Closed
Bug 76872
Opened 23 years ago
Closed 23 years ago
crash when searching on www.news.com
Categories
(Core :: Layout, defect)
Tracking
()
People
(Reporter: grigorig, Assigned: pavlov)
References
()
Details
(Keywords: crash)
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.3 i586; en-US; rv:0.8.1+) Gecko/20010419 BuildID: 20010420 on http://www.news.com, if I enter something into the search field on the right, and then press enter, mozilla crashes Reproducible: Always Steps to Reproduce: 1. open http://www.news.com 2. enter something into the search field and press enter or click go! Actual Results: mozilla crashes Expected Results: mozilla loads the page with the search results it seems that mozilla don't crashes when sending the search request, it seems it crashes when loading the page with the results
|
||
Comment 1•23 years ago
|
||
I can confirm this on 2001041704 - Windows 95.
|
||
Comment 2•23 years ago
|
||
Also on win2k build 20010420.. (CVS debug) I see many asserts before the crash : ###!!! ASSERTION: frame already has posted event: '!*FindPostedEventFor(aFrame)' , file e:\moz_source\debug\mozilla\layout\html\base\src\nsFrameManager.cpp, line 1051
Assignee: asa → pollmann
Severity: normal → critical
Status: UNCONFIRMED → NEW
Component: Browser-General → HTMLFrames
Ever confirmed: true
Keywords: crash
OS: Linux → All
QA Contact: doronr → amar
|
|
||
Comment 3•23 years ago
|
||
Stack Trace: 00000001() nsCSSFrameConstructor::CantRenderReplacedElement(nsCSSFrameConstructor * const 0x0430d6a0, nsIPresShell * 0x061129d0, nsIPresContext * 0x06156dc8, nsIFrame * 0x05af0e38) line 10162 StyleSetImpl::CantRenderReplacedElement(StyleSetImpl * const 0x05ac0540, nsIPresContext * 0x06156dc8, nsIFrame * 0x05af0e38) line 1333 + 35 bytes FrameManager::HandlePLEvent(CantRenderReplacedElementEvent * 0x05a40858) line 1008 PL_HandleEvent(PLEvent * 0x05a40858) line 588 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00e6a1c8) line 518 + 9 bytes _md_EventReceiverProc(HWND__ * 0x00070384, unsigned int 49418, unsigned int 0, long 15114696) line 1069 + 9 bytes USER32! 77e048dc() USER32! 77e04aa7() USER32! 77e166fd() nsAppShellService::Run(nsAppShellService * const 0x02f7d220) line 408 main1(int 2, char * * 0x003576c8, nsISupports * 0x00000000) line 1005 + 32 bytes main(int 2, char * * 0x003576c8) line 1300 + 37 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77e892a6()
|
|
||
Comment 4•23 years ago
|
||
Changing this code <script language="javascript"><!-- document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/responses.gif"; //--></script> <script language="javascript"><!-- document.s437.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s942.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s1089.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s941.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s940.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s913.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/processing.gif"; //--></script> <script language="javascript"><!-- document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/complete.gif"; //--></script> to this, makes it work on 2001041704. <script language="javascript"><!-- document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/responses.gif"; //--></script> <script language="javascript"><!-- document.s437.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s942.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s1089.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s941.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s940.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s913.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/processing.gif"; //--></script> <script language="javascript"><!-- document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/complete.gif"; //--></script>
|
||
Comment 6•23 years ago
|
||
Here's a URL to load directly that will cause the crash: http://news.search.com/search?tag=ex.ne.fd.srch.ne&q=test Stuart, I'm handing this to you because I get a ton of asserts before the crash that look like this: nsDebug::Assertion(const char * 0x02720928, const char * 0x02720908, const char * 0x027208c4, int 1051) line 286 + 13 bytes FrameManager::CantRenderReplacedElement(FrameManager * const 0x04bfe030, nsIPresContext * 0x061333a0, nsIFrame * 0x02fa0d18) line 1051 + 43 bytes PresShell::CantRenderReplacedElement(PresShell * const 0x04c0eaf0, nsIPresContext * 0x061333a0, nsIFrame * 0x02fa0d18) line 3587 + 32 bytes nsImageFrame::OnStopDecode(nsImageFrame * const 0x02fa0d18, imgIRequest * 0x0616aa10, nsIPresContext * 0x061333a0, unsigned int 2152988677, const unsigned short * 0x00000000) line 473 nsImageListener::OnStopDecode(nsImageListener * const 0x06169220, imgIRequest * 0x0616aa10, nsISupports * 0x061333a0, unsigned int 2152988677, const unsigned short * 0x00000000) line 1926 + 42 bytes imgRequestProxy::OnStopDecode(imgRequestProxy * const 0x0616aa14, imgIRequest * 0x00000000, nsISupports * 0x00000000, unsigned int 2152988677, const unsigned short * 0x00000000) line 327 imgRequest::RemoveProxy(imgRequestProxy * 0x0616aa10, unsigned int 2147500037) line 181 imgRequestProxy::Cancel(imgRequestProxy * const 0x0616aa10, unsigned int 2147500037) line 144 nsImageFrame::AttributeChanged(nsImageFrame * const 0x02fa0d18, nsIPresContext * 0x061333a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int 3) line 1584 nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const 0x0443eeb0, nsIPresContext * 0x061333a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int 3) line 9868 + 35 bytes StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x0443ef70, nsIPresContext * 0x061333a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int -1) line 1298 PresShell::AttributeChanged(PresShell * const 0x04c0eaf8, nsIDocument * 0x061202a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int -1) line 4716 + 57 bytes nsDocument::AttributeChanged(nsDocument * const 0x061202a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int -1) line 1627 + 32 bytes nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x061202a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int -1) line 1409 nsGenericHTMLElement::SetAttribute(nsGenericHTMLElement * const 0x059959a0, int 3, nsIAtom * 0x01924560, const nsAString & {...}, int 1) line 1429 nsHTMLImageElement::SetSrcInner(nsIURI * 0x0596b5e0, const nsAString & {...}) line 1076 + 27 bytes nsHTMLImageElement::SetProperty(JSContext * 0x04c35e70, JSObject * 0x02ef12a0, long 18818284, long * 0x0012ec44) line 762 + 33 bytes nsJSUtils::nsCallJSScriptObjectSetProperty(nsISupports * 0x059959c8, JSContext * 0x04c35e70, JSObject * 0x02ef12a0, long 18818284, long * 0x0012ec44) line 197 + 27 bytes SetHTMLImageElementProperty(JSContext * 0x04c35e70, JSObject * 0x02ef12a0, long 18818284, long * 0x0012ec44) line 628 + 25 bytes js_Interpret(JSContext * 0x04c35e70, long * 0x0012ee70) line 2551 + 1303 bytes js_Execute(JSContext * 0x04c35e70, JSObject * 0x02eb7ab0, JSScript * 0x05ecf160, JSStackFrame * 0x00000000, unsigned int 0, long * 0x0012ee70) line 992 + 13 bytes JS_EvaluateUCScriptForPrincipals(JSContext * 0x04c35e70, JSObject * 0x02eb7ab0, JSPrincipals * 0x05932300, const unsigned short * 0x05ecb780, unsigned int 89, const char * 0x05eceda0, unsigned int 121, long * 0x0012ee70) line 3287 + 25 bytes nsJSContext::EvaluateString(nsJSContext * const 0x04c34190, const nsAString & {...}, void * 0x02eb7ab0, nsIPrincipal * 0x059322fc, const char * 0x05eceda0, unsigned int 121, const char * 0x013575f0, nsAString & {...}, int * 0x0012eecc) line 609 + 85 bytes HTMLContentSink::EvaluateScript(const nsAString & {...}, nsIURI * 0x0596b5e0, int 121, const char * 0x013575f0) line 4591 HTMLContentSink::ProcessSCRIPTTag(const nsIParserNode & {...}) line 4957 HTMLContentSink::AddLeaf(HTMLContentSink * const 0x0612f850, const nsIParserNode & {...}) line 3223 + 12 bytes CNavDTD::AddLeaf(const nsIParserNode * 0x02f96778) line 3772 + 22 bytes CNavDTD::HandleScriptToken(const nsIParserNode * 0x02f96778) line 2251 + 12 bytes CNavDTD::OpenContainer(const nsCParserNode * 0x02f96778, nsHTMLTag eHTMLTag_script, int 1, nsEntryStack * 0x00000000) line 3424 + 12 bytes CNavDTD::HandleDefaultStartToken(CToken * 0x02f5ea80, nsHTMLTag eHTMLTag_script, nsCParserNode * 0x02f96778) line 1330 + 20 bytes CNavDTD::HandleStartToken(CToken * 0x02f5ea80) line 1739 + 22 bytes CNavDTD::HandleToken(CNavDTD * const 0x04c346e0, CToken * 0x00000000, nsIParser * 0x0612e570) line 896 + 12 bytes CNavDTD::BuildModel(CNavDTD * const 0x04c346e0, nsIParser * 0x0612e570, nsITokenizer * 0x04c39510, nsITokenObserver * 0x00000000, nsIContentSink * 0x0612f850) line 540 + 20 bytes nsParser::BuildModel() line 1979 + 34 bytes nsParser::ResumeParse(int 1, int 0) line 1860 + 11 bytes nsParser::OnDataAvailable(nsParser * const 0x0612e578, nsIRequest * 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x04c10b90, unsigned int 0, unsigned int 129) line 2314 + 19 bytes nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x05969810, nsIRequest * 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x04c10b90, unsigned int 0, unsigned int 129) line 259 + 46 bytes nsHTTPFinalListener::OnDataAvailable(nsHTTPFinalListener * const 0x059697c0, nsIRequest * 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x04c10b90, unsigned int 0, unsigned int 129) line 1170 + 46 bytes nsStreamListenerTee::OnDataAvailable(nsStreamListenerTee * const 0x0611cb80, nsIRequest * 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x0502df00, unsigned int 0, unsigned int 129) line 56 + 51 bytes nsHTTPChunkConv::OnDataAvailable(nsHTTPChunkConv * const 0x02f954b8, nsIRequest * 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x06115d70, unsigned int 0, unsigned int 10834) line 211 + 46 bytes nsHTTPServerListener::OnDataAvailable(nsHTTPServerListener * const 0x06115e70, nsIRequest * 0x06115d00, nsISupports * 0x05968b60, nsIInputStream * 0x06115d70, unsigned int 0, unsigned int 10834) line 539 + 64 bytes nsOnDataAvailableEvent::HandleEvent() line 173 + 70 bytes nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x061176b4) line 64 PL_HandleEvent(PLEvent * 0x061176b4) line 588 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00aec470) line 518 + 9 bytes Then the crash: nsCSSFrameConstructor::CantRenderReplacedElement(nsCSSFrameConstructor * const 0x0443eeb0, nsIPresShell * 0x04c0eaf0, nsIPresContext * 0x061333a0, nsIFrame * 0x02fa0d18) line 10162 StyleSetImpl::CantRenderReplacedElement(StyleSetImpl * const 0x0443ef70, nsIPresContext * 0x061333a0, nsIFrame * 0x02fa0d18) line 1333 + 35 bytes FrameManager::HandlePLEvent(CantRenderReplacedElementEvent * 0x06180fc0) line 1008 PL_HandleEvent(PLEvent * 0x06180fc0) line 588 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00aec470) line 518 + 9 bytes
Assignee: pollmann → pavlov
Component: HTMLFrames → Layout
|
||
Comment 8•23 years ago
|
||
Agreed duping. *** This bug has been marked as a duplicate of 76407 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•