Closed Bug 71398 Opened 23 years ago Closed 23 years ago

after searching for "black music" it crashes

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 67864
Milestone:
mozilla0.9

People

(Reporter: js, Assigned: karnaze)

References

(
URL
)

Details

(Keywords: crash, testcase)

Attachments

(2 files)

Zipped Dr. Watson crashlog
108.10 KB, application/x-zip-compressed
Details
testcase
177 bytes, text/html
Details 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; 0.8) Gecko/20010215
BuildID:    2001021508

After clicking on the link in from the search menu to "Soul Patrol" after
searching in google, it performs a fatal error

Reproducible: Always
Steps to Reproduce:
1.  Search for "black music" in the search toolbar after selecting only google.
2.  Click on "soul patrol" in the sidebar
3.  After loading the page about halfway, it will crash
Alternate reproduction
Reproducible: Always
1.  Go to http://www.soul-patrol.com
2.  It will perform the same crash as mentioned above.

Actual Results:  Mozilla crashed, every time, I tried it 8 times before reporting

Expected Results:  obviously, it shouldn't have performed a fatal error.
Crashes for me with 2001030804 and Win98SE.


Windows error message:

MOZILLA caused a page fault in Modul GKLAYOUT.DLL at 016f:60361d85.

Register:
EAX=7800320e CS=016f EIP=60361d85 EFLGS=00010246
EBX=01b432b0 SS=0177 ESP=0068e12c EBP=0068e254
ECX=0178b9d0 DS=0177 ESI=0178b9d0 FS=0fb7
EDX=0068e258 ES=0177 EDI=00000000 GS=0000

Bytes at CS:EIP:
89 38 e8 7c a9 f9 ff 8b 5d 0c 57 57 8b ce ff 75 

Stack dump:
0178b9d0 0147f67c 01b432b0 601c8181 01b1c6d0 0147cdc0 0068e154 01b432b0 0147cdc0 
00000000 00000000 0068e2bc 601c879d 00000000 00000000 0147cdc0

    
    

    
  
Just going to http://www.soul-patrol.com crashed for me.
Build 2001-03-08-20 on Windows NT4.0 sp6.
Some crash data:

function: nsIPresShell::SetVerifyReflowEnable
        60361d45 55               push    ebp
        60361d46 8bec             mov     ebp,esp
        60361d48 81ec1c010000     sub     esp,0x11c
        60361d4e 8b4518           mov     eax,[ebp+0x18]        
ss:0194cef2=????????
        60361d51 53               push    ebx
        60361d52 56               push    esi
        60361d53 8b7508           mov     esi,[ebp+0x8]         
ss:0194cef2=????????
        60361d56 57               push    edi
        60361d57 33ff             xor     edi,edi
        60361d59 8bce             mov     ecx,esi
FAULT ->60361d5b 8938             mov     [eax],edi             
ds:78001d4c=55c35959
        60361d5d e8e6a9f9ff       call  nsStyleChangeList::ChangeAt+0x4ff8
(602fc748)
        60361d62 8b5d0c           mov     ebx,[ebp+0xc]         
ss:0194cef2=????????
        60361d65 57               push    edi
        60361d66 57               push    edi
        60361d67 8bce             mov     ecx,esi
        60361d69 ff7514           push    dword ptr [ebp+0x14]  
ss:0194cef2=????????
        60361d6c 884508           mov     [ebp+0x8],al                
ss:0194cef2=??
        60361d6f ff763c           push    dword ptr [esi+0x3c]  
ds:209fac3e=????????
        60361d72 53               push    ebx
        60361d73 e821feffff                   call
nsIPresShell::SetVerifyReflowEnable+0xc687 (60361b99)
        60361d78 8945d0           mov     [ebp-0x30],eax        
ss:0194cef2=????????

gklayout!nsIPresShell::SetVerifyReflowEnable 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!nsStyleChangeList::ChangeAt  (FPO: [2,0,1])
gklayout!<nosymbols>  (FPO: [3,0,2])
gklayout!<nosymbols> 
gklayout!nsStyleChangeList::Clear 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!<nosymbols> 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!nsIPresShell::SetVerifyReflowEnable 
gklayout!nsIPresShell::SetVerifyReflowEnable 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!NS_NewFrameImageLoader 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!nsQueryReferent::nsQueryReferent [omap] 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!nsIPresShell::SetVerifyReflowEnable 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!nsQueryReferent::nsQueryReferent [omap] 
gklayout!NS_NewFrameImageLoader 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!<nosymbols> 
gklayout!nsStyleChangeList::Clear 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!<nosymbols> 
gklayout!nsStyleChangeList::Clear 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!nsQueryReferent::nsQueryReferent [omap] 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!nsIPresShell::SetVerifyReflowEnable 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!nsQueryReferent::nsQueryReferent [omap] 
gklayout!NS_NewFrameImageLoader 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!<nosymbols> 
gklayout!nsStyleChangeList::Clear 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!nsStyleChangeList::ChangeAt 
gklayout!<nosymbols> 
gklayout!nsStyleChangeList::Clear 
gklayout!NS_NewFrameImageLoader 
gkcontent!nsTextFragment::CopyTo [omap]  (FPO: [4,0,0])
gklayout!NS_NewFrameImageLoader 
gkcontent!nsTextFragment::CopyTo [omap] 
gkcontent!nsTextFragment::CopyTo [omap] 
gkcontent!nsTextFragment::CopyTo [omap]  (FPO: [2,0,1])
gkcontent!nsQueryReferent::nsQueryReferent [omap] 
gkcontent!NS_NewCSSLoader [omap] 
gkparser!CNavDTD::HandleSavedTokens 
gkparser!CNavDTD::HandleToken 
gkparser!CNavDTD::BuildModel 
gkparser!nsHTMLTokenizer::WillTokenize 
gkparser!nsHTMLTokenizer::WillTokenize 
gkparser!nsHTMLTags::GetCStringValue 
urildr!NSGetModule 
necko!mktemp 
necko!SchemeTypeFor 
necko!SchemeTypeFor 
necko!mktemp 
necko!DupString 
necko!DupString  (FPO: [1,0,0])
xpcom!PL_HandleEvent  (FPO: [1,0,2])
xpcom!PL_ProcessPendingEvents  (FPO: [EBP 0x004ea958] [1,0,4])
xpcom!PL_IsQueueNative 

Assignee: asa → karnaze
Status: UNCONFIRMED → NEW
Component: Browser-General → Layout
Ever confirmed: true
Keywords: crash
QA Contact: doronr → petersen
Summary: after searching for "black music" it crasehs → after searching for "black music" it crashes

    
    

    
  

      
      
      
      

        Attached file
          
        testcase
      

    


  

    
    

    
  
A <table> inside a <caption> seems to be the problem.
Keywords: testcase

    
    

    
  
the testcase crashes for me with a different stack trace


nsTableOuterFrame::IR_TargetIsMe(nsTableOuterFrame * const 0x04f49248,
nsIPresContext * 0x30025512, nsHTMLReflowMetrics & {...}, const
nsHTMLReflowState & {...}, unsigned int &) line 1171 + 16 bytes
nsTableCellFrame::MapBorderPadding(nsIPresContext * 0x046cae50) line 1031 + 14 bytes
nsTableCellFrame::DidSetStyleContext(nsTableCellFrame * const 0x04f49248,
nsIPresContext * 0x046cae50) line 1150
nsFrame::SetStyleContext(nsFrame * const 0x04f49248, nsIPresContext *
0x046cae50, nsIStyleContext * 0x04d4e060) line 476
nsFrame::Init(nsFrame * const 0x04f49248, nsIPresContext * 0x046cae50,
nsIContent * 0x04cf9ac0, nsIFrame * 0x04f491a4, nsIStyleContext * 0x04d4e060,
nsIFrame * 0x00000000) line 327
nsSplittableFrame::Init(nsSplittableFrame * const 0x04f49248, nsIPresContext *
0x046cae50, nsIContent * 0x04cf9ac0, nsIFrame * 0x04f491a4, nsIStyleContext *
0x04d4e060, nsIFrame * 0x00000000) line 37 + 29 bytes
nsTableCellFrame::Init(nsTableCellFrame * const 0x04f49248, nsIPresContext *
0x046cae50, nsIContent * 0x04cf9ac0, nsIFrame * 0x04f491a4, nsIStyleContext *
0x04d4e060, nsIFrame * 0x00000000) line 85 + 29 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x046cae50,
nsFrameConstructorState & {...}, nsIContent * 0x04cf9ac0, nsIFrame * 0x04f491a4,
nsIStyleContext * 0x04d4e060, nsIFrame * 0x00000000, nsIFrame * 0x04f49248) line
6669 + 32 bytes
nsCSSFrameConstructor::ConstructTableCellFrame(nsIPresShell * 0x04b878b0,
nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent *
0x04cf9ac0, nsIFrame * 0x04f491a4, nsIStyleContext * 0x04d4e060, nsTableCreator
& {...}, int 1, nsFrameItems & {...}, nsIFrame * & 0x04f49248, nsIFrame * &
0x00000000, int & 0) line 2914
nsCSSFrameConstructor::CreatePseudoCellFrame(nsIPresShell * 0x04b878b0,
nsIPresContext * 0x046cae50, nsTableCreator & {...}, nsFrameConstructorState &
{...}, nsIFrame * 0x04f491a4) line 2197 + 64 bytes
nsCSSFrameConstructor::GetPseudoCellFrame(nsIPresShell * 0x04b878b0,
nsIPresContext * 0x046cae50, nsTableCreator & {...}, nsFrameConstructorState &
{...}, nsIFrame & {...}) line 2411 + 28 bytes
nsCSSFrameConstructor::GetParentFrame(nsIPresShell * 0x04b878b0, nsIPresContext
* 0x046cae50, nsTableCreator & {...}, nsIFrame & {...}, nsIAtom * 0x016bb4e0,
nsFrameConstructorState & {...}, nsIFrame * & 0x04f491a4, int & 0) line 2447 +
28 bytes
nsCSSFrameConstructor::ConstructTableFrame(nsIPresShell * 0x04b878b0,
nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent *
0x04cfe2f0, nsIFrame * 0x04f491a4, nsIStyleContext * 0x04d4e130, nsTableCreator
& {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x04f491f0, nsIFrame * &
0x007ce880, int & 0) line 2554
nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x04b878b0,
nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent &
{...}, nsIFrame * 0x04f491a4, nsIAtom * 0x016bb7f0, nsIStyleContext *
0x04d48410, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * &
0x00000000) line 3148 + 59 bytes
nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x04b878b0,
nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent *
0x04cf9ac0, nsIFrame * 0x04f491a4, nsTableCreator & {...}, nsFrameItems & {...},
nsIFrame * & 0x00000000) line 3103 + 69 bytes
nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x04b878b0, nsIPresContext
* 0x046cae50, nsFrameConstructorState & {...}, nsIContent * 0x04cf9ac0, nsIFrame
* 0x04f491a4, int 1, nsFrameItems & {...}, int 1, nsTableCreator * 0x007cee74)
line 11202
nsCSSFrameConstructor::ConstructTableCaptionFrame(nsIPresShell * 0x04b878b0,
nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent *
0x04cf9ac0, nsIFrame * 0x04f490e4, nsIStyleContext * 0x04d48410, nsTableCreator
& {...}, nsFrameItems & {...}, nsIFrame * & 0x04f491a4, int & 0) line 2643 + 42
bytes
nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x04b878b0,
nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent &
{...}, nsIFrame * 0x04f4913c, nsIAtom * 0x016bb580, nsIStyleContext *
0x04d4c270, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * &
0x04f491a4) line 3156 + 53 bytes
nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x04b878b0,
nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent *
0x04cfe8d0, nsIFrame * 0x04f4913c, nsTableCreator & {...}, nsFrameItems & {...},
nsIFrame * & 0x04f491a4) line 3103 + 69 bytes
nsCSSFrameConstructor::ConstructTableFrame(nsIPresShell * 0x04b878b0,
nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent *
0x04cfe8d0, nsIFrame * 0x04fa0bf0, nsIStyleContext * 0x04d4c270, nsTableCreator
& {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x04f490e4, nsIFrame * &
0x04f4913c, int & 0) line 2587 + 42 bytes
nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x04b878b0,
nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, const
nsStyleDisplay * 0x04d498f4, nsIContent * 0x04cfe8d0, nsIFrame * 0x04fa0bf0,
nsIStyleContext * 0x04d4c270, nsFrameItems & {...}) line 6491 + 63 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x04b878b0,
nsIPresContext * 0x046cae50, nsFrameConstructorState & {...}, nsIContent *
0x04cfe8d0, nsIFrame * 0x04fa0bf0, nsIAtom * 0x016a27a0, int 3, nsIStyleContext
* 0x04d4c270, nsFrameItems & {...}, int 0) line 7228 + 48 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x04b878b0, nsIPresContext
* 0x046cae50, nsFrameConstructorState & {...}, nsIContent * 0x04cfe8d0, nsIFrame
* 0x04fa0bf0, nsFrameItems & {...}) line 7093 + 56 bytes
nsCSSFrameConstructor::ContentAppended(nsCSSFrameConstructor * const 0x04b62e10,
nsIPresContext * 0x046cae50, nsIContent * 0x04b8a380, int 0) line 8085
StyleSetImpl::ContentAppended(StyleSetImpl * const 0x04b61760, nsIPresContext *
0x046cae50, nsIContent * 0x04b8a380, int 0) line 1215
PresShell::ContentAppended(PresShell * const 0x04b878b8, nsIDocument *
0x0469bbf0, nsIContent * 0x04b8a380, int 0) line 4284 + 46 bytes
nsDocument::ContentAppended(nsDocument * const 0x0469bbf0, nsIContent *
0x04b8a380, int 0) line 1602
nsHTMLDocument::ContentAppended(nsHTMLDocument * const 0x0469bbf0, nsIContent *
0x04b8a380, int 0) line 1303
HTMLContentSink::NotifyAppend(nsIContent * 0x04b8a380, int 0) line 4539
SinkContext::FlushTags(int 1) line 2046
HTMLContentSink::CloseBody(HTMLContentSink * const 0x046ae890, const
nsIParserNode & {...}) line 2871
CNavDTD::CloseBody(const nsIParserNode * 0x0386b618) line 3094 + 31 bytes
CNavDTD::CloseContainer(const nsIParserNode * 0x0386b618, nsHTMLTag
eHTMLTag_body, int 0) line 3481 + 12 bytes
CNavDTD::CloseContainersTo(int 1, nsHTMLTag eHTMLTag_body, int 0) line 3542 + 20
bytes
CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_body, int 0) line 3699 + 20 bytes
CNavDTD::DidBuildModel(CNavDTD * const 0x04b88a80, unsigned int 0, int 1,
nsIParser * 0x04696990, nsIContentSink * 0x046ae890) line 581
nsParser::DidBuildModel(unsigned int 0) line 1419 + 60 bytes
nsParser::ResumeParse(int 1, int 1) line 1959
nsParser::OnStopRequest(nsParser * const 0x04696998, nsIRequest * 0x04696830,
nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x100b1c80
gCommonEmptyBuffer) line 2395 + 19 bytes
nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x04695530,
nsIRequest * 0x04696830, nsISupports * 0x00000000, unsigned int 0, const
unsigned short * 0x100b1c80 gCommonEmptyBuffer) line 278
nsHTTPFinalListener::OnStopRequest(nsHTTPFinalListener * const 0x046956c0,
nsIRequest * 0x04696830, nsISupports * 0x00000000, unsigned int 0, const
unsigned short * 0x100b1c80 gCommonEmptyBuffer) line 1127 + 42 bytes
InterceptStreamListener::OnStopRequest(InterceptStreamListener * const
0x0468f2c0, nsIRequest * 0x04696830, nsISupports * 0x00000000, unsigned int 0,
const unsigned short * 0x100b1c80 gCommonEmptyBuffer) line 1212
nsHTTPChunkConv::OnStopRequest(nsHTTPChunkConv * const 0x036a7600, nsIRequest *
0x04696830, nsISupports * 0x00000000, unsigned int 0, const unsigned short *
0x100b1c80 gCommonEmptyBuffer) line 109
nsHTTPChannel::ResponseCompleted(nsIStreamListener * 0x036a7600, unsigned int 0,
const unsigned short * 0x100b1c80 gCommonEmptyBuffer) line 1881 + 42 bytes
nsHTTPServerListener::OnStopRequest(nsHTTPServerListener * const 0x046b6a80,
nsIRequest * 0x046b5b00, nsISupports * 0x04696830, unsigned int 0, const
unsigned short * 0x100b1c80 gCommonEmptyBuffer) line 701
nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x04d4d200) line
178 + 67 bytes
nsStreamObserverEvent::HandlePLEvent(PLEvent * 0x04d4d204) line 79
PL_HandleEvent(PLEvent * 0x04d4d204) line 576 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00bdaae0) line 509 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x0000059c, unsigned int 56324, unsigned int 0,
long 12430048) line 1054 + 9 bytes
KERNEL32! bff7363b()
KERNEL32! bff94407()
007c8a2a()


    
  
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9

    
    

    
  

*** This bug has been marked as a duplicate of 67864 ***
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE

    
    

    
  
Verifications.  Tests (if necessary) were done with 2001052504 on Windows 2000.

Please forgive the spam.

Status: RESOLVED → VERIFIED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: