M081 & Trunk crash [@ nsStdURL::SchemeIs] lists.eazel.org URL crashes browser

VERIFIED WORKSFORME

Status

()

--
critical
VERIFIED WORKSFORME
18 years ago
17 years ago

People

(Reporter: hp, Assigned: talkback)

Tracking

({crash, topcrash})

Trunk
mozilla0.9.1
x86
Linux
crash, topcrash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(3 attachments)

(Reporter)

Description

18 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.16-22 i686; en-US; 0.8.1) Gecko/20010314
BuildID:    20010314

If I go to this url: http://lists.eazel.com/pipermail/gimme/2001-March/000017.html

it crashes Mozilla. As far as I can tell it's reproducible. Using blizzard's
snapshot RPM build.

Reproducible: Always
Steps to Reproduce:
1.go to http://lists.eazel.com/pipermail/gimme/2001-March/000017.html
2.observe core dump action

Comment 1

18 years ago
Confirming w/build from the 17th.
Non-debug seems to crash in nsStdURL::SchemeIs () from
mozilla/dist/bin/components/libnecko.so
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 2

18 years ago
Created attachment 28087 [details]
backtrace

Comment 3

18 years ago
over to necko
Assignee: asa → neeti
Component: Browser-General → Networking
QA Contact: doronr → tever

Comment 4

18 years ago
This crash happens on windows too.
Target Milestone: --- → mozilla0.9

Comment 5

18 years ago
With a windows build from 3/12 this crash soes not happen. Something changed 
between 3/12 and 3/18.

Comment 6

18 years ago
In nsStdURL::SchemeIs(...), mScheme is null, causing it to crash.

Comment 7

18 years ago
if mScheme is null, it sounds like there's a url creation problem here.

Comment 8

18 years ago
The call stack before we call Parse() is show below.

nsStdURL::Parse(const char * 0x04b13520) line 358
nsStdURL::SetSpec(nsStdURL * const 0x02d644f0, const char * 0x04b14210) line 906 
+ 12 bytes
il_PermitLoad(const char * 0x04b14210, nsIImageRequestObserver * 0x04b17f94) 
line 1749 + 49 bytes
IL_GetImage(const char * 0x04b14210, _IL_GroupContext * 0x04b178b0, 
OpaqueObserverList * 0x04b16030, _NI_IRGB * 0x00000000, unsigned int 16, 
unsigned int 16, unsigned int 0, void * 0x04b16070, nsIImageRequestObserver * 
0x04b17f94) line 1852 + 13 bytes
ImageRequestImpl::Init(void * 0x04b178b0, const char * 0x04b14210, 
nsIImageRequestObserver * 0x04b17f94, const unsigned int * 0x00000000, unsigned 
int 16, unsigned int 16, unsigned int 0, ilINetContext * 0x04b16070) line 260 + 
53 bytes
ImageGroupImpl::GetImage(const char * 0x04b14210, nsIImageRequestObserver * 
0x04b17f94, const unsigned int * 0x00000000, unsigned int 16, unsigned int 16, 
unsigned int 0) line 282 + 46 bytes
nsFrameImageLoader::Init(nsFrameImageLoader * const 0x04b17f90, nsIPresContext * 
0x0539fde0, nsIImageGroup * 0x04b16370, const nsString & {...}, const unsigned 
int * 0x00000000, const nsSize * 0x00f54eb0, nsIFrame * 0x00f54e30, 
nsImageAnimation eImageAnimation_Normal, unsigned int (nsIPresContext *, 
nsIFrameImageLoader *, nsIFrame *, void *, unsigned int)* ...) line 183 + 57 
bytes
nsPresContext::StartLoadImage(nsPresContext * const 0x0539fde0, const nsString & 
{...}, const unsigned int * 0x00000000, const nsSize * 0x00f54eb0, nsIFrame * 
0x00f54e30, unsigned int (nsIPresContext *, nsIFrameImageLoader *, nsIFrame *, 
void *, unsigned int)* 0x021d9730 nsHTMLImageLoader::ImageLoadCB(nsIPresContext 
*, nsIFrameImageLoader *, nsIFrame *, void *, unsigned int), ...) 
nsHTMLImageLoader::StartLoadImage(nsIPresContext * 0x0539fde0) line 223 + 73 
bytes
nsHTMLImageLoader::GetDesiredSize(nsIPresContext * 0x0539fde0, const 
nsHTMLReflowState * 0x0012b224, nsHTMLReflowMetrics & {...}) line 485
nsImageFrame::GetDesiredSize(nsIPresContext * 0x0539fde0, const 
nsHTMLReflowState & {...}, nsHTMLReflowMetrics & {...}) line 382 + 23 bytes
nsImageFrame::Reflow(nsImageFrame * const 0x00f54e30, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 425
nsLineLayout::ReflowFrame(nsIFrame * 0x00f54e30, nsIFrame * * 0x0012bde0, 
unsigned int & 0, nsHTMLReflowMetrics * 0x00000000, int & 0) line 921
nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineLayout & 
{...}, nsLineBox * 0x00f54edc, nsIFrame * 0x00f54e30, unsigned char * 
0x0012b354) line 4422 + 29 bytes
nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState & {...}, nsLineLayout & 
{...}, nsLineBox * 0x00f54edc, int * 0x0012b9d0, unsigned char * 0x0012b818, int 
0, int 0) line 4306 + 28 bytes
nsBlockFrame::DoReflowInlineFramesAuto(nsBlockReflowState & {...}, nsLineBox * 
0x00f54edc, int * 0x0012b9d0, unsigned char * 0x0012b818, int 0, int 0) line 
4231 + 42 bytes
nsBlockFrame::ReflowInlineFrames(nsBlockReflowState & {...}, nsLineBox * 
0x00f54edc, int * 0x0012b9d0, int 0, int 0) line 4176 + 32 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x00f54edc, int 
* 0x0012b9d0, int 0) line 3310 + 29 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2999 + 27 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x00f07c70, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 1771 + 15 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x00f07c70, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, 
int 0, unsigned int 0, unsigned int & 0) line 692 + 31 bytes
nsTableCellFrame::Reflow(nsTableCellFrame * const 0x00f07c14, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 687
nsContainerFrame::ReflowChild(nsIFrame * 0x00f07c14, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, 
int 0, unsigned int 0, unsigned int & 0) line 692 + 31 bytes
nsTableRowFrame::ReflowChildren(nsTableRowFrame * const 0x00f07bcc, 
nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const 
nsHTMLReflowState & {...}, nsTableFrame & {...}, unsigned int & 0, int 1) line 
874 + 45 bytes
nsTableRowFrame::Reflow(nsTableRowFrame * const 0x00f07bcc, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 1220 + 37 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x00f07bcc, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, 
int 0, unsigned int 0, unsigned int & 0) line 692 + 31 bytes
nsTableRowGroupFrame::ReflowChildren(nsTableRowGroupFrame * const 0x00f07b90, 
nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, nsRowGroupReflowState 
& {...}, unsigned int & 0, nsTableRowFrame * 0x00000000, int 0) line 373 + 45 
bytes
nsTableRowGroupFrame::Reflow(nsTableRowGroupFrame * const 0x00f07b90, 
nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const 
nsHTMLReflowState & {...}, unsigned int & 0) line 994 + 29 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x00f07b90, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, 
int 0, unsigned int 0, unsigned int & 0) line 692 + 31 bytes
nsTableFrame::ReflowChildren(nsTableFrame * const 0x00f07b28, nsIPresContext * 
0x0539fde0, nsTableReflowState & {...}, int 1, int 0, unsigned int & 0, int * 
0x00000000) line 2874 + 47 bytes
nsTableFrame::Reflow(nsTableFrame * const 0x00f07b28, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 1786
nsContainerFrame::ReflowChild(nsIFrame * 0x00f07b28, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, 
int 0, unsigned int 3, unsigned int & 0) line 692 + 31 bytes
nsTableOuterFrame::OuterReflowChild(nsTableOuterFrame * const 0x00f07adc, 
nsIPresContext * 0x0539fde0, nsIFrame * 0x00f07b28, const nsHTMLReflowState & 
{...}, nsHTMLReflowMetrics & {...}, int * 0x00000000, nsSize & {...}, nsMargin & 
{...}, nsMargin & {...}, nsMargin & {...}, nsReflowReason eReflowReason_Initial, 
unsigned int & 0) line 894 + 47 bytes
nsTableOuterFrame::Reflow(nsTableOuterFrame * const 0x00f07adc, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 1438 + 69 bytes
nsBlockReflowContext::DoReflowBlock(nsHTMLReflowState & {...}, nsReflowReason 
eReflowReason_Initial, nsIFrame * 0x00f07adc, const nsRect & {...}, int 1, int 
0, int 0, nsMargin & {...}, unsigned int & 0) line 568 + 36 bytes
nsBlockReflowContext::ReflowBlock(nsIFrame * 0x00f07adc, const nsRect & {...}, 
int 1, int 0, int 0, nsMargin & {...}, unsigned int & 0) line 336 + 50 bytes
nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox * 
0x00f553d8, int * 0x0012d444) line 3929 + 56 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x00f553d8, int 
* 0x0012d444, int 0) line 3192 + 23 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2999 + 27 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x00f06da4, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 1771 + 15 bytes
nsBlockReflowContext::DoReflowBlock(nsHTMLReflowState & {...}, nsReflowReason 
eReflowReason_Initial, nsIFrame * 0x00f06da4, const nsRect & {...}, int 1, int 
0, int 0, nsMargin & {...}, unsigned int & 0) line 568 + 36 bytes
nsBlockReflowContext::ReflowBlock(nsIFrame * 0x00f06da4, const nsRect & {...}, 
int 1, int 0, int 0, nsMargin & {...}, unsigned int & 0) line 336 + 50 bytes
nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox * 
0x00f562b4, int * 0x0012dfac) line 3929 + 56 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x00f562b4, int 
* 0x0012dfac, int 1) line 3192 + 23 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2999 + 27 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x00f89e68, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 1771 + 15 bytes
nsBlockReflowContext::DoReflowBlock(nsHTMLReflowState & {...}, nsReflowReason 
eReflowReason_Incremental, nsIFrame * 0x00f89e68, const nsRect & {...}, int 1, 
int 0, int 1, nsMargin & {...}, unsigned int & 0) line 568 + 36 bytes
nsBlockReflowContext::ReflowBlock(nsIFrame * 0x00f89e68, const nsRect & {...}, 
int 1, int 0, int 1, nsMargin & {...}, unsigned int & 0) line 336 + 50 bytes
nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox * 
0x00f89edc, int * 0x0012eb14) line 3929 + 56 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x00f89edc, int 
* 0x0012eb14, int 1) line 3192 + 23 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2999 + 27 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x00f89de0, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 1771 + 15 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x00f89de0, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, 
int 0, unsigned int 0, unsigned int & 0) line 692 + 31 bytes
CanvasFrame::Reflow(CanvasFrame * const 0x00f88f5c, nsIPresContext * 0x0539fde0, 
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) 
line 304
nsBoxToBlockAdaptor::Reflow(nsBoxLayoutState & {...}, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0, int 0, int 0, int 6930, int 8025, int 1) line 866
nsBoxToBlockAdaptor::DoLayout(nsBoxToBlockAdaptor * const 0x00f89d74, 
nsBoxLayoutState & {...}) line 523 + 52 bytes
nsBox::Layout(nsBox * const 0x00f89d74, nsBoxLayoutState & {...}) line 985
nsScrollBoxFrame::DoLayout(nsScrollBoxFrame * const 0x00f89074, nsBoxLayoutState 
& {...}) line 377
nsBox::Layout(nsBox * const 0x00f89074, nsBoxLayoutState & {...}) line 985
nsContainerBox::LayoutChildAt(nsBoxLayoutState & {...}, nsIBox * 0x00f89074, 
const nsRect & {...}) line 591 + 16 bytes
nsGfxScrollFrameInner::LayoutBox(nsBoxLayoutState & {...}, nsIBox * 0x00f89074, 
const nsRect & {...}) line 1023 + 17 bytes
nsGfxScrollFrameInner::Layout(nsBoxLayoutState & {...}) line 1106
nsGfxScrollFrame::DoLayout(nsGfxScrollFrame * const 0x00f88fcc, nsBoxLayoutState 
& {...}) line 1031 + 15 bytes
nsBox::Layout(nsBox * const 0x00f88fcc, nsBoxLayoutState & {...}) line 985
nsBoxFrame::Reflow(nsBoxFrame * const 0x00f88f94, nsIPresContext * 0x0539fde0, 
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) 
line 781
nsGfxScrollFrame::Reflow(nsGfxScrollFrame * const 0x00f88f94, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 735 + 25 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x00f88f94, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, 
int 0, unsigned int 0, unsigned int & 0) line 692 + 31 bytes
ViewportFrame::Reflow(ViewportFrame * const 0x00f88f20, nsIPresContext * 
0x0539fde0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 544
nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x04becf70, 
nsIPresContext * 0x0539fde0, nsHTMLReflowMetrics & {...}, const nsSize & {...}, 
nsIRenderingContext & {...}) line 145
PresShell::ProcessReflowCommand(nsVoidArray & {...}, int 1, nsHTMLReflowMetrics 
& {...}, nsSize & {...}, nsIRenderingContext & {...}) line 5261
PresShell::ProcessReflowCommands(int 1) line 5316
ReflowEvent::HandleEvent() line 5174
HandlePLEvent(ReflowEvent * 0x04be96e0) line 5188
PL_HandleEvent(PLEvent * 0x04be96e0) line 588 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00add030) line 518 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x00250f0e, unsigned int 49405, unsigned int 0, 
long 11391024) line 1069 + 9 bytes
USER32! 77e7124c()
00add030()

Comment 9

18 years ago
In nsStdURL::SetSpec(const char* i_Spec), iSpec is 
"cid:984896761.1064.0.camel@spectrolite"

Now in nsStdURL::Parse(..)
after we call 

nsresult rv = mURLParser->ParseAtScheme(i_Spec, &mScheme, &mUsername, 
                                            &mPassword, &mHost, &mPort, 
                                            &ePath);

iSpec is "cid:984896761.1064.0.camel@spectrolite"
mScheme is null
mUsername is null
mPassword is null
mHost is cid
mPort is 984896761
ePath is null  and  rv = 0.

Is it ok for rv to be NS_OK if mScheme is null?

Comment 10

18 years ago
There is implicit problem with the way the URL parsing works. When a new 
nsStdURL object is created we initialize all variables to nsnull (host, spec, 
scheme... etc) however when the parsing occurs deep down we call ExtractString 
which essentially sets some of these to empty strings. So we don't crash on some 
of these cases! In my mind all variables should be initialized to "" and hence 
avoid these inconsistencies.  There is another bug which borders on this-- bug 
68335. Neeti if you want you can fix them both! :) or if not give this one to me 
as well... and I'll fix em both.

Comment 11

18 years ago
Even after we initialize all variables(host, spec, scheme... etc) to an empty 
string "", we will still crash in nsStdURL::SchemeIs(..) when we do the 
following check 

if (*i_Scheme == *mScheme || *i_Scheme == (*mScheme - ('a' - 'A')) )

and mScheme is ""

Comment 12

18 years ago
The old stack trace for this bug is no longer valid, since the new imglib code 
has landed. 

We crash in imgLoader::LoadImage(..)

Comment 13

18 years ago
This is the new stack trace.


imgLoader::LoadImage(imgLoader * const 0x030df2c0, nsIURI * 0x00000000, 
nsILoadGroup * 
0x05269190, imgIDecoderObserver * 0x0527a9b0, nsISupports * 0x05e0d300, 
imgIRequest * * 
0x00f1c85c) line 68 + 31 bytes
nsImageFrame::Init(nsImageFrame * const 0x00f1c7c8, nsIPresContext * 0x05e0d300, 
nsIContent * 
0x05044760, nsIFrame * 0x00f1c740, nsIStyleContext * 0x0527af20, nsIFrame * 
0x00000000) line 
272 + 111 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x05e0d300, 
nsFrameConstructorState & {...}, nsIContent * 0x05044760, nsIFrame * 0x00f1c740, 
nsIStyleContext 
* 0x0527af20, nsIFrame * 0x00000000, nsIFrame * 0x00f1c7c8) line 6648 + 32 bytes
nsCSSFrameConstructor::ConstructFrameByTag(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044760, nsIFrame * 
0x00f1c740, 
nsIAtom * 0x014a6280, int 3, nsIStyleContext * 0x0527af20, nsFrameItems & {...}) 
line 4925
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044760, nsIFrame * 
0x00f1c740, 
nsIAtom * 0x014a6280, int 3, nsIStyleContext * 0x0527af20, nsFrameItems & {...}, 
int 0) line 7166 + 
52 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05ebe600, nsIPresContext 
* 0x05e0d300, 
nsFrameConstructorState & {...}, nsIContent * 0x05044760, nsIFrame * 0x00f1c740, 
nsFrameItems & 
{...}) line 7076 + 56 bytes
nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x05ebe600, nsIPresContext 
* 0x05e0d300, 
nsFrameConstructorState & {...}, nsIContent * 0x05044960, nsIFrame * 0x00f1c740, 
int 1, 
nsFrameItems & {...}, int 1, nsTableCreator * 0x00000000) line 11192 + 43 bytes
nsCSSFrameConstructor::ConstructTableCellFrame(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044960, nsIFrame * 
0x00f1c69c, 
nsIStyleContext * 0x0527d700, nsTableCreator & {...}, int 0, nsFrameItems & 
{...}, nsIFrame * & 
0x00f1c6e4, nsIFrame * & 0x00f1c740, int & 0) line 2949 + 40 bytes
nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent & {...}, nsIFrame * 
0x00f1c69c, nsIAtom * 
0x014ad930, nsIStyleContext * 0x0527e040, nsTableCreator & {...}, nsFrameItems & 
{...}, nsIFrame 
* & 0x00000000) line 3213 + 59 bytes
nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044b00, nsIFrame * 
0x00f1c69c, 
nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3124 
+ 69 bytes
nsCSSFrameConstructor::ConstructTableRowFrame(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044b00, nsIFrame * 
0x00f1c660, 
nsIStyleContext * 0x0527e040, nsTableCreator & {...}, int 0, nsFrameItems & 
{...}, nsIFrame * & 
0x00f1c69c, int & 0) line 2820 + 42 bytes
nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent & {...}, nsIFrame * 
0x00f1c660, nsIAtom * 
0x014ad9d0, nsIStyleContext * 0x0527e2b0, nsTableCreator & {...}, nsFrameItems & 
{...}, nsIFrame 
* & 0x00000000) line 3199 + 55 bytes
nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044bf0, nsIFrame * 
0x00f1c660, 
nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3124 
+ 69 bytes
nsCSSFrameConstructor::ConstructTableRowGroupFrame(nsIPresShell * 0x05ebe600, 
nsIPresContext 
* 0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044bf0, nsIFrame 
* 0x00f1c5f8, 
nsIStyleContext * 0x0527e2b0, nsTableCreator & {...}, int 0, nsFrameItems & 
{...}, nsIFrame * & 
0x00f1c660, int & 0) line 2711 + 42 bytes
nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent & {...}, nsIFrame * 
0x00f1c5f8, nsIAtom * 
0x014adb10, nsIStyleContext * 0x0527efb0, nsTableCreator & {...}, nsFrameItems & 
{...}, nsIFrame 
* & 0x00000000) line 3193 + 55 bytes
nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044f60, nsIFrame * 
0x00f1c5f8, 
nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3124 
+ 69 bytes
nsCSSFrameConstructor::ConstructTableFrame(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044f60, nsIFrame * 
0x00f1fd80, 
nsIStyleContext * 0x0527efb0, nsTableCreator & {...}, int 0, nsFrameItems & 
{...}, nsIFrame * & 
0x00f1c5ac, nsIFrame * & 0x00f1c5f8, int & 0) line 2592 + 42 bytes
nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, const nsStyleDisplay * 0x0527ec44, 
nsIContent * 
0x05044f60, nsIFrame * 0x00f1fd80, nsIStyleContext * 0x0527efb0, nsFrameItems & 
{...}) line 6470 
+ 63 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x05044f60, nsIFrame * 
0x00f1fd80, 
nsIAtom * 0x014a97b0, int 3, nsIStyleContext * 0x0527efb0, nsFrameItems & {...}, 
int 0) line 7209 + 
48 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05ebe600, nsIPresContext 
* 0x05e0d300, 
nsFrameConstructorState & {...}, nsIContent * 0x05044f60, nsIFrame * 0x00f1fd80, 
nsFrameItems & 
{...}) line 7076 + 56 bytes
nsCSSFrameConstructor::ProcessBlockChildren(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x0677dac0, nsIFrame * 
0x00f1fd80, int 
1, nsFrameItems & {...}, int 1) line 12350 + 37 bytes
nsCSSFrameConstructor::ConstructBlock(nsIPresShell * 0x05ebe600, nsIPresContext 
* 0x05e0d300, 
nsFrameConstructorState & {...}, const nsStyleDisplay * 0x05270344, nsIContent * 
0x0677dac0, 
nsIFrame * 0x00ec4b38, nsIStyleContext * 0x052710c0, nsIFrame * 0x00f1fd80) line 
12299 + 36 
bytes
nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, const nsStyleDisplay * 0x05270344, 
nsIContent * 
0x0677dac0, nsIFrame * 0x00ec4b38, nsIStyleContext * 0x052710c0, nsFrameItems & 
{...}) line 
6422 + 43 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05ebe600, 
nsIPresContext * 
0x05e0d300, nsFrameConstructorState & {...}, nsIContent * 0x0677dac0, nsIFrame * 
0x00ec4b38, 
nsIAtom * 0x014a8cf0, int 3, nsIStyleContext * 0x052710c0, nsFrameItems & {...}, 
int 0) line 7209 + 
48 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05ebe600, nsIPresContext 
* 0x05e0d300, 
nsFrameConstructorState & {...}, nsIContent * 0x0677dac0, nsIFrame * 0x00ec4b38, 
nsFrameItems & 
{...}) line 7076 + 56 bytes
nsCSSFrameConstructor::ContentAppended(nsCSSFrameConstructor * const 0x05ea0de0, 
nsIPresContext * 0x05e0d300, nsIContent * 0x05edec40, int 0) line 8066
StyleSetImpl::ContentAppended(StyleSetImpl * const 0x05ea0e40, nsIPresContext * 
0x05e0d300, 
nsIContent * 0x05edec40, int 0) line 1215
PresShell::ContentAppended(PresShell * const 0x05ebe608, nsIDocument * 
0x05789230, nsIContent * 
0x05edec40, int 0) line 4406 + 46 bytes
nsDocument::ContentAppended(nsDocument * const 0x05789230, nsIContent * 
0x05edec40, int 0) line 
1596
nsHTMLDocument::ContentAppended(nsHTMLDocument * const 0x05789230, nsIContent * 
0x05edec40, int 0) line 1256
HTMLContentSink::NotifyAppend(nsIContent * 0x05edec40, int 0) line 4544
SinkContext::FlushTags(int 1) line 2047
SinkContext::DidAddContent(nsIContent * 0x05044b00, int 0) line 1347
SinkContext::CloseContainer(const nsIParserNode & {...}) line 1534
HTMLContentSink::CloseContainer(HTMLContentSink * const 0x05dfc100, const 
nsIParserNode & 
{...}) line 3172 + 18 bytes
CNavDTD::CloseContainer(const nsIParserNode * 0x00f23130, nsHTMLTag eHTMLTag_tr, 
int 0) line 
3506 + 31 bytes
CNavDTD::CloseContainersTo(int 5, nsHTMLTag eHTMLTag_tr, int 0) line 3542 + 20 
bytes
CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_tr, int 0) line 3699 + 20 bytes
CNavDTD::HandleEndToken(CToken * 0x00f2a7a8) line 1942 + 14 bytes
CNavDTD::HandleToken(CNavDTD * const 0x05ede530, CToken * 0x00f2a7a8, nsIParser 
* 
0x057af350) line 827 + 12 bytes
CNavDTD::BuildModel(CNavDTD * const 0x05ede530, nsIParser * 0x057af350, 
nsITokenizer * 
0x05ee5f20, nsITokenObserver * 0x00000000, nsIContentSink * 0x05dfc100) line 518 
+ 20 bytes
nsParser::BuildModel() line 2028 + 34 bytes
nsParser::ResumeParse(int 1, int 0) line 1909 + 11 bytes
nsParser::OnDataAvailable(nsParser * const 0x057af358, nsIRequest * 0x056d4140, 
nsISupports * 
0x00000000, nsIInputStream * 0x05ed1a20, unsigned int 0, unsigned int 4523) line 
2358 + 19 bytes
nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x056d4030, 
nsIRequest * 
0x056d4140, nsISupports * 0x00000000, nsIInputStream * 0x05ed1a20, unsigned int 
0, unsigned int 
4523) line 260 + 46 bytes
nsHTTPFinalListener::OnDataAvailable(nsHTTPFinalListener * const 0x056d7990, 
nsIRequest * 
0x056d4140, nsISupports * 0x00000000, nsIInputStream * 0x05ed1a20, unsigned int 
0, unsigned int 
4523) line 1163 + 46 bytes
nsStreamListenerTee::OnDataAvailable(nsStreamListenerTee * const 0x0578e860, 
nsIRequest * 
0x056d4140, nsISupports * 0x00000000, nsIInputStream * 0x056d7880, unsigned int 
0, unsigned int 
4523) line 54 + 51 bytes
nsHTTPServerListener::OnDataAvailable(nsHTTPServerListener * const 0x056daab0, 
nsIRequest * 
0x056d6d50, nsISupports * 0x056d4140, nsIInputStream * 0x056d7880, unsigned int 
1460, unsigned 
int 4523) line 540 + 64 bytes
nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x05dff930) 
line 161 + 70 
bytes
nsStreamObserverEvent::HandlePLEvent(PLEvent * 0x05dff934) line 79
PL_HandleEvent(PLEvent * 0x05dff934) line 588 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00ae22d0) line 518 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x028e09b8, unsigned int 49405, unsigned int 0, 
long 11412176) 
line 1069 + 9 bytes
USER32! 77e7124c()
00ae22d0()

Comment 14

18 years ago
Reassigning to pavlov for now.
Assignee: neeti → pavlov

Comment 15

18 years ago
Created attachment 28942 [details] [diff] [review]
patch to not crash if we get a null uri

Comment 16

18 years ago
Created attachment 28943 [details] [diff] [review]
add an assertion to the imageframe if the uri is null

Comment 17

18 years ago
r=dr
sr comments:

The assertion says to me ``we should not be called with a null URI''.  So why
are we not fixing whatever causes this situation, rather than papering over it?

Updated

18 years ago
Status: NEW → ASSIGNED
Keywords: patch

Comment 19

18 years ago
shaver took the words right out of my mouth. I believe gagan's putting a bug
together that addresses the broken mScheme parsing.

Comment 20

18 years ago
*** Bug 73742 has been marked as a duplicate of this bug. ***

Comment 21

18 years ago
this bug is about a crash in imagelib.  my patch fixes that.  the reason for it 
crashing due to necko feeding back bad urls should be a seperate bug.

Comment 22

18 years ago
sr=hyatt

Comment 23

18 years ago
fixed
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED

Comment 24

18 years ago
*** Bug 73603 has been marked as a duplicate of this bug. ***

Comment 25

18 years ago
The bug described in bug 73603 is being reported as a topcrasher for mozilla 
0.8.1 and that bug is marked a dup of this one, so adding topcrash keyword, M081 
and [@ nsStdURL::SchemeIs] for tracking.
Keywords: topcrash
Summary: lists.eazel.org URL crashes browser → M081 crash [@ nsStdURL::SchemeIs] lists.eazel.org URL crashes browser

Comment 26

18 years ago
Still crashes at <http://www.flic.net/albums>, testcase in bug 73603.
Reopening.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Comment 27

18 years ago
this is hitting some code in the old imagelib that is still alive.  it will be 
getting removed soon
Target Milestone: mozilla0.9 → mozilla0.9.1

Comment 28

18 years ago
HTML file at <http://www.flic.net/albums> disappears.

This bug should be resolved as worksforme or invalid.

Comment 29

18 years ago
This crash last occurred with build 2001041922 according to the latest Talkback 
data, so markind this Resolved Worksforme.
Status: REOPENED → RESOLVED
Last Resolved: 18 years ago18 years ago
Resolution: --- → WORKSFORME

Comment 30

18 years ago
Using Netscape 6
Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; m18) Gecko/20010131 Netscape6/6.01

From the Bug Report:
<<Bug crashes browser if I go to this url: 
http://lists.eazel.com/pipermail/gimme/2001-March/000017.html  it crashes 
Mozilla. As far as I can tell it's reproducible. Using blizzard'ssnapshot RPM 
build.  Also crashes at this site:<http://www.flic.net/albums> >>

I tested the version of Netscape 6.01 using Win98/ME/2000 Professional on 2 
seperate machines.   I was unable to reproduce this error. 

Mozilla0.8.1+
Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:0.8.1+) Gecko/20010425
This nightly build has corrected the issue.

Updated

18 years ago
Summary: M081 crash [@ nsStdURL::SchemeIs] lists.eazel.org URL crashes browser → M081 & Trunk crash [@ nsStdURL::SchemeIs] lists.eazel.org URL crashes browser

Comment 31

18 years ago
Moving all the Works For Me bugs to talkback user account for future reference.
Assignee: pavlov → talkback
Status: RESOLVED → NEW

Comment 32

18 years ago
We are gathering all the Resolved and WFM bugs which are happened to be topcrash 
bugs and assigning it to talkback. I am marking all of them as RESOLVED WFM.
Status: NEW → RESOLVED
Last Resolved: 18 years ago18 years ago
VERIFIED on branch 2001060713 linux build. Leaving as resolved until the other
platforms are checked.

Comment 34

17 years ago
verified worksforme.  i haven't seen this crash in talkback data recently...feel
free to reopen if this show up again.
Status: RESOLVED → VERIFIED
Crash Signature: [@ nsStdURL::SchemeIs]
You need to log in before you can comment on or make changes to this bug.