Closed Bug 72447 Opened 24 years ago Closed 24 years ago

M081 & Trunk crash [@ nsStdURL::SchemeIs] lists.eazel.org URL crashes browser

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED WORKSFORME
Milestone:
mozilla0.9.1

People

(Reporter: hp, Assigned: talkback)

References

(
URL
)

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(3 files)

backtrace
9.42 KB, text/plain
Details
patch to not crash if we get a null uri
1.01 KB, patch
Details | Diff | Splinter Review
add an assertion to the imageframe if the uri is null
705 bytes, patch
Details | Diff | Splinter Review
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.16-22 i686; en-US; 0.8.1) Gecko/20010314 BuildID: 20010314 If I go to this url: http://lists.eazel.com/pipermail/gimme/2001-March/000017.html it crashes Mozilla. As far as I can tell it's reproducible. Using blizzard's snapshot RPM build. Reproducible: Always Steps to Reproduce: 1.go to http://lists.eazel.com/pipermail/gimme/2001-March/000017.html 2.observe core dump action
Confirming w/build from the 17th. Non-debug seems to crash in nsStdURL::SchemeIs () from mozilla/dist/bin/components/libnecko.so
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attached file backtrace
over to necko
Assignee: asa → neeti
Component: Browser-General → Networking
QA Contact: doronr → tever
This crash happens on windows too.
Target Milestone: --- → mozilla0.9
With a windows build from 3/12 this crash soes not happen. Something changed between 3/12 and 3/18.
In nsStdURL::SchemeIs(...), mScheme is null, causing it to crash.
if mScheme is null, it sounds like there's a url creation problem here.
The call stack before we call Parse() is show below. nsStdURL::Parse(const char * 0x04b13520) line 358 nsStdURL::SetSpec(nsStdURL * const 0x02d644f0, const char * 0x04b14210) line 906 + 12 bytes il_PermitLoad(const char * 0x04b14210, nsIImageRequestObserver * 0x04b17f94) line 1749 + 49 bytes IL_GetImage(const char * 0x04b14210, _IL_GroupContext * 0x04b178b0, OpaqueObserverList * 0x04b16030, _NI_IRGB * 0x00000000, unsigned int 16, unsigned int 16, unsigned int 0, void * 0x04b16070, nsIImageRequestObserver * 0x04b17f94) line 1852 + 13 bytes ImageRequestImpl::Init(void * 0x04b178b0, const char * 0x04b14210, nsIImageRequestObserver * 0x04b17f94, const unsigned int * 0x00000000, unsigned int 16, unsigned int 16, unsigned int 0, ilINetContext * 0x04b16070) line 260 + 53 bytes ImageGroupImpl::GetImage(const char * 0x04b14210, nsIImageRequestObserver * 0x04b17f94, const unsigned int * 0x00000000, unsigned int 16, unsigned int 16, unsigned int 0) line 282 + 46 bytes nsFrameImageLoader::Init(nsFrameImageLoader * const 0x04b17f90, nsIPresContext * 0x0539fde0, nsIImageGroup * 0x04b16370, const nsString & {...}, const unsigned int * 0x00000000, const nsSize * 0x00f54eb0, nsIFrame * 0x00f54e30, nsImageAnimation eImageAnimation_Normal, unsigned int (nsIPresContext *, nsIFrameImageLoader *, nsIFrame *, void *, unsigned int)* ...) line 183 + 57 bytes nsPresContext::StartLoadImage(nsPresContext * const 0x0539fde0, const nsString & {...}, const unsigned int * 0x00000000, const nsSize * 0x00f54eb0, nsIFrame * 0x00f54e30, unsigned int (nsIPresContext *, nsIFrameImageLoader *, nsIFrame *, void *, unsigned int)* 0x021d9730 nsHTMLImageLoader::ImageLoadCB(nsIPresContext *, nsIFrameImageLoader *, nsIFrame *, void *, unsigned int), ...) nsHTMLImageLoader::StartLoadImage(nsIPresContext * 0x0539fde0) line 223 + 73 bytes nsHTMLImageLoader::GetDesiredSize(nsIPresContext * 0x0539fde0, const nsHTMLReflowState * 0x0012b224, nsHTMLReflowMetrics & {...}) line 485 nsImageFrame::GetDesiredSize(nsIPresContext * 0x0539fde0, const nsHTMLReflowState & {...}, nsHTMLReflowMetrics & {...}) line 382 + 23 bytes nsImageFrame::Reflow(nsImageFrame * const 0x00f54e30, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 425 nsLineLayout::ReflowFrame(nsIFrame * 0x00f54e30, nsIFrame * * 0x0012bde0, unsigned int & 0, nsHTMLReflowMetrics * 0x00000000, int & 0) line 921 nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineLayout & {...}, nsLineBox * 0x00f54edc, nsIFrame * 0x00f54e30, unsigned char * 0x0012b354) line 4422 + 29 bytes nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState & {...}, nsLineLayout & {...}, nsLineBox * 0x00f54edc, int * 0x0012b9d0, unsigned char * 0x0012b818, int 0, int 0) line 4306 + 28 bytes nsBlockFrame::DoReflowInlineFramesAuto(nsBlockReflowState & {...}, nsLineBox * 0x00f54edc, int * 0x0012b9d0, unsigned char * 0x0012b818, int 0, int 0) line 4231 + 42 bytes nsBlockFrame::ReflowInlineFrames(nsBlockReflowState & {...}, nsLineBox * 0x00f54edc, int * 0x0012b9d0, int 0, int 0) line 4176 + 32 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x00f54edc, int * 0x0012b9d0, int 0) line 3310 + 29 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2999 + 27 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x00f07c70, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1771 + 15 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x00f07c70, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 692 + 31 bytes nsTableCellFrame::Reflow(nsTableCellFrame * const 0x00f07c14, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 687 nsContainerFrame::ReflowChild(nsIFrame * 0x00f07c14, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 692 + 31 bytes nsTableRowFrame::ReflowChildren(nsTableRowFrame * const 0x00f07bcc, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, nsTableFrame & {...}, unsigned int & 0, int 1) line 874 + 45 bytes nsTableRowFrame::Reflow(nsTableRowFrame * const 0x00f07bcc, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1220 + 37 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x00f07bcc, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 692 + 31 bytes nsTableRowGroupFrame::ReflowChildren(nsTableRowGroupFrame * const 0x00f07b90, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, nsRowGroupReflowState & {...}, unsigned int & 0, nsTableRowFrame * 0x00000000, int 0) line 373 + 45 bytes nsTableRowGroupFrame::Reflow(nsTableRowGroupFrame * const 0x00f07b90, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 994 + 29 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x00f07b90, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 692 + 31 bytes nsTableFrame::ReflowChildren(nsTableFrame * const 0x00f07b28, nsIPresContext * 0x0539fde0, nsTableReflowState & {...}, int 1, int 0, unsigned int & 0, int * 0x00000000) line 2874 + 47 bytes nsTableFrame::Reflow(nsTableFrame * const 0x00f07b28, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1786 nsContainerFrame::ReflowChild(nsIFrame * 0x00f07b28, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 3, unsigned int & 0) line 692 + 31 bytes nsTableOuterFrame::OuterReflowChild(nsTableOuterFrame * const 0x00f07adc, nsIPresContext * 0x0539fde0, nsIFrame * 0x00f07b28, const nsHTMLReflowState & {...}, nsHTMLReflowMetrics & {...}, int * 0x00000000, nsSize & {...}, nsMargin & {...}, nsMargin & {...}, nsMargin & {...}, nsReflowReason eReflowReason_Initial, unsigned int & 0) line 894 + 47 bytes nsTableOuterFrame::Reflow(nsTableOuterFrame * const 0x00f07adc, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1438 + 69 bytes nsBlockReflowContext::DoReflowBlock(nsHTMLReflowState & {...}, nsReflowReason eReflowReason_Initial, nsIFrame * 0x00f07adc, const nsRect & {...}, int 1, int 0, int 0, nsMargin & {...}, unsigned int & 0) line 568 + 36 bytes nsBlockReflowContext::ReflowBlock(nsIFrame * 0x00f07adc, const nsRect & {...}, int 1, int 0, int 0, nsMargin & {...}, unsigned int & 0) line 336 + 50 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox * 0x00f553d8, int * 0x0012d444) line 3929 + 56 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x00f553d8, int * 0x0012d444, int 0) line 3192 + 23 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2999 + 27 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x00f06da4, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1771 + 15 bytes nsBlockReflowContext::DoReflowBlock(nsHTMLReflowState & {...}, nsReflowReason eReflowReason_Initial, nsIFrame * 0x00f06da4, const nsRect & {...}, int 1, int 0, int 0, nsMargin & {...}, unsigned int & 0) line 568 + 36 bytes nsBlockReflowContext::ReflowBlock(nsIFrame * 0x00f06da4, const nsRect & {...}, int 1, int 0, int 0, nsMargin & {...}, unsigned int & 0) line 336 + 50 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox * 0x00f562b4, int * 0x0012dfac) line 3929 + 56 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x00f562b4, int * 0x0012dfac, int 1) line 3192 + 23 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2999 + 27 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x00f89e68, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1771 + 15 bytes nsBlockReflowContext::DoReflowBlock(nsHTMLReflowState & {...}, nsReflowReason eReflowReason_Incremental, nsIFrame * 0x00f89e68, const nsRect & {...}, int 1, int 0, int 1, nsMargin & {...}, unsigned int & 0) line 568 + 36 bytes nsBlockReflowContext::ReflowBlock(nsIFrame * 0x00f89e68, const nsRect & {...}, int 1, int 0, int 1, nsMargin & {...}, unsigned int & 0) line 336 + 50 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox * 0x00f89edc, int * 0x0012eb14) line 3929 + 56 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x00f89edc, int * 0x0012eb14, int 1) line 3192 + 23 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2999 + 27 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x00f89de0, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1771 + 15 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x00f89de0, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 692 + 31 bytes CanvasFrame::Reflow(CanvasFrame * const 0x00f88f5c, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 304 nsBoxToBlockAdaptor::Reflow(nsBoxLayoutState & {...}, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0, int 0, int 0, int 6930, int 8025, int 1) line 866 nsBoxToBlockAdaptor::DoLayout(nsBoxToBlockAdaptor * const 0x00f89d74, nsBoxLayoutState & {...}) line 523 + 52 bytes nsBox::Layout(nsBox * const 0x00f89d74, nsBoxLayoutState & {...}) line 985 nsScrollBoxFrame::DoLayout(nsScrollBoxFrame * const 0x00f89074, nsBoxLayoutState & {...}) line 377 nsBox::Layout(nsBox * const 0x00f89074, nsBoxLayoutState & {...}) line 985 nsContainerBox::LayoutChildAt(nsBoxLayoutState & {...}, nsIBox * 0x00f89074, const nsRect & {...}) line 591 + 16 bytes nsGfxScrollFrameInner::LayoutBox(nsBoxLayoutState & {...}, nsIBox * 0x00f89074, const nsRect & {...}) line 1023 + 17 bytes nsGfxScrollFrameInner::Layout(nsBoxLayoutState & {...}) line 1106 nsGfxScrollFrame::DoLayout(nsGfxScrollFrame * const 0x00f88fcc, nsBoxLayoutState & {...}) line 1031 + 15 bytes nsBox::Layout(nsBox * const 0x00f88fcc, nsBoxLayoutState & {...}) line 985 nsBoxFrame::Reflow(nsBoxFrame * const 0x00f88f94, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 781 nsGfxScrollFrame::Reflow(nsGfxScrollFrame * const 0x00f88f94, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 735 + 25 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x00f88f94, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 692 + 31 bytes ViewportFrame::Reflow(ViewportFrame * const 0x00f88f20, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 544 nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x04becf70, nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsSize & {...}, nsIRenderingContext & {...}) line 145 PresShell::ProcessReflowCommand(nsVoidArray & {...}, int 1, nsHTMLReflowMetrics & {...}, nsSize & {...}, nsIRenderingContext & {...}) line 5261 PresShell::ProcessReflowCommands(int 1) line 5316 ReflowEvent::HandleEvent() line 5174 HandlePLEvent(ReflowEvent * 0x04be96e0) line 5188 PL_HandleEvent(PLEvent * 0x04be96e0) line 588 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00add030) line 518 + 9 bytes _md_EventReceiverProc(HWND__ * 0x00250f0e, unsigned int 49405, unsigned int 0, long 11391024) line 1069 + 9 bytes USER32! 77e7124c() 00add030()
In nsStdURL::SetSpec(const char* i_Spec), iSpec is "cid:984896761.1064.0.camel@spectrolite" Now in nsStdURL::Parse(..) after we call nsresult rv = mURLParser->ParseAtScheme(i_Spec, &mScheme, &mUsername, &mPassword, &mHost, &mPort, &ePath); iSpec is "cid:984896761.1064.0.camel@spectrolite" mScheme is null mUsername is null mPassword is null mHost is cid mPort is 984896761 ePath is null and rv = 0. Is it ok for rv to be NS_OK if mScheme is null?
There is implicit problem with the way the URL parsing works. When a new nsStdURL object is created we initialize all variables to nsnull (host, spec, scheme... etc) however when the parsing occurs deep down we call ExtractString which essentially sets some of these to empty strings. So we don't crash on some of these cases! In my mind all variables should be initialized to "" and hence avoid these inconsistencies. There is another bug which borders on this-- bug 68335. Neeti if you want you can fix them both! :) or if not give this one to me as well... and I'll fix em both.
Even after we initialize all variables(host, spec, scheme... etc) to an empty string "", we will still crash in nsStdURL::SchemeIs(..) when we do the following check if (*i_Scheme == *mScheme || *i_Scheme == (*mScheme - ('a' - 'A')) ) and mScheme is ""
The old stack trace for this bug is no longer valid, since the new imglib code has landed. We crash in imgLoader::LoadImage(..)
This is the new stack trace. imgLoader::LoadImage(imgLoader * const 0x030df2c0, nsIURI * 0x00000000, nsILoadGroup * 0x05269190, imgIDecoderObserver * 0x0527a9b0, nsISupports * 0x05e0d300, imgIRequest * * 0x00f1c85c) line 68 + 31 bytes nsImageFrame::Init(nsImageFrame * const 0x00f1c7c8, nsIPresContext * 0x05e0d300, nsIContent * 0x05044760, nsIFrame * 0x00f1c740, nsIStyleContext * 0x0527af20, nsIFrame * 0x00000000) line 272 + 111 bytes nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044760, nsIFrame * 0x00f1c740, nsIStyleContext * 0x0527af20, nsIFrame * 0x00000000, nsIFrame * 0x00f1c7c8) line 6648 + 32 bytes nsCSSFrameConstructor::ConstructFrameByTag(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044760, nsIFrame * 0x00f1c740, nsIAtom * 0x014a6280, int 3, nsIStyleContext * 0x0527af20, nsFrameItems & {...}) line 4925 nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044760, nsIFrame * 0x00f1c740, nsIAtom * 0x014a6280, int 3, nsIStyleContext * 0x0527af20, nsFrameItems & {...}, int 0) line 7166 + 52 bytes nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044760, nsIFrame * 0x00f1c740, nsFrameItems & {...}) line 7076 + 56 bytes nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044960, nsIFrame * 0x00f1c740, int 1, nsFrameItems & {...}, int 1, nsTableCreator * 0x00000000) line 11192 + 43 bytes nsCSSFrameConstructor::ConstructTableCellFrame(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044960, nsIFrame * 0x00f1c69c, nsIStyleContext * 0x0527d700, nsTableCreator & {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x00f1c6e4, nsIFrame * & 0x00f1c740, int & 0) line 2949 + 40 bytes nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent & {...}, nsIFrame * 0x00f1c69c, nsIAtom * 0x014ad930, nsIStyleContext * 0x0527e040, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3213 + 59 bytes nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044b00, nsIFrame * 0x00f1c69c, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3124 + 69 bytes nsCSSFrameConstructor::ConstructTableRowFrame(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044b00, nsIFrame * 0x00f1c660, nsIStyleContext * 0x0527e040, nsTableCreator & {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x00f1c69c, int & 0) line 2820 + 42 bytes nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent & {...}, nsIFrame * 0x00f1c660, nsIAtom * 0x014ad9d0, nsIStyleContext * 0x0527e2b0, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3199 + 55 bytes nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044bf0, nsIFrame * 0x00f1c660, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3124 + 69 bytes nsCSSFrameConstructor::ConstructTableRowGroupFrame(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044bf0, nsIFrame * 0x00f1c5f8, nsIStyleContext * 0x0527e2b0, nsTableCreator & {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x00f1c660, int & 0) line 2711 + 42 bytes nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent & {...}, nsIFrame * 0x00f1c5f8, nsIAtom * 0x014adb10, nsIStyleContext * 0x0527efb0, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3193 + 55 bytes nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044f60, nsIFrame * 0x00f1c5f8, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3124 + 69 bytes nsCSSFrameConstructor::ConstructTableFrame(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044f60, nsIFrame * 0x00f1fd80, nsIStyleContext * 0x0527efb0, nsTableCreator & {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x00f1c5ac, nsIFrame * & 0x00f1c5f8, int & 0) line 2592 + 42 bytes nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, const nsStyleDisplay * 0x0527ec44, nsIContent * 0x05044f60, nsIFrame * 0x00f1fd80, nsIStyleContext * 0x0527efb0, nsFrameItems & {...}) line 6470 + 63 bytes nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044f60, nsIFrame * 0x00f1fd80, nsIAtom * 0x014a97b0, int 3, nsIStyleContext * 0x0527efb0, nsFrameItems & {...}, int 0) line 7209 + 48 bytes nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044f60, nsIFrame * 0x00f1fd80, nsFrameItems & {...}) line 7076 + 56 bytes nsCSSFrameConstructor::ProcessBlockChildren(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x0677dac0, nsIFrame * 0x00f1fd80, int 1, nsFrameItems & {...}, int 1) line 12350 + 37 bytes nsCSSFrameConstructor::ConstructBlock(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, const nsStyleDisplay * 0x05270344, nsIContent * 0x0677dac0, nsIFrame * 0x00ec4b38, nsIStyleContext * 0x052710c0, nsIFrame * 0x00f1fd80) line 12299 + 36 bytes nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, const nsStyleDisplay * 0x05270344, nsIContent * 0x0677dac0, nsIFrame * 0x00ec4b38, nsIStyleContext * 0x052710c0, nsFrameItems & {...}) line 6422 + 43 bytes nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x0677dac0, nsIFrame * 0x00ec4b38, nsIAtom * 0x014a8cf0, int 3, nsIStyleContext * 0x052710c0, nsFrameItems & {...}, int 0) line 7209 + 48 bytes nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05ebe600, nsIPresContext * 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x0677dac0, nsIFrame * 0x00ec4b38, nsFrameItems & {...}) line 7076 + 56 bytes nsCSSFrameConstructor::ContentAppended(nsCSSFrameConstructor * const 0x05ea0de0, nsIPresContext * 0x05e0d300, nsIContent * 0x05edec40, int 0) line 8066 StyleSetImpl::ContentAppended(StyleSetImpl * const 0x05ea0e40, nsIPresContext * 0x05e0d300, nsIContent * 0x05edec40, int 0) line 1215 PresShell::ContentAppended(PresShell * const 0x05ebe608, nsIDocument * 0x05789230, nsIContent * 0x05edec40, int 0) line 4406 + 46 bytes nsDocument::ContentAppended(nsDocument * const 0x05789230, nsIContent * 0x05edec40, int 0) line 1596 nsHTMLDocument::ContentAppended(nsHTMLDocument * const 0x05789230, nsIContent * 0x05edec40, int 0) line 1256 HTMLContentSink::NotifyAppend(nsIContent * 0x05edec40, int 0) line 4544 SinkContext::FlushTags(int 1) line 2047 SinkContext::DidAddContent(nsIContent * 0x05044b00, int 0) line 1347 SinkContext::CloseContainer(const nsIParserNode & {...}) line 1534 HTMLContentSink::CloseContainer(HTMLContentSink * const 0x05dfc100, const nsIParserNode & {...}) line 3172 + 18 bytes CNavDTD::CloseContainer(const nsIParserNode * 0x00f23130, nsHTMLTag eHTMLTag_tr, int 0) line 3506 + 31 bytes CNavDTD::CloseContainersTo(int 5, nsHTMLTag eHTMLTag_tr, int 0) line 3542 + 20 bytes CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_tr, int 0) line 3699 + 20 bytes CNavDTD::HandleEndToken(CToken * 0x00f2a7a8) line 1942 + 14 bytes CNavDTD::HandleToken(CNavDTD * const 0x05ede530, CToken * 0x00f2a7a8, nsIParser * 0x057af350) line 827 + 12 bytes CNavDTD::BuildModel(CNavDTD * const 0x05ede530, nsIParser * 0x057af350, nsITokenizer * 0x05ee5f20, nsITokenObserver * 0x00000000, nsIContentSink * 0x05dfc100) line 518 + 20 bytes nsParser::BuildModel() line 2028 + 34 bytes nsParser::ResumeParse(int 1, int 0) line 1909 + 11 bytes nsParser::OnDataAvailable(nsParser * const 0x057af358, nsIRequest * 0x056d4140, nsISupports * 0x00000000, nsIInputStream * 0x05ed1a20, unsigned int 0, unsigned int 4523) line 2358 + 19 bytes nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x056d4030, nsIRequest * 0x056d4140, nsISupports * 0x00000000, nsIInputStream * 0x05ed1a20, unsigned int 0, unsigned int 4523) line 260 + 46 bytes nsHTTPFinalListener::OnDataAvailable(nsHTTPFinalListener * const 0x056d7990, nsIRequest * 0x056d4140, nsISupports * 0x00000000, nsIInputStream * 0x05ed1a20, unsigned int 0, unsigned int 4523) line 1163 + 46 bytes nsStreamListenerTee::OnDataAvailable(nsStreamListenerTee * const 0x0578e860, nsIRequest * 0x056d4140, nsISupports * 0x00000000, nsIInputStream * 0x056d7880, unsigned int 0, unsigned int 4523) line 54 + 51 bytes nsHTTPServerListener::OnDataAvailable(nsHTTPServerListener * const 0x056daab0, nsIRequest * 0x056d6d50, nsISupports * 0x056d4140, nsIInputStream * 0x056d7880, unsigned int 1460, unsigned int 4523) line 540 + 64 bytes nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x05dff930) line 161 + 70 bytes nsStreamObserverEvent::HandlePLEvent(PLEvent * 0x05dff934) line 79 PL_HandleEvent(PLEvent * 0x05dff934) line 588 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00ae22d0) line 518 + 9 bytes _md_EventReceiverProc(HWND__ * 0x028e09b8, unsigned int 49405, unsigned int 0, long 11412176) line 1069 + 9 bytes USER32! 77e7124c() 00ae22d0()
Reassigning to pavlov for now.
Assignee: neeti → pavlov
r=dr
sr comments: The assertion says to me ``we should not be called with a null URI''. So why are we not fixing whatever causes this situation, rather than papering over it?
Status: NEW → ASSIGNED
Keywords: patch
shaver took the words right out of my mouth. I believe gagan's putting a bug together that addresses the broken mScheme parsing.
*** Bug 73742 has been marked as a duplicate of this bug. ***
this bug is about a crash in imagelib. my patch fixes that. the reason for it crashing due to necko feeding back bad urls should be a seperate bug.
sr=hyatt
fixed
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
*** Bug 73603 has been marked as a duplicate of this bug. ***
The bug described in bug 73603 is being reported as a topcrasher for mozilla 0.8.1 and that bug is marked a dup of this one, so adding topcrash keyword, M081 and [@ nsStdURL::SchemeIs] for tracking.
Keywords: topcrash
Summary: lists.eazel.org URL crashes browser → M081 crash [@ nsStdURL::SchemeIs] lists.eazel.org URL crashes browser
Still crashes at <http://www.flic.net/albums>, testcase in bug 73603. Reopening.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
this is hitting some code in the old imagelib that is still alive. it will be getting removed soon
Target Milestone: mozilla0.9 → mozilla0.9.1
HTML file at <http://www.flic.net/albums> disappears. This bug should be resolved as worksforme or invalid.
This crash last occurred with build 2001041922 according to the latest Talkback data, so markind this Resolved Worksforme.
Status: REOPENED → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → WORKSFORME
Using Netscape 6 Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; m18) Gecko/20010131 Netscape6/6.01 From the Bug Report: <<Bug crashes browser if I go to this url: http://lists.eazel.com/pipermail/gimme/2001-March/000017.html it crashes Mozilla. As far as I can tell it's reproducible. Using blizzard'ssnapshot RPM build. Also crashes at this site:<http://www.flic.net/albums> >> I tested the version of Netscape 6.01 using Win98/ME/2000 Professional on 2 seperate machines. I was unable to reproduce this error. Mozilla0.8.1+ Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:0.8.1+) Gecko/20010425 This nightly build has corrected the issue.
Summary: M081 crash [@ nsStdURL::SchemeIs] lists.eazel.org URL crashes browser → M081 & Trunk crash [@ nsStdURL::SchemeIs] lists.eazel.org URL crashes browser
Moving all the Works For Me bugs to talkback user account for future reference.
Assignee: pavlov → talkback
Status: RESOLVED → NEW
We are gathering all the Resolved and WFM bugs which are happened to be topcrash bugs and assigning it to talkback. I am marking all of them as RESOLVED WFM.
Status: NEW → RESOLVED
Closed: 24 years ago24 years ago
VERIFIED on branch 2001060713 linux build. Leaving as resolved until the other platforms are checked.
verified worksforme. i haven't seen this crash in talkback data recently...feel free to reopen if this show up again.
Status: RESOLVED → VERIFIED
Crash Signature: [@ nsStdURL::SchemeIs]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: