Mozilla crashes on certain banners

VERIFIED DUPLICATE of bug 74113

Status

Core Graveyard
GFX
--
critical
VERIFIED DUPLICATE of bug 74113
17 years ago
9 years ago

People

(Reporter: Aleksander Adamowski, Assigned: Kevin McCluskey (gone))

Tracking

({crash})

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

17 years ago
Mozilla crashes probably when you happen upon proper banners 
To reproduce:
1. Go to the supplied URL
2. If it doesn't crash, reload a couple of times until it crashes.
The only elements of the page that change are banners, so it's probably certain
banners that cause the crash.
Build ID: 2001040904 (win32-talkback)
A couple of talkback IDs:
TB28867132M
TB28867033M
TB28866574Y

I have no idea which component could this fit into (the crash banners are
probably animated GIFs so I selected ImageLib, but there also might be some
Javascript. I don't have a
good idea on how to determine the type of banners that cause the crash).

Comment 1

17 years ago
I see this with PC Linux 2001040608

Comment 2

17 years ago
I'm also seeing this on Linux build 2001040908 (and most since 20010328 or so).
 Turning off image loading entirely, while broken, at least helps this bug.

Comment 3

17 years ago
Confirming also with Linux 2001040508. Adding keyword crash, setting OS to all.
Keywords: crash
OS: Windows 2000 → All

Updated

17 years ago
Whiteboard: [imglib]
Assignee: pavlov → kmcclusk
Component: ImageLib → Compositor
QA Contact: tpreston → petersen
Whiteboard: [imglib]
From a linux 2001-04-09 build:

#0  0x41d314c8 in nsFrame::Invalidate (this=0x88db620, aPresContext=0x86ebf30, 
    aDamageRect=@0xbffff178, aImmediate=0) at nsFrame.cpp:2170
#1  0x41d47c46 in nsImageFrame::FrameChanged (this=0x88db620, aContainer=0x88bf6a0, 
    aPresContext=0x86ebf30, aNewFrame=0x89db1d0, aDirtyRect=0xbffff368)
    at nsImageFrame.cpp:436
#2  0x41d4b972 in nsImageListener::FrameChanged (this=0x8905a88,
aContainer=0x88bf6a0, 
    aContext=0x86ebf30, newframe=0x89db1d0, dirtyRect=0xbffff368)
    at nsImageFrame.cpp:1790
#3  0x420557bf in imgRequestProxy::FrameChanged (this=0x8756d30,
container=0x88bf6a0, 
    cx=0x0, newframe=0x89db1d0, dirtyRect=0xbffff368) at imgRequestProxy.cpp:200
#4  0x4205342f in imgRequest::FrameChanged (this=0x87b4cd0, container=0x88bf6a0,
cx=0x0, 
    newframe=0x89db1d0, dirtyRect=0xbffff368) at imgRequest.cpp:356
#5  0x420504d1 in imgContainer::Notify (this=0x88bf6a0, timer=0x89efbb8)
    at imgContainer.cpp:398
#6  0x421acedf in nsTimerGtk::FireTimeout (this=0x89efbb8) at nsTimerGtk.cpp:186
#7  0x421ad0f4 in process_timers (array=0x83313f0) at nsTimerGtk.cpp:256
#8  0x421ad1ca in TimerCallbackFunc (data=0x0) at nsTimerGtk.cpp:278
#9  0x409f604d in g_timeout_dispatch () from /usr/lib/libglib-1.2.so.0
#10 0x409f5186 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
#11 0x409f5751 in g_main_iterate () from /usr/lib/libglib-1.2.so.0
#12 0x409f58f1 in g_main_run () from /usr/lib/libglib-1.2.so.0
#13 0x4091dc69 in gtk_main () from /usr/lib/libgtk-1.2.so.0
#14 0x40829daa in nsAppShell::Run (this=0x80b6170) at nsAppShell.cpp:360
#15 0x40755794 in nsAppShellService::Run (this=0x80bf3c8) at
nsAppShellService.cpp:407
#16 0x08054c2d in main1 (argc=1, argv=0xbffff784, nativeApp=0x0) at
nsAppRunner.cpp:1021
#17 0x0805595a in main (argc=1, argv=0xbffff784) at nsAppRunner.cpp:1316
#18 0x403239cb in __libc_start_main (main=0x805576c <main>, argc=1,
argv=0xbffff784, 
    init=0x804f968 <_init>, fini=0x8060f6c <_fini>, rtld_fini=0x4000ae60
<_dl_fini>, 
    stack_end=0xbffff77c) at ../sysdeps/generic/libc-start.c:92


(gdb) frame 0
#0  0x41d314c8 in nsFrame::Invalidate (this=0x88db620, aPresContext=0x86ebf30, 
    aDamageRect=@0xbffff178, aImmediate=0) at nsFrame.cpp:2170
2170        view->GetViewManager(viewManager);
(gdb) p view
$1 = (nsIView *) 0x0
(gdb) frame 1
#1  0x41d47c46 in nsImageFrame::FrameChanged (this=0x88db620, aContainer=0x88bf6a0, 
    aPresContext=0x86ebf30, aNewFrame=0x89db1d0, aDirtyRect=0xbffff368)
    at nsImageFrame.cpp:436
436       Invalidate(aPresContext, r, PR_FALSE);
(gdb) p r
$2 = {x = 1665, y = 540, width = 4905, height = 210}
(gdb) p aPresContext 
$3 = (nsIPresContext *) 0x86ebf30
(gdb) p *aPresContext
$4 = {<nsISupports> = {
    _vptr. = 0x41feaf40 <GalleyContext virtual table>}, <No data fields>}

over to compositor
(Assignee)

Comment 5

17 years ago

*** This bug has been marked as a duplicate of 74113 ***
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE

Comment 6

17 years ago
Verified Duplicate
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.