crash when searching on www.news.com

RESOLVED DUPLICATE of bug 76407

Status

()

--
critical
RESOLVED DUPLICATE of bug 76407
18 years ago
18 years ago

People

(Reporter: grigorig, Assigned: pavlov)

Tracking

({crash})

Trunk
x86
All
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

18 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.3 i586; en-US; rv:0.8.1+) Gecko/20010419
BuildID:    20010420

on http://www.news.com, if I enter something into the search field on the right,
and then press enter, mozilla crashes

Reproducible: Always
Steps to Reproduce:
1. open http://www.news.com
2. enter something into the search field and press enter or click go!


Actual Results:  mozilla crashes

Expected Results:  mozilla loads the page with the search results

it seems that mozilla don't crashes when sending the search request, it seems it
crashes when loading the page with the results

Comment 1

18 years ago
I can confirm this on 2001041704 - Windows 95.
Also on win2k build 20010420.. (CVS debug)

I see many asserts before the crash :

###!!! ASSERTION: frame already has posted event: '!*FindPostedEventFor(aFrame)'
, file e:\moz_source\debug\mozilla\layout\html\base\src\nsFrameManager.cpp, line
 1051
Assignee: asa → pollmann
Severity: normal → critical
Status: UNCONFIRMED → NEW
Component: Browser-General → HTMLFrames
Ever confirmed: true
Keywords: crash
OS: Linux → All
QA Contact: doronr → amar
Stack Trace:

00000001()
nsCSSFrameConstructor::CantRenderReplacedElement(nsCSSFrameConstructor * const 
0x0430d6a0, nsIPresShell * 0x061129d0, nsIPresContext * 0x06156dc8, nsIFrame * 
0x05af0e38) line 10162
StyleSetImpl::CantRenderReplacedElement(StyleSetImpl * const 0x05ac0540, 
nsIPresContext * 0x06156dc8, nsIFrame * 0x05af0e38) line 1333 + 35 bytes
FrameManager::HandlePLEvent(CantRenderReplacedElementEvent * 0x05a40858) line 
1008
PL_HandleEvent(PLEvent * 0x05a40858) line 588 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00e6a1c8) line 518 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x00070384, unsigned int 49418, unsigned int 0, 
long 15114696) line 1069 + 9 bytes
USER32! 77e048dc()
USER32! 77e04aa7()
USER32! 77e166fd()
nsAppShellService::Run(nsAppShellService * const 0x02f7d220) line 408
main1(int 2, char * * 0x003576c8, nsISupports * 0x00000000) line 1005 + 32 bytes
main(int 2, char * * 0x003576c8) line 1300 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e892a6()

Comment 4

18 years ago
Changing this code

<script language="javascript"><!--
document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/responses.gif";
//--></script>
<script language="javascript"><!--
document.s437.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif";
//--></script>
<script language="javascript"><!--
document.s942.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif";
//--></script>
<script language="javascript"><!--
document.s1089.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif";
//--></script>
<script language="javascript"><!--
document.s941.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif";
//--></script>
<script language="javascript"><!--
document.s940.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif";
//--></script>
<script language="javascript"><!--
document.s913.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif";
//--></script>
<script language="javascript"><!--
document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/processing.gif";
//--></script>
<script language="javascript"><!--
document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/complete.gif";
//--></script>


to this, makes it work on 2001041704.

<script language="javascript"><!-- document.ssmsg.src =
"http://a.r.tv.com/cnet.1d/i/se/search.com/responses.gif"; //--></script>
<script language="javascript"><!-- document.s437.src =
"http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script>
<script language="javascript"><!-- document.s942.src =
"http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script>
<script language="javascript"><!-- document.s1089.src =
"http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script>
<script language="javascript"><!-- document.s941.src =
"http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script>
<script language="javascript"><!-- document.s940.src =
"http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script>
<script language="javascript"><!-- document.s913.src =
"http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script>
<script language="javascript"><!-- document.ssmsg.src =
"http://a.r.tv.com/cnet.1d/i/se/search.com/processing.gif"; //--></script>
<script language="javascript"><!-- document.ssmsg.src =
"http://a.r.tv.com/cnet.1d/i/se/search.com/complete.gif"; //--></script>
(Reporter)

Comment 5

18 years ago
strange, changing some linebreaks make it work...

Comment 6

18 years ago
Here's a URL to load directly that will cause the crash:

http://news.search.com/search?tag=ex.ne.fd.srch.ne&q=test

Stuart, I'm handing this to you because I get a ton of asserts before the crash
that look like this:

nsDebug::Assertion(const char * 0x02720928, const char * 0x02720908, const char
* 0x027208c4, int 1051) line 286 + 13 bytes
FrameManager::CantRenderReplacedElement(FrameManager * const 0x04bfe030,
nsIPresContext * 0x061333a0, nsIFrame * 0x02fa0d18) line 1051 + 43 bytes
PresShell::CantRenderReplacedElement(PresShell * const 0x04c0eaf0,
nsIPresContext * 0x061333a0, nsIFrame * 0x02fa0d18) line 3587 + 32 bytes
nsImageFrame::OnStopDecode(nsImageFrame * const 0x02fa0d18, imgIRequest *
0x0616aa10, nsIPresContext * 0x061333a0, unsigned int 2152988677, const unsigned
short * 0x00000000) line 473
nsImageListener::OnStopDecode(nsImageListener * const 0x06169220, imgIRequest *
0x0616aa10, nsISupports * 0x061333a0, unsigned int 2152988677, const unsigned
short * 0x00000000) line 1926 + 42 bytes
imgRequestProxy::OnStopDecode(imgRequestProxy * const 0x0616aa14, imgIRequest *
0x00000000, nsISupports * 0x00000000, unsigned int 2152988677, const unsigned
short * 0x00000000) line 327
imgRequest::RemoveProxy(imgRequestProxy * 0x0616aa10, unsigned int 2147500037)
line 181
imgRequestProxy::Cancel(imgRequestProxy * const 0x0616aa10, unsigned int
2147500037) line 144
nsImageFrame::AttributeChanged(nsImageFrame * const 0x02fa0d18, nsIPresContext *
0x061333a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int 3) line 1584
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const
0x0443eeb0, nsIPresContext * 0x061333a0, nsIContent * 0x059959a0, int 3, nsIAtom
* 0x01924560, int 3) line 9868 + 35 bytes
StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x0443ef70, nsIPresContext *
0x061333a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int -1) line 1298
PresShell::AttributeChanged(PresShell * const 0x04c0eaf8, nsIDocument *
0x061202a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int -1) line
4716 + 57 bytes
nsDocument::AttributeChanged(nsDocument * const 0x061202a0, nsIContent *
0x059959a0, int 3, nsIAtom * 0x01924560, int -1) line 1627 + 32 bytes
nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x061202a0, nsIContent *
0x059959a0, int 3, nsIAtom * 0x01924560, int -1) line 1409
nsGenericHTMLElement::SetAttribute(nsGenericHTMLElement * const 0x059959a0, int
3, nsIAtom * 0x01924560, const nsAString & {...}, int 1) line 1429
nsHTMLImageElement::SetSrcInner(nsIURI * 0x0596b5e0, const nsAString & {...})
line 1076 + 27 bytes
nsHTMLImageElement::SetProperty(JSContext * 0x04c35e70, JSObject * 0x02ef12a0,
long 18818284, long * 0x0012ec44) line 762 + 33 bytes
nsJSUtils::nsCallJSScriptObjectSetProperty(nsISupports * 0x059959c8, JSContext *
0x04c35e70, JSObject * 0x02ef12a0, long 18818284, long * 0x0012ec44) line 197 +
27 bytes
SetHTMLImageElementProperty(JSContext * 0x04c35e70, JSObject * 0x02ef12a0, long
18818284, long * 0x0012ec44) line 628 + 25 bytes
js_Interpret(JSContext * 0x04c35e70, long * 0x0012ee70) line 2551 + 1303 bytes
js_Execute(JSContext * 0x04c35e70, JSObject * 0x02eb7ab0, JSScript * 0x05ecf160,
JSStackFrame * 0x00000000, unsigned int 0, long * 0x0012ee70) line 992 + 13 bytes
JS_EvaluateUCScriptForPrincipals(JSContext * 0x04c35e70, JSObject * 0x02eb7ab0,
JSPrincipals * 0x05932300, const unsigned short * 0x05ecb780, unsigned int 89,
const char * 0x05eceda0, unsigned int 121, long * 0x0012ee70) line 3287 + 25 bytes
nsJSContext::EvaluateString(nsJSContext * const 0x04c34190, const nsAString &
{...}, void * 0x02eb7ab0, nsIPrincipal * 0x059322fc, const char * 0x05eceda0,
unsigned int 121, const char * 0x013575f0, nsAString & {...}, int * 0x0012eecc)
line 609 + 85 bytes
HTMLContentSink::EvaluateScript(const nsAString & {...}, nsIURI * 0x0596b5e0,
int 121, const char * 0x013575f0) line 4591
HTMLContentSink::ProcessSCRIPTTag(const nsIParserNode & {...}) line 4957
HTMLContentSink::AddLeaf(HTMLContentSink * const 0x0612f850, const nsIParserNode
& {...}) line 3223 + 12 bytes
CNavDTD::AddLeaf(const nsIParserNode * 0x02f96778) line 3772 + 22 bytes
CNavDTD::HandleScriptToken(const nsIParserNode * 0x02f96778) line 2251 + 12 bytes
CNavDTD::OpenContainer(const nsCParserNode * 0x02f96778, nsHTMLTag
eHTMLTag_script, int 1, nsEntryStack * 0x00000000) line 3424 + 12 bytes
CNavDTD::HandleDefaultStartToken(CToken * 0x02f5ea80, nsHTMLTag eHTMLTag_script,
nsCParserNode * 0x02f96778) line 1330 + 20 bytes
CNavDTD::HandleStartToken(CToken * 0x02f5ea80) line 1739 + 22 bytes
CNavDTD::HandleToken(CNavDTD * const 0x04c346e0, CToken * 0x00000000, nsIParser
* 0x0612e570) line 896 + 12 bytes
CNavDTD::BuildModel(CNavDTD * const 0x04c346e0, nsIParser * 0x0612e570,
nsITokenizer * 0x04c39510, nsITokenObserver * 0x00000000, nsIContentSink *
0x0612f850) line 540 + 20 bytes
nsParser::BuildModel() line 1979 + 34 bytes
nsParser::ResumeParse(int 1, int 0) line 1860 + 11 bytes
nsParser::OnDataAvailable(nsParser * const 0x0612e578, nsIRequest * 0x05968b60,
nsISupports * 0x00000000, nsIInputStream * 0x04c10b90, unsigned int 0, unsigned
int 129) line 2314 + 19 bytes
nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x05969810,
nsIRequest * 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x04c10b90,
unsigned int 0, unsigned int 129) line 259 + 46 bytes
nsHTTPFinalListener::OnDataAvailable(nsHTTPFinalListener * const 0x059697c0,
nsIRequest * 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x04c10b90,
unsigned int 0, unsigned int 129) line 1170 + 46 bytes
nsStreamListenerTee::OnDataAvailable(nsStreamListenerTee * const 0x0611cb80,
nsIRequest * 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x0502df00,
unsigned int 0, unsigned int 129) line 56 + 51 bytes
nsHTTPChunkConv::OnDataAvailable(nsHTTPChunkConv * const 0x02f954b8, nsIRequest
* 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x06115d70, unsigned
int 0, unsigned int 10834) line 211 + 46 bytes
nsHTTPServerListener::OnDataAvailable(nsHTTPServerListener * const 0x06115e70,
nsIRequest * 0x06115d00, nsISupports * 0x05968b60, nsIInputStream * 0x06115d70,
unsigned int 0, unsigned int 10834) line 539 + 64 bytes
nsOnDataAvailableEvent::HandleEvent() line 173 + 70 bytes
nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x061176b4) line 64
PL_HandleEvent(PLEvent * 0x061176b4) line 588 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00aec470) line 518 + 9 bytes

Then the crash:
nsCSSFrameConstructor::CantRenderReplacedElement(nsCSSFrameConstructor * const
0x0443eeb0, nsIPresShell * 0x04c0eaf0, nsIPresContext * 0x061333a0, nsIFrame *
0x02fa0d18) line 10162
StyleSetImpl::CantRenderReplacedElement(StyleSetImpl * const 0x0443ef70,
nsIPresContext * 0x061333a0, nsIFrame * 0x02fa0d18) line 1333 + 35 bytes
FrameManager::HandlePLEvent(CantRenderReplacedElementEvent * 0x06180fc0) line 1008
PL_HandleEvent(PLEvent * 0x06180fc0) line 588 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00aec470) line 518 + 9 bytes
Assignee: pollmann → pavlov
Component: HTMLFrames → Layout

Comment 7

18 years ago
This is probably a dup of bug 76407 (has a patch)

Comment 8

18 years ago
Agreed duping.

*** This bug has been marked as a duplicate of 76407 ***
Status: NEW → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.