Closed
Bug 75388
Opened 24 years ago
Closed 24 years ago
Open Web Location 2x or Open File 2x or submit insecure form 2x or install XPI = Trunk crash [@ nsImageBoxFrame::OnStartContainer]
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: mattdm, Assigned: pavlov)
References
Details
(4 keywords, Whiteboard: [imagelib])
Crash Data
Attachments
(2 files)
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.16-3 i686; en-US; 0.8.1)
BuildID: 2001041005
Attempting to use either Open Web Location or Open File more than once causes a
segfault.
Reproducible: Always
Steps to Reproduce:
1. Pick File|Open Web Location.
2. Either cancel, or actually open a page.
3. Repeat step one.
Actual Results: Crash.
Expected Results: Dialog box should be come up as normal.
Same behavior with File|Open File. The two are not interlinked -- either dialog
can be accessed exactly once.
Comment 1•24 years ago
|
||
I see this in 2001-04-10-05 on linux also.
Comment 2•24 years ago
|
||
Comment 3•24 years ago
|
||
I have another way to reproduce this also:
1) Make sure that the "warn before sending form data to an insecure site"
option is on in PSM Application prefs
2) Submit an insecure form (the "Find" button at the bottom of Bugzilla pages
will do nicely)
3) Submit an insecure form again. Watch Mozilla crash.
Comment 4•24 years ago
|
||
Over to Pav based on the libimg2 in the first stack trace and the more detailed
stack trace I'm about to attach. ccing saari since he touched libpr0n
yesterday. This is a regression -- this works fine in the 2001-04-09 morning
builds.
I just tried this in a debug build from this morning. I had to open the "Open
File" dialog 4 times to get the crash, but it did crash. Also crashed using the
form+alert method. Same trace in both cases:
#0 0x41e4f945 in nsImageBoxFrame::OnStartContainer (this=0x89e2764,
request=0x89e5558,
aPresContext=0x8a71b38, image=0x0) at nsImageBoxFrame.cpp:642
#1 0x41e4ffbc in nsImageBoxListener::OnStartContainer (this=0x89e5540,
request=0x89e5558, cx=0x8a71b38, image=0x0) at nsImageBoxFrame.cpp:743
#2 0x42050ee2 in imgRequestProxy::OnStartContainer (this=0x89e5558, request=0x0,
cx=0x0, image=0x0) at imgRequestProxy.cpp:254
#3 0x4204d7f9 in imgRequest::AddObserver (this=0x8a60e00, observer=0x89e555c)
at imgRequest.cpp:103
#4 0x42050920 in imgRequestProxy::Init (this=0x89e5558, request=0x8a60e00,
aLoadGroup=0x8a94770, aObserver=0x89e5540, cx=0x8a71b38) at
imgRequestProxy.cpp:95
(gdb) frame 0
#0 0x41e4f945 in nsImageBoxFrame::OnStartContainer (this=0x89e2764,
request=0x89e5558,
aPresContext=0x8a71b38, image=0x0) at nsImageBoxFrame.cpp:642
642 image->GetWidth(&w);
(gdb) p image
$1 = (imgIContainer *) 0x0
(gdb) frame 1
#1 0x41e4ffbc in nsImageBoxListener::OnStartContainer (this=0x89e5540,
request=0x89e5558, cx=0x8a71b38, image=0x0) at nsImageBoxFrame.cpp:743
743 return mFrame->OnStartContainer(request, pc, image);
(gdb) p image
$2 = (imgIContainer *) 0x0
(gdb) frame 2
#2 0x42050ee2 in imgRequestProxy::OnStartContainer (this=0x89e5558, request=0x0,
cx=0x0, image=0x0) at imgRequestProxy.cpp:254
254 mObserver->OnStartContainer(this, mContext, image);
(gdb) frame 3
#3 0x4204d7f9 in imgRequest::AddObserver (this=0x8a60e00, observer=0x89e555c)
at imgRequest.cpp:103
103 observer->OnStartContainer(nsnull, nsnull, mImage);
(gdb) p mImage
$3 = {mRawPtr = 0x0}
Blocks: 66967
Component: XP Apps: GUI Features → ImageLib
Keywords: regression
Summary: Open Web Location or Open File 2x = crash → Open Web Location 2x or Open File 2x or submit insecure forme 2x = crash
Whiteboard: [imagelib]
Comment 6•24 years ago
|
||
Comment 8•24 years ago
|
||
Bug 75395 has the same stack trace but is reported on Windows, so OS -> all.
This gives us another way to reproduce:
1. go to http://www.mozilla.org/projects/xslt/index.html#bins
2. Click "Install"
3. Select transformiix, click OK
OS: Linux → All
Comment 9•24 years ago
|
||
In fact this crashes on an attempt to install any XPI (I just tried jre.xpi and
got the same crash)
Summary: Open Web Location 2x or Open File 2x or submit insecure forme 2x = crash → Open Web Location 2x or Open File 2x or submit insecure form 2x or install XPI = crash
Comment 10•24 years ago
|
||
i run into this the 1st time i bring up the file picker or the Open Web Location
dialog. echoing comments from bug 75299 [console output from 9:30am linux debug
build]:
###!!! ASSERTION: imgRequest::OnStopRequest -- received multiple OnStopRequest:
'mChannel && mLoading', file imgRequest.cpp, line 642
###!!! Break: at file imgRequest.cpp, line 642
WARNING: imgRequest::RemoveFromCache -- no entry!, file imgRequest.cpp, line 227
shouldn't this be marked a blocker? or, would a repull workaround this?
Comment 11•24 years ago
|
||
is this likely fixed by sspitzer's checkin?
Comment 12•24 years ago
|
||
seth's checkin does not fix this for me.... Still crash on XPI install, form
submission, and open location with both his patch for bug 75407 and bug 75416
Severity: critical → blocker
Comment 13•24 years ago
|
||
*** Bug 75419 has been marked as a duplicate of this bug. ***
Comment 14•24 years ago
|
||
We need this patch in nsImageBoxFrame also:
Index: mozilla/layout/xul/base/src/nsImageBoxFrame.cpp
===================================================================
RCS file: /cvsroot/mozilla/layout/xul/base/src/nsImageBoxFrame.cpp,v
retrieving revision 1.8
diff -b -u -2 -r1.8 nsImageBoxFrame.cpp
--- nsImageBoxFrame.cpp 2001/04/10 17:44:53 1.8
+++ nsImageBoxFrame.cpp 2001/04/10 20:18:45
@@ -640,4 +640,6 @@
aPresContext->GetShell(getter_AddRefs(presShell));
+ NS_ENSURE_ARG(image);
+
mHasImage = PR_TRUE;
mSizeFrozen = PR_FALSE;
Comment 15•24 years ago
|
||
nsImageBoxFrame fix checked in.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Comment 16•24 years ago
|
||
Is this an actual fix or a band-aid until underlying problems are dealt with?
That is, should this bug actually be resolved?
Comment 17•24 years ago
|
||
This bug is a topcrasher, added topcrash keyword.
Added [@ nsImageBoxFrame::OnStartContainer] for tracking.
Here are some URLs & Comments that might help repro this crash:
(29010926) URL:
http://developer.java.sun.com/servlet/SessionServlet?url=http://developer.java.s
un.com/developer/earlyAccess/j2sdk131/
(28931521) URL: www.hotmail.com
(28924897) URL: http://paypal.com/
(28922534) URL: http://home.netscape.com/themes/index.html?cp=dtyccfea2a
(28922487) URL: http://home.netscape.com/themes/index.html?cp=dtyccfea2a
(28922446) URL: http://home.netscape.com/themes/index.html?cp=dtyccfea2a
(28922199) URL: x.themes.com
(28918671) URL: http://paypal.com/
(28916844) URL: http://www.amazon.co.jp/
(28916575) URL: http://www.amazon.co.jp/
(28916410) URL: http://www.amazon.co.jp/
(28916335) URL: http://www.netgol.com/shopping/
(28916267) URL: http://www.netgol.com/shopping/
(28916242) URL: http://www.netgol.com/shopping/
(28916189) URL:
http://www.pp.iij4u.or.jp/~sailor-1/Yamauchi_Mihoko/thum_frame4.html
(28915683) URL: http://www.mozilla.org/projects/xslt/index.html#bins
(28915645) URL: http://divx.euro.ru/
(28914553) URL: http://divx.euro.ru/
(28914235) URL:
http://www.pp.iij4u.or.jp/~sailor-1/Yamauchi_Mihoko/thum_frame4.html
(28913771) URL: http://www.ff.iij4u.or.jp/~i300/main.html
(28912004) Comments: crash on startup build 2001041006
(28911791) Comments: crash on start of jrgm's load tester
(28911787) Comments: crash starting jrgms loadtime tester
(28911783) Comments: crash on first launch
(28911782) Comments: crash on launch
Here is a recent stack trace:
nsImageBoxFrame::OnStartContainer
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsImageBoxFrame.cpp line 647]
nsImageBoxListener::OnStartContainer
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsImageBoxFrame.cpp line 748]
imgRequestProxy::OnStartContainer
[d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgRequestProxy.cpp line 256]
imgRequest::AddObserver
[d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgRequest.cpp line 107]
imgRequestProxy::Init
[d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgRequestProxy.cpp line 97]
imgLoader::LoadImage
[d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgLoader.cpp
line 169]
nsImageBoxFrame::UpdateImage
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsImageBoxFrame.cpp line 362]
nsImageBoxFrame::DidSetStyleContext
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsImageBoxFrame.cpp line 474]
nsFrame::SetStyleContext
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrame.cpp line 478]
nsFrame::Init
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrame.cpp line 329]
nsLeafBoxFrame::Init
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsLeafBoxFrame.cpp line 95]
nsImageBoxFrame::Init
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsImageBoxFrame.cpp line 211]
nsCSSFrameConstructor::InitAndRestoreFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 6671]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 5798]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 7198]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 7100]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 11232]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 5825]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 7198]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 7100]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 11232]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 5825]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 7198]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 7100]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 11232]
nsCSSFrameConstructor::ConstructDocElementFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 3539]
nsCSSFrameConstructor::ContentInserted
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 8410]
StyleSetImpl::ContentInserted
[d:\builds\seamonkey\mozilla\content\base\src\nsStyleSet.cpp line 1224]
PresShell::InitialReflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 2468]
nsXULDocument::StartLayout
[d:\builds\seamonkey\mozilla\content\xul\document\src\nsXULDocument.cpp line
3920]
nsXULDocument::ResumeWalk
[d:\builds\seamonkey\mozilla\content\xul\document\src\nsXULDocument.cpp line
5025]
nsXULDocument::CachedChromeStreamListener::OnStopRequest
[d:\builds\seamonkey\mozilla\content\xul\document\src\nsXULDocument.cpp line
6157]
nsDocumentOpenInfo::OnStopRequest
[d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp line 277]
nsCachedChromeChannel::HandleStopLoadEvent
[d:\builds\seamonkey\mozilla\rdf\chrome\src\nsChromeProtocolHandler.cpp line
439]
PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c
line 589]
_md_EventReceiverProc
[d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 1070]
SETUPAPI.DLL + 0x30c24 (0x778b0c24)
Status: RESOLVED → REOPENED
Keywords: topcrash
Resolution: FIXED → ---
Summary: Open Web Location 2x or Open File 2x or submit insecure form 2x or install XPI = crash → Open Web Location 2x or Open File 2x or submit insecure form 2x or install XPI = crash [@ nsImageBoxFrame::OnStartContainer]
Comment 18•24 years ago
|
||
From the Talkback data, this looks like a crash that was only reported for
builds 20010410xx. Since the fix also went in that same day and Talkback has
not reported any crashes for builds newer than 2001041013, marking this resolved
fixed. Can QA just verify this with the latest trunk build and mark it so?
Status: REOPENED → RESOLVED
Closed: 24 years ago → 24 years ago
Resolution: --- → FIXED
Updated•24 years ago
|
Summary: Open Web Location 2x or Open File 2x or submit insecure form 2x or install XPI = crash [@ nsImageBoxFrame::OnStartContainer] → Open Web Location 2x or Open File 2x or submit insecure form 2x or install XPI = Trunk crash [@ nsImageBoxFrame::OnStartContainer]
Comment 19•23 years ago
|
||
Verified fixed Win XP build 2001120303, linux build 2001120308 and Mac OS X
build 20001120308
Status: RESOLVED → VERIFIED
Updated•14 years ago
|
Crash Signature: [@ nsImageBoxFrame::OnStartContainer]
You need to log in
before you can comment on or make changes to this bug.
Description
•