produced in this bug. I'm not sure whether or not the fact that this content is being served from a "Nabber 1.0" server is relevent, but the Nabber server *may* be responsible for adding the additional period, '.', to the multi/mixed boundary token. Here's the response from the server. HTTP/1.1 200 OK Date: Sat, 24 Feb 2001 23:25:09 GMT Server: Nabber/1.0 Expires: Sat, 24 Feb 2001 23:25:09 GMT Content-type: multipart/x-mixed-replace;boundary=ThisIsTheLimit And here are the two boundary tokens we receive before crashing: " .(...(....--This IsTheLimit. Content-type: im age/jpeg " There's of course data before and after that snippit. The next snippet is the *last* content we receive before crashing. " (...(...(......- -ThisIsTheLimit. " The ending '.' char may not be the issue, but rather the boundary token may be broken across reads, and we may be choking on that. I can repro this on linux and windows trunk builds.
Summary: crash while loading image → crash loading multi mixed image from Nabber 1.0 HTTP server
I have the other multi crashers. I'll take this one too. tever, should you be the QA contact?
Assignee: neeti → valeski
4.x can render this content. IE cannot (show's broken image).
although the stacks aren't the same, I'm duping this w/ 39987 as my patch there addresses this crash as well. *** This bug has been marked as a duplicate of 39987 ***
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE
VERIFIED: No more crashing. However, the resulting image is not displayed in Win32 or Linux (but does in MacOS).
Status: RESOLVED → VERIFIED
Try opening the page info dialog, then clicking on the images tag. -> crash. The only thing that has changed is that this image does not display in the web page anymore.
Status: VERIFIED → REOPENED
Resolution: DUPLICATE → ---
dougt got multi covered... :)
Assignee: valeski → dougt
Severity: critical → normal
Status: REOPENED → NEW
Target Milestone: --- → mozilla0.9.3
what is milestone "mozilla1.0" anyway? Moving to future.
Target Milestone: mozilla1.0 → Future
pav, can you look at this sometime?
Assignee: dougt → pavlov
Target Milestone: Future → ---
still happening on win NT4 10/20/01 branch, typically crashes after entering a few questions to the site
using a mozilla build from today, I'm not seeing the crash, but, we're not handling the multipart/mixed response from the server. this worked pre libpr0n.
If I look at page info and click on images, I crash on win XP 2001111303, for some reason, I'm unable to send talkback info :-(
per commment 25, removing crash keyword
Summary: crash loading multi mixed image from Nabber 1.0 HTTP server → loading multi mixed image from Nabber 1.0 HTTP server does not work
Is this link broken? No image viewed with Camino nightly build 20040208, Mac OS 10.3.2.
Closing since the URL is no longer accessible, and the bug was last reproduced over 10 years ago.
Status: NEW → RESOLVED
Last Resolved: 17 years ago → 6 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.