Browser crashed when loading an advogato page

RESOLVED WORKSFORME

Status

()

Core
Document Navigation
--
critical
RESOLVED WORKSFORME
17 years ago
17 years ago

People

(Reporter: Guy Rixon, Assigned: Adam Lock)

Tracking

Trunk
Sun
Solaris
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

17 years ago
From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (X11; U; SunOS 5.8 sun4u)
BuildID:    20001020721

I clicked on a link to the URL above in a slashdot article.  The browser dumped
core before the advogato page appeared.  When I restarted and went back there,
it worked properly.



Reproducible: Couldn't Reproduce

Actual Results:  Document http://www.slashdot.org/ loaded successfully
Illegal Instruction - core dumped

Expected Results:  Page loads normally.

This is the information at the crash site, taken from the SUN Workshop debugger:

Thread R state   root       function
1      a active  <none>     0xff0537b4
2      b active  <none>     _signotifywait
3        sleep   <none>     _reap_wait
4      a active  0xff0537b4 _libc_poll
5      a sleep   0xff0537b4 __lwp_sema_wait

   0x168c8(0x0, 0xff2d7ef0, 0x0, 0x5, 0x100d4, 0x0)
   Run__17nsAppShellService(0xdf548, 0xfe11ed30, 0xdf548, 0xfe11e08c,
 0x3f8, 0x1)
   Run__10nsAppShell(0x37e50, 0xfe02693c, 0x37e50, 0x142940, 0x0,
 0xffe)
   gtk_main(0x2c00, 0x2c00, 0x86d88, 0xfdc5d8d0, 0x21fb0, 0x0)
   g_main_run(0x177ea0, 0xfdffae3c, 0xfdf9a140, 0x868e0, 0x0, 0x0)
   g_main_iterate(0x4d4, 0xa98, 0x64, 0xa98, 0x4d4, 0x470)
   g_main_dispatch(0x4d4, 0xa98, 0x470, 0x4d4, 0xa98, 0xfddcca48)
   g_io_unix_dispatch(0x185168, 0xffbee3a0, 0x177ed0, 0xfddccb08, 0x0,
 0xffbee300)
   0xfe02609c(0x1709e0, 0x1, 0x177ed0, 0xfe026078, 0x1, 0x0)
   0xfe02638c(0x733d0, 0x5, 0x1, 0xfe026370, 0x0, 0x0)
   ProcessPendingEvents__16nsEventQueueImpl(0x733d0, 0xff21b388, 0x1,
 0x0, 0x0, 0x0)
   PL_ProcessPendingEvents(0xdf8d0, 0x0, 0x0, 0x0, 0x0, 0x0)
   PL_HandleEvent(0x963690, 0x362e0, 0x0, 0x0, 0x0, 0x0)
   HandlePLEvent__21nsStreamObserverEventP7PLEvent(0x963690,
 0xfd7e2e24, 0x64, 0xa98, 0x4d4, 0x470)
   HandleEvent__22nsOnDataAvailableEvent(0x963690, 0xfd7e38ac,
 0xfef9e000, 0x1, 0xa98, 0xfddcca48)
   
OnDataAvailable__20nsHTTPServerListenerP10nsIChannelP11nsISupportsP14nsIInputStreamUiUi
(0xa37248, 0xa3e334, 0x527d10, 0x80c314, 0xa3e334, 0x4b6)
   FinishedResponseHeaders__20nsHTTPServerListener(0xa37248,
 0xffbede5c, 0x4b8, 0xffbede60, 0x1, 0x0)
   OnStartRequest__23InterceptStreamListenerP10nsIChannelP11nsISupports
(0xa660b0, 0x527d10, 0x0, 0xfd8077f4, 0xa660b0, 0xff203b3c)
   OnStartRequest__19nsHTTPFinalListenerP10nsIChannelP11nsISupports
(0x6c7e60, 0x527d10, 0x0, 0xfd82ac0c, 0xffffffff, 0xffbedd34)
   OnStartRequest__18nsDocumentOpenInfoP10nsIChannelP11nsISupports
(0x898360, 0x527d10, 0x0, 0xfd66d9b0, 0x2, 0xa3e542)
   DispatchContent__18nsDocumentOpenInfoP10nsIChannelP11nsISupports
(0xffbedba8, 0xffbedbb0, 0x0, 0x898360, 0x527d10, 0x1898)
   
DoContent__22nsDSURIContentListenerPCciT1P10nsIChannelPP17nsIStreamListenerPi
(0x4dcc18, 0xffbedb68, 0x7, 0xff2ad47c, 0x527d10, 0xffbedbd0)
   
CreateContentViewer__10nsDocShellPCcP10nsIChannelPP17nsIStreamListener
(0x4e1708, 0xffbedb68, 0x527d10, 0xffbedbd0, 0xfd6c7ae4, 0xff00)
   Embed__10nsWebShellP16nsIContentViewerPCcP11nsISupports(0x4e1708,
 0x7738c0, 0xfd6e87e8, 0x0, 0xfd6ce2a4, 0xffbed9f0)
   Embed__10nsDocShellP16nsIContentViewerPCcP11nsISupports(0x4e1708,
 0x7738c0, 0xfd6e87e8, 0x0, 0xfd6cac58, 0x4e1728)
   SetupNewViewer__10nsWebShellP16nsIContentViewer(0x4e1708, 0x7738c0,
 0xfd6ce164, 0xfd6cae80, 0xfd6cb7e8, 0xfd3e5bc8)
   SetupNewViewer__10nsDocShellP16nsIContentViewer(0x4e1708, 0x7738c0,
 0x4e1828, 0xfc6c5640, 0x7a0c50, 0xec31030f)
   Init__18DocumentViewerImplP9nsIWidgetP16nsIDeviceContextRC6nsRect
(0xff2d7ef0, 0x4e1be8, 0x4eb400, 0xffbed7b0, 0xfd049390, 0xfd6d18ac)
   SetNewDocument__16GlobalWindowImplP14nsIDOMDocument(0x4eb690,
 0x67b08c, 0x4eb690, 0xfe1d51c4, 0x67b08c, 0xffbed7ac)
   GC__11nsJSContext(0x4eb788, 0xfe1c6100, 0x4eb788, 0xff223c34,
 0xfdc5e420, 0xaac4a9)
   JS_GC(0x4eb7c8, 0x2, 0xffbed498, 0xfe1178a0, 0x67b088, 0x0)
   js_ForceGC(0x4eb7c8, 0x4eb7e0, 0x4e148c, 0xff22f4d8, 0x3326c, 0x0)
   js_GC(0x4eb7c8, 0x0, 0x10, 0xff100864, 0x0, 0x0)
   js_FinalizeObject(0x4eb7c8, 0x513d60, 0xff0c44c8, 0x4eb7c8,
 0x57f190, 0xfdba1c84)
   0xfe21d950(0x4eb7c8, 0x513d60, 0xfe21d948, 0x8dfc0, 0x0, 0x90180)
   nsGenericFinalize__9nsJSUtilsP9JSContextP8JSObject(0x685480,
 0x513d60, 0x8dfc0, 0xff0b1100, 0x752a0, 0x57f250)
   Release__17nsHTMLHtmlElement(0x685458, 0xfcebb098, 0x68545c,
 0xfd05f584, 0xbff98, 0xfdbadf5c)
   Release__16nsGenericElement(0x685458, 0x1, 0xfce2f854, 0x76d0e8,
 0xe9, 0x7f52c0)
   _17nsHTMLHtmlElement(0x685458, 0x3, 0xfcebb030, 0x7f52c8, 0x6587c8,
 0xe8)
   _29nsGenericHTMLContainerElement(0x685458, 0x3, 0xfe3622ec, 0x1,
 0x917100, 0x60)
   Release__17nsHTMLBodyElement(0x812188, 0xfcea8d34, 0xfd05e254,
 0xff100864, 0x0, 0x0)
   Release__16nsGenericElement(0x812188, 0x2, 0x3, 0x4eb7c8, 0x57f190,
 0xfdba1c84)
   _17nsHTMLBodyElement(0x812188, 0x3, 0xfceaa1a8, 0x8dfc0, 0x0,
 0x90180)
   _11nsBodySuper(0x812188, 0x3, 0x8dfc0, 0x0, 0x752a0, 0x57f250)
  0x91d5c(0x812188, 0x3, 0x6838a0, 0xfef38000, 0xbff98, 0xfdbadf5c)

A few pages before the crash, the browser had loaded a page that is known to
have bad Javascript and _sometimes_ crashes mozilla directly (separate bug
report is on bugzilla somewhere...). It may be that page that corrupted mozilla,
not the advogato page.

Comment 1

17 years ago
No JS Engine issues apparent in stack trace. Reassigning to Embedding:Docshell 
for further triage. Note bug occured on Solaris - 
Assignee: rogerl → adamlock
Status: UNCONFIRMED → NEW
Component: Javascript Engine → Embedding: Docshell
Ever confirmed: true
QA Contact: pschwartau → adamlock
(Reporter)

Comment 2

17 years ago
I've reproduced this one now; it turns out to be nothing to do with the advogato
page.

To reproduce:
1. Go to http://www.roadwaffles.com/
2. Target page renders in part, then _seems_ to do a (slow) redirect to some
other site.
3. Think "sod that", press Back to try to get back to the target site.
4. Browser dumps core.

On the console, it now says
JavaScript error: 
http://www.roadwaffles.com/banners/bert.js line 143: missing ; before statement

Error loading URL http://www.roadwaffles.com/: 804b0002 
Segmentation Fault
(Assignee)

Comment 3

17 years ago
It looks like it could be a JS issue, but I'm unable to reproduce the 
problem. From the stack trace it looks like an HTML element is being held by a 
script context, but when garbage collection occurs the element has already been 
destroyed causing a crash when the pointer is accessed.

Marking this WORKSFORME. If the problem is still reproduceable (in some easier 
fashion) preferably. Re open this bug/
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.