Closed Bug 71398 Opened 25 years ago Closed 25 years ago

after searching for "black music" it crashes

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 67864
Milestone:
mozilla0.9

People

(Reporter: js, Assigned: karnaze)

References

(
URL
)

Details

(Keywords: crash, testcase)

Attachments

(2 files)

Zipped Dr. Watson crashlog
108.10 KB, application/x-zip-compressed
Details
testcase
177 bytes, text/html
Details
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; 0.8) Gecko/20010215 BuildID: 2001021508 After clicking on the link in from the search menu to "Soul Patrol" after searching in google, it performs a fatal error Reproducible: Always Steps to Reproduce: 1. Search for "black music" in the search toolbar after selecting only google. 2. Click on "soul patrol" in the sidebar 3. After loading the page about halfway, it will crash Alternate reproduction Reproducible: Always 1. Go to http://www.soul-patrol.com 2. It will perform the same crash as mentioned above. Actual Results: Mozilla crashed, every time, I tried it 8 times before reporting Expected Results: obviously, it shouldn't have performed a fatal error.
Crashes for me with 2001030804 and Win98SE. Windows error message: MOZILLA caused a page fault in Modul GKLAYOUT.DLL at 016f:60361d85. Register: EAX=7800320e CS=016f EIP=60361d85 EFLGS=00010246 EBX=01b432b0 SS=0177 ESP=0068e12c EBP=0068e254 ECX=0178b9d0 DS=0177 ESI=0178b9d0 FS=0fb7 EDX=0068e258 ES=0177 EDI=00000000 GS=0000 Bytes at CS:EIP: 89 38 e8 7c a9 f9 ff 8b 5d 0c 57 57 8b ce ff 75 Stack dump: 0178b9d0 0147f67c 01b432b0 601c8181 01b1c6d0 0147cdc0 0068e154 01b432b0 0147cdc0 00000000 00000000 0068e2bc 601c879d 00000000 00000000 0147cdc0
Just going to http://www.soul-patrol.com crashed for me. Build 2001-03-08-20 on Windows NT4.0 sp6. Some crash data: function: nsIPresShell::SetVerifyReflowEnable 60361d45 55 push ebp 60361d46 8bec mov ebp,esp 60361d48 81ec1c010000 sub esp,0x11c 60361d4e 8b4518 mov eax,[ebp+0x18] ss:0194cef2=???????? 60361d51 53 push ebx 60361d52 56 push esi 60361d53 8b7508 mov esi,[ebp+0x8] ss:0194cef2=???????? 60361d56 57 push edi 60361d57 33ff xor edi,edi 60361d59 8bce mov ecx,esi FAULT ->60361d5b 8938 mov [eax],edi ds:78001d4c=55c35959 60361d5d e8e6a9f9ff call nsStyleChangeList::ChangeAt+0x4ff8 (602fc748) 60361d62 8b5d0c mov ebx,[ebp+0xc] ss:0194cef2=???????? 60361d65 57 push edi 60361d66 57 push edi 60361d67 8bce mov ecx,esi 60361d69 ff7514 push dword ptr [ebp+0x14] ss:0194cef2=???????? 60361d6c 884508 mov [ebp+0x8],al ss:0194cef2=?? 60361d6f ff763c push dword ptr [esi+0x3c] ds:209fac3e=???????? 60361d72 53 push ebx 60361d73 e821feffff call nsIPresShell::SetVerifyReflowEnable+0xc687 (60361b99) 60361d78 8945d0 mov [ebp-0x30],eax ss:0194cef2=???????? gklayout!nsIPresShell::SetVerifyReflowEnable gklayout!nsStyleChangeList::ChangeAt gklayout!nsStyleChangeList::ChangeAt (FPO: [2,0,1]) gklayout!<nosymbols> (FPO: [3,0,2]) gklayout!<nosymbols> gklayout!nsStyleChangeList::Clear gklayout!nsStyleChangeList::ChangeAt gklayout!<nosymbols> gklayout!nsStyleChangeList::ChangeAt gklayout!nsIPresShell::SetVerifyReflowEnable gklayout!nsIPresShell::SetVerifyReflowEnable gklayout!nsStyleChangeList::ChangeAt gklayout!NS_NewFrameImageLoader gklayout!nsStyleChangeList::ChangeAt gklayout!nsQueryReferent::nsQueryReferent [omap] gklayout!nsStyleChangeList::ChangeAt gklayout!nsIPresShell::SetVerifyReflowEnable gklayout!nsStyleChangeList::ChangeAt gklayout!nsQueryReferent::nsQueryReferent [omap] gklayout!NS_NewFrameImageLoader gklayout!nsStyleChangeList::ChangeAt gklayout!<nosymbols> gklayout!nsStyleChangeList::Clear gklayout!nsStyleChangeList::ChangeAt gklayout!nsStyleChangeList::ChangeAt gklayout!nsStyleChangeList::ChangeAt gklayout!<nosymbols> gklayout!nsStyleChangeList::Clear gklayout!nsStyleChangeList::ChangeAt gklayout!nsStyleChangeList::ChangeAt gklayout!nsQueryReferent::nsQueryReferent [omap] gklayout!nsStyleChangeList::ChangeAt gklayout!nsIPresShell::SetVerifyReflowEnable gklayout!nsStyleChangeList::ChangeAt gklayout!nsQueryReferent::nsQueryReferent [omap] gklayout!NS_NewFrameImageLoader gklayout!nsStyleChangeList::ChangeAt gklayout!<nosymbols> gklayout!nsStyleChangeList::Clear gklayout!nsStyleChangeList::ChangeAt gklayout!nsStyleChangeList::ChangeAt gklayout!nsStyleChangeList::ChangeAt gklayout!<nosymbols> gklayout!nsStyleChangeList::Clear gklayout!NS_NewFrameImageLoader gkcontent!nsTextFragment::CopyTo [omap] (FPO: [4,0,0]) gklayout!NS_NewFrameImageLoader gkcontent!nsTextFragment::CopyTo [omap] gkcontent!nsTextFragment::CopyTo [omap] gkcontent!nsTextFragment::CopyTo [omap] (FPO: [2,0,1]) gkcontent!nsQueryReferent::nsQueryReferent [omap] gkcontent!NS_NewCSSLoader [omap] gkparser!CNavDTD::HandleSavedTokens gkparser!CNavDTD::HandleToken gkparser!CNavDTD::BuildModel gkparser!nsHTMLTokenizer::WillTokenize gkparser!nsHTMLTokenizer::WillTokenize gkparser!nsHTMLTags::GetCStringValue urildr!NSGetModule necko!mktemp necko!SchemeTypeFor necko!SchemeTypeFor necko!mktemp necko!DupString necko!DupString (FPO: [1,0,0]) xpcom!PL_HandleEvent (FPO: [1,0,2]) xpcom!PL_ProcessPendingEvents (FPO: [EBP 0x004ea958] [1,0,4]) xpcom!PL_IsQueueNative
Assignee: asa → karnaze
Status: UNCONFIRMED → NEW
Component: Browser-General → Layout
Ever confirmed: true
Keywords: crash
QA Contact: doronr → petersen
Summary: after searching for "black music" it crasehs → after searching for "black music" it crashes
Attached file testcase
A <table> inside a <caption> seems to be the problem.
Keywords: testcase
the testcase crashes for me with a different stack trace nsTableOuterFrame::IR_TargetIsMe(nsTableOuterFrame * const 0x04f49248, nsIPresContext * 0x30025512, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &) line 1171 + 16 bytes nsTableCellFrame::MapBorderPadding(nsIPresContext * 0x046cae50) line 1031 + 14 bytes nsTableCellFrame::DidSetStyleContext(nsTableCellFrame * const 0x04f49248, nsIPresContext * 0x046cae50) line 1150 nsFrame::SetStyleContext(nsFrame * const 0x04f49248, nsIPresContext * 0x046cae50, nsIStyleContext * 0x04d4e060) line 476 nsFrame::Init(nsFrame * const 0x04f49248, nsIPresContext * 0x046cae50, nsIContent * 0x04cf9ac0, nsIFrame * 0x04f491a4, nsIStyleContext * 0x04d4e060, nsIFrame * 0x00000000) line 327 nsSplittableFrame::Init(nsSplittableFrame * const 0x04f49248, nsIPresContext * 0x046cae50, nsIContent * 0x04cf9ac0, nsIFrame * 0x04f491a4, nsIStyleContext * 0x04d4e060, nsIFrame * 0x00000000) line 37 + 29 bytes nsTableCellFrame::Init(nsTableCellFrame * const 0x04f49248, nsIPresContext * 0x046cae50, nsIContent * 0x04cf9ac0, nsIFrame * 0x04f491a4, nsIStyleContext * 0x04d4e060, nsIFrame * 0x00000000) line 85 + 29 bytes nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent * 0x04cf9ac0, nsIFrame * 0x04f491a4, nsIStyleContext * 0x04d4e060, nsIFrame * 0x00000000, nsIFrame * 0x04f49248) line 6669 + 32 bytes nsCSSFrameConstructor::ConstructTableCellFrame(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent * 0x04cf9ac0, nsIFrame * 0x04f491a4, nsIStyleContext * 0x04d4e060, nsTableCreator & {...}, int 1, nsFrameItems & {...}, nsIFrame * & 0x04f49248, nsIFrame * & 0x00000000, int & 0) line 2914 nsCSSFrameConstructor::CreatePseudoCellFrame(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsTableCreator & {...}, nsFrameConstructorState & {...}, nsIFrame * 0x04f491a4) line 2197 + 64 bytes nsCSSFrameConstructor::GetPseudoCellFrame(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsTableCreator & {...}, nsFrameConstructorState & {...}, nsIFrame & {...}) line 2411 + 28 bytes nsCSSFrameConstructor::GetParentFrame(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsTableCreator & {...}, nsIFrame & {...}, nsIAtom * 0x016bb4e0, nsFrameConstructorState & {...}, nsIFrame * & 0x04f491a4, int & 0) line 2447 + 28 bytes nsCSSFrameConstructor::ConstructTableFrame(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent * 0x04cfe2f0, nsIFrame * 0x04f491a4, nsIStyleContext * 0x04d4e130, nsTableCreator & {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x04f491f0, nsIFrame * & 0x007ce880, int & 0) line 2554 nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent & {...}, nsIFrame * 0x04f491a4, nsIAtom * 0x016bb7f0, nsIStyleContext * 0x04d48410, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3148 + 59 bytes nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent * 0x04cf9ac0, nsIFrame * 0x04f491a4, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3103 + 69 bytes nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent * 0x04cf9ac0, nsIFrame * 0x04f491a4, int 1, nsFrameItems & {...}, int 1, nsTableCreator * 0x007cee74) line 11202 nsCSSFrameConstructor::ConstructTableCaptionFrame(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent * 0x04cf9ac0, nsIFrame * 0x04f490e4, nsIStyleContext * 0x04d48410, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x04f491a4, int & 0) line 2643 + 42 bytes nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent & {...}, nsIFrame * 0x04f4913c, nsIAtom * 0x016bb580, nsIStyleContext * 0x04d4c270, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x04f491a4) line 3156 + 53 bytes nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent * 0x04cfe8d0, nsIFrame * 0x04f4913c, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x04f491a4) line 3103 + 69 bytes nsCSSFrameConstructor::ConstructTableFrame(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent * 0x04cfe8d0, nsIFrame * 0x04fa0bf0, nsIStyleContext * 0x04d4c270, nsTableCreator & {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x04f490e4, nsIFrame * & 0x04f4913c, int & 0) line 2587 + 42 bytes nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, const nsStyleDisplay * 0x04d498f4, nsIContent * 0x04cfe8d0, nsIFrame * 0x04fa0bf0, nsIStyleContext * 0x04d4c270, nsFrameItems & {...}) line 6491 + 63 bytes nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent * 0x04cfe8d0, nsIFrame * 0x04fa0bf0, nsIAtom * 0x016a27a0, int 3, nsIStyleContext * 0x04d4c270, nsFrameItems & {...}, int 0) line 7228 + 48 bytes nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x04b878b0, nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent * 0x04cfe8d0, nsIFrame * 0x04fa0bf0, nsFrameItems & {...}) line 7093 + 56 bytes nsCSSFrameConstructor::ContentAppended(nsCSSFrameConstructor * const 0x04b62e10, nsIPresContext * 0x046cae50, nsIContent * 0x04b8a380, int 0) line 8085 StyleSetImpl::ContentAppended(StyleSetImpl * const 0x04b61760, nsIPresContext * 0x046cae50, nsIContent * 0x04b8a380, int 0) line 1215 PresShell::ContentAppended(PresShell * const 0x04b878b8, nsIDocument * 0x0469bbf0, nsIContent * 0x04b8a380, int 0) line 4284 + 46 bytes nsDocument::ContentAppended(nsDocument * const 0x0469bbf0, nsIContent * 0x04b8a380, int 0) line 1602 nsHTMLDocument::ContentAppended(nsHTMLDocument * const 0x0469bbf0, nsIContent * 0x04b8a380, int 0) line 1303 HTMLContentSink::NotifyAppend(nsIContent * 0x04b8a380, int 0) line 4539 SinkContext::FlushTags(int 1) line 2046 HTMLContentSink::CloseBody(HTMLContentSink * const 0x046ae890, const nsIParserNode & {...}) line 2871 CNavDTD::CloseBody(const nsIParserNode * 0x0386b618) line 3094 + 31 bytes CNavDTD::CloseContainer(const nsIParserNode * 0x0386b618, nsHTMLTag eHTMLTag_body, int 0) line 3481 + 12 bytes CNavDTD::CloseContainersTo(int 1, nsHTMLTag eHTMLTag_body, int 0) line 3542 + 20 bytes CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_body, int 0) line 3699 + 20 bytes CNavDTD::DidBuildModel(CNavDTD * const 0x04b88a80, unsigned int 0, int 1, nsIParser * 0x04696990, nsIContentSink * 0x046ae890) line 581 nsParser::DidBuildModel(unsigned int 0) line 1419 + 60 bytes nsParser::ResumeParse(int 1, int 1) line 1959 nsParser::OnStopRequest(nsParser * const 0x04696998, nsIRequest * 0x04696830, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x100b1c80 gCommonEmptyBuffer) line 2395 + 19 bytes nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x04695530, nsIRequest * 0x04696830, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x100b1c80 gCommonEmptyBuffer) line 278 nsHTTPFinalListener::OnStopRequest(nsHTTPFinalListener * const 0x046956c0, nsIRequest * 0x04696830, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x100b1c80 gCommonEmptyBuffer) line 1127 + 42 bytes InterceptStreamListener::OnStopRequest(InterceptStreamListener * const 0x0468f2c0, nsIRequest * 0x04696830, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x100b1c80 gCommonEmptyBuffer) line 1212 nsHTTPChunkConv::OnStopRequest(nsHTTPChunkConv * const 0x036a7600, nsIRequest * 0x04696830, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x100b1c80 gCommonEmptyBuffer) line 109 nsHTTPChannel::ResponseCompleted(nsIStreamListener * 0x036a7600, unsigned int 0, const unsigned short * 0x100b1c80 gCommonEmptyBuffer) line 1881 + 42 bytes nsHTTPServerListener::OnStopRequest(nsHTTPServerListener * const 0x046b6a80, nsIRequest * 0x046b5b00, nsISupports * 0x04696830, unsigned int 0, const unsigned short * 0x100b1c80 gCommonEmptyBuffer) line 701 nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x04d4d200) line 178 + 67 bytes nsStreamObserverEvent::HandlePLEvent(PLEvent * 0x04d4d204) line 79 PL_HandleEvent(PLEvent * 0x04d4d204) line 576 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00bdaae0) line 509 + 9 bytes _md_EventReceiverProc(HWND__ * 0x0000059c, unsigned int 56324, unsigned int 0, long 12430048) line 1054 + 9 bytes KERNEL32! bff7363b() KERNEL32! bff94407() 007c8a2a()
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9
*** This bug has been marked as a duplicate of 67864 ***
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
Verifications. Tests (if necessary) were done with 2001052504 on Windows 2000. Please forgive the spam.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: