Closed Bug 592 Opened 26 years ago Closed 26 years ago

NGLayout crashes when loading this URL

Categories

(Core :: CSS Parsing and Computation, defect, P2)

Product:
Core
Component:
CSS Parsing and Computation
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: angus, Assigned: peterl-retired)

References

(
URL
)

Details

Stack trace:

NTDLL! 77f76148()
nsDebug::NotYetImplemented(char * 0x0054c624, char * 0x0054c5f0, int 434) line
105 + 13 bytes
CSSStyleRuleImpl::CalcLength(const nsCSSValue & {...}, const nsStyleFont *
0x014a7e28, nsIPresContext * 0x0106e430) line 434 + 21 bytes
CSSStyleRuleImpl::MapStyleInto(nsIStyleContext * 0x01459b00, nsIPresContext *
0x0106e430) line 613 + 32 bytes
MapStyleRule(nsISupports * 0x01046be0, void * 0x0012eb80) line 954
SupportsArrayImpl::EnumerateBackwards(SupportsArrayImpl * const 0x010c5350, int
(nsISupports *, void *)* 0x004a5610 MapStyleRule(nsISupports *, void *), void *
0x0012eb80) line 320 + 20 bytes
StyleContextImpl::RemapStyle(nsIPresContext * 0x0106e430) line 983
StyleContextImpl::StyleContextImpl(nsIStyleContext * 0x014a7df8,
nsISupportsArray * 0x010c5350, nsIContent * 0x010c1510, nsIPresContext *
0x0106e430) line 663
NS_NewStyleContext(nsIStyleContext * * 0x0012ebfc, nsIStyleContext * 0x014a7df8,
nsISupportsArray * 0x010c5350, nsIContent * 0x010c1510, nsIPresContext *
0x0106e430) line 1061 + 50 bytes
StyleSetImpl::GetContext(nsIPresContext * 0x0106e430, nsIFrame * 0x0105bd50,
nsIContent * 0x010c1510, nsIStyleContext * 0x014a7df8, nsISupportsArray *
0x010c5350, int 0) line 514 + 25 bytes
StyleSetImpl::ResolveStyleFor(nsIPresContext * 0x0106e430, nsIContent *
0x010c1510, nsIFrame * 0x0105bd50, int 0) line 556 + 32 bytes
nsPresContext::ResolveStyleContextFor(nsIContent * 0x010c1510, nsIFrame *
0x0105bd50, int 0) line 204 + 27 bytes
nsHTMLBase::CreateFrame(nsIPresContext * 0x0106e430, nsIFrame * 0x0105bd50,
nsIContent * 0x010c1510, nsIFrame * 0x00000000, nsIFrame * & 0x010c5290) line
146 + 21 bytes
nsCSSBlockFrame::CreateNewFrames(nsIPresContext * 0x0106e430) line 1647 + 23
bytes
nsCSSBlockFrame::FrameAppendedReflow(nsCSSBlockReflowState & {...}) line 1512 +
15 bytes
nsCSSBlockFrame::ReflowAround(nsCSSBlockFrame * const 0x0105bda0, nsIPresContext
& {...}, nsISpaceManager * 0x01054a70, nsReflowMetrics & {...}, const
nsReflowState & {...}, nsRect & {...}, unsigned int & 0) line 1269 + 18 bytes
nsBodyFrame::Reflow(nsBodyFrame * const 0x0104f570, nsIPresContext & {...},
nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 218
nsContainerFrame::ReflowChild(nsIFrame * 0x0104f570, nsIPresContext *
0x0106e430, nsReflowMetrics & {...}, const nsReflowState & {...}) line 498
RootContentFrame::Reflow(RootContentFrame * const 0x0104e550, nsIPresContext &
{...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0)
line 326 + 27 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x0104e550, nsIPresContext *
0x0106e430, nsReflowMetrics & {...}, const nsReflowState & {...}) line 498
RootFrame::Reflow(RootFrame * const 0x0104eed0, nsIPresContext & {...},
nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 132
+ 27 bytes
nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x010c51a0,
nsIPresContext & {...}, nsReflowMetrics & {...}, const nsSize & {...}) line 133
PresShell::ProcessReflowCommands() line 567
PresShell::ExitReflowLock(PresShell * const 0x010c2920) line 371
PresShell::ContentAppended(PresShell * const 0x010c2924, nsIDocument *
0x0106d7b0, nsIContent * 0x01049e00) line 654
nsDocument::ContentAppended(nsIContent * 0x01049e00) line 504
nsHTMLContainer::AppendChild(nsHTMLContainer * const 0x01049e00, nsIContent *
0x010c1510, int 1) line 192
HTMLContentSink::AppendToCorrectParent(nsHTMLTag eHTMLTag_body, nsIHTMLContent *
0x01049e00, nsHTMLTag eHTMLTag_p, nsIHTMLContent * 0x010c1510, int 1) line 1429
HTMLContentSink::CloseContainer(HTMLContentSink * const 0x01467028, const
nsIParserNode & {...}) line 891
CNavDTD::CloseContainer(const nsIParserNode & {...}, nsHTMLTag eHTMLTag_p, int
1) line 2332 + 22 bytes
CNavDTD::CloseContainersTo(int 2, nsHTMLTag eHTMLTag_p, int 1) line 2366 + 26
bytes
CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_p, int 1) line 2387 + 20 bytes
CNavDTD::HandleEndToken(CToken * 0x010702e0) line 749 + 17 bytes
NavDispatchTokenHandler(CToken * 0x010702e0, nsIDTD * 0x014861c0) line 271 + 12
bytes
CTokenHandler::operator()(CToken * 0x010702e0, nsIDTD * 0x014861c0) line 80 + 14
bytes
CNavDTD::HandleToken(CNavDTD * const 0x014861c0, CToken * 0x010702e0) line 489 +
18 bytes
nsParser::BuildModel() line 578 + 16 bytes
nsParser::ResumeParse() line 526
nsParser::OnDataAvailable(nsParser * const 0x0106dcb4, nsIURL * 0x01064ef0,
nsIInputStream * 0x0106c1a0, int 3704) line 757 + 15 bytes
nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x01064e90,
nsIURL * 0x01064ef0, nsIInputStream * 0x0106c1a0, int 3704) line 904 + 30 bytes
stub_put_block(_NET_StreamClass * 0x0106c150, char * 0x00fea2c0, long 3704) line
558 + 36 bytes
net_MemCacheWrite(_NET_StreamClass * 0x010c2fc0, char * 0x00fea2c0, long 3704)
line 660 + 24 bytes
net_pull_http_data(_ActiveEntry * 0x0106b560) line 3156 + 29 bytes
net_ProcessHTTP(_ActiveEntry * 0x0106b560) line 3548 + 9 bytes
NET_ProcessNet(PRFileDesc * 0x010ca380, int 2) line 3272 + 13 bytes
NET_PollSockets() line 180 + 18 bytes
nsNetlibService::NetPollSocketsCallback(nsITimer * 0x01035eb0, void *
0x01013e60) line 488
TimerImpl::Fire(unsigned long 435833205) line 319 + 17 bytes
TimerImpl::ProcessTimeouts(unsigned long 435833205) line 197
FireTimeout(void * 0x00000000, unsigned int 275, unsigned int 14641, unsigned
long 435833205) line 101 + 9 bytes
USER32! 77e7128c()
main(int 1, char * * 0x00ff51d0) line 95
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77f1b304()
I forgot to mention that I dunno if this is a style thing or a parser thing. We
also crash on these CSS Test URLs:

http://www.w3.org/Style/CSS/Test/current/sec541.htm
http://www.w3.org/Style/CSS/Test/current/sec542.htm
http://www.w3.org/Style/CSS/Test/current/sec547.htm
http://www.w3.org/Style/CSS/Test/current/sec548.htm
http://www.w3.org/Style/CSS/Test/current/sec61.htm
all with similar stack traces to those given in the initital report.

We also crash on:
http://www.w3.org/Style/CSS/Test/current/sec63.htm

With a slightly different stack trace:
nsDebug::PreCondition(char * 0x00549c50, char * 0x00549c34, char * 0x00549c00,
int 472) line 75 + 13 bytes
CSSParserImpl::UngetToken() line 472 + 39 bytes
CSSParserImpl::ParseColor(int * 0x0012f488, unsigned int * 0x0012f230) line 1040
CSSParserImpl::ParseVariant(int * 0x0012f488, nsICSSDeclaration * 0x010845f0,
char * 0x0012f35c, int 8, int * 0x00000000) line 1590 + 22 bytes
CSSParserImpl::ParseProperty(int * 0x0012f488, char * 0x0012f35c,
nsICSSDeclaration * 0x010845f0, int 35) line 1752 + 24 bytes
CSSParserImpl::ParseProperty(int * 0x0012f488, char * 0x0012f35c,
nsICSSDeclaration * 0x010845f0) line 1690 + 24 bytes
CSSParserImpl::ParseDeclaration(int * 0x0012f488, nsICSSDeclaration *
0x010845f0, int 1) line 1104 + 20 bytes
CSSParserImpl::ParseDeclarationBlock(int * 0x0012f488, int 1) line 973 + 20
bytes
CSSParserImpl::ParseRuleSet(int * 0x0012f488) line 706 + 14 bytes
CSSParserImpl::Parse(CSSParserImpl * const 0x010835e0, nsIUnicharInputStream *
0x010835a0, nsIURL * 0x0108cc50, nsIStyleSheet * & 0x00000000) line 394
HTMLContentSink::LoadStyleSheet(nsIURL * 0x0108cc50, nsIUnicharInputStream *
0x010835a0) line 1892
HTMLContentSink::ProcessSTYLETag(const nsIParserNode & {...}) line 1869 + 19
bytes
HTMLContentSink::AddLeaf(HTMLContentSink * const 0x014425f0, const nsIParserNode
& {...}) line 1215
CNavDTD::AddLeaf(const nsIParserNode & {...}) line 2440 + 22 bytes
CNavDTD::HandleStartToken(CToken * 0x01077820) line 629 + 15 bytes
NavDispatchTokenHandler(CToken * 0x01077820, nsIDTD * 0x01498028) line 269 + 12
bytes
CTokenHandler::operator()(CToken * 0x01077820, nsIDTD * 0x01498028) line 80 + 14
bytes
CNavDTD::HandleToken(CNavDTD * const 0x01498028, CToken * 0x01077820) line 489 +
18 bytes
nsParser::BuildModel() line 578 + 16 bytes
nsParser::ResumeParse() line 526
nsParser::OnDataAvailable(nsParser * const 0x0108ea24, nsIURL * 0x0108cc50,
nsIInputStream * 0x0108e450, int 984) line 757 + 15 bytes
nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x0108cbf0,
nsIURL * 0x0108cc50, nsIInputStream * 0x0108e450, int 984) line 904 + 30 bytes
stub_put_block(_NET_StreamClass * 0x0108d600, char * 0x01494770, long 984) line
558 + 36 bytes
net_MemCacheWrite(_NET_StreamClass * 0x01074970, char * 0x01494770, long 984)
line 660 + 24 bytes
net_setup_http_stream(_ActiveEntry * 0x0108db80) line 2957 + 30 bytes
net_ProcessHTTP(_ActiveEntry * 0x0108db80) line 3536 + 9 bytes
NET_ProcessNet(PRFileDesc * 0x010cae80, int 2) line 3272 + 13 bytes
NET_PollSockets() line 180 + 18 bytes
nsNetlibService::NetPollSocketsCallback(nsITimer * 0x0108d650, void *
0x01013e60) line 488
TimerImpl::Fire(unsigned long 436745817) line 319 + 17 bytes
TimerImpl::ProcessTimeouts(unsigned long 436745817) line 197
FireTimeout(void * 0x00000000, unsigned int 275, unsigned int 15738, unsigned
long 436745817) line 101 + 9 bytes
USER32! 77e7128c()
main(int 1, char * * 0x00ff51d0) line 95
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77f1b304()
Status: NEW → ASSIGNED
Component: Unknown → Style System
Assert on x-height
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
this was an assertion telling us that x-height wasn't impemented. Now it is.
Status: RESOLVED → VERIFIED
QA Contact: 4110
chrisd set as qa contact but also verified as fixed, Feb 3 Seamonkey on win32
You need to log in before you can comment on or make changes to this bug.