Closed
Bug 76872
Opened 23 years ago
Closed 23 years ago
crash when searching on www.news.com
Categories
(Core :: Layout, defect)
Tracking
()
People
(Reporter: grigorig, Assigned: pavlov)
References
()
Details
(Keywords: crash)
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.3 i586; en-US; rv:0.8.1+) Gecko/20010419 BuildID: 20010420 on http://www.news.com, if I enter something into the search field on the right, and then press enter, mozilla crashes Reproducible: Always Steps to Reproduce: 1. open http://www.news.com 2. enter something into the search field and press enter or click go! Actual Results: mozilla crashes Expected Results: mozilla loads the page with the search results it seems that mozilla don't crashes when sending the search request, it seems it crashes when loading the page with the results
Comment 1•23 years ago
|
||
I can confirm this on 2001041704 - Windows 95.
Comment 2•23 years ago
|
||
Also on win2k build 20010420.. (CVS debug) I see many asserts before the crash : ###!!! ASSERTION: frame already has posted event: '!*FindPostedEventFor(aFrame)' , file e:\moz_source\debug\mozilla\layout\html\base\src\nsFrameManager.cpp, line 1051
Assignee: asa → pollmann
Severity: normal → critical
Status: UNCONFIRMED → NEW
Component: Browser-General → HTMLFrames
Ever confirmed: true
Keywords: crash
OS: Linux → All
QA Contact: doronr → amar
Comment 3•23 years ago
|
||
Stack Trace: 00000001() nsCSSFrameConstructor::CantRenderReplacedElement(nsCSSFrameConstructor * const 0x0430d6a0, nsIPresShell * 0x061129d0, nsIPresContext * 0x06156dc8, nsIFrame * 0x05af0e38) line 10162 StyleSetImpl::CantRenderReplacedElement(StyleSetImpl * const 0x05ac0540, nsIPresContext * 0x06156dc8, nsIFrame * 0x05af0e38) line 1333 + 35 bytes FrameManager::HandlePLEvent(CantRenderReplacedElementEvent * 0x05a40858) line 1008 PL_HandleEvent(PLEvent * 0x05a40858) line 588 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00e6a1c8) line 518 + 9 bytes _md_EventReceiverProc(HWND__ * 0x00070384, unsigned int 49418, unsigned int 0, long 15114696) line 1069 + 9 bytes USER32! 77e048dc() USER32! 77e04aa7() USER32! 77e166fd() nsAppShellService::Run(nsAppShellService * const 0x02f7d220) line 408 main1(int 2, char * * 0x003576c8, nsISupports * 0x00000000) line 1005 + 32 bytes main(int 2, char * * 0x003576c8) line 1300 + 37 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77e892a6()
Comment 4•23 years ago
|
||
Changing this code <script language="javascript"><!-- document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/responses.gif"; //--></script> <script language="javascript"><!-- document.s437.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s942.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s1089.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s941.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s940.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s913.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/processing.gif"; //--></script> <script language="javascript"><!-- document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/complete.gif"; //--></script> to this, makes it work on 2001041704. <script language="javascript"><!-- document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/responses.gif"; //--></script> <script language="javascript"><!-- document.s437.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s942.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s1089.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s941.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s940.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.s913.src = "http://a.r.tv.com/cnet.1d/i/se/green_dot.gif"; //--></script> <script language="javascript"><!-- document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/processing.gif"; //--></script> <script language="javascript"><!-- document.ssmsg.src = "http://a.r.tv.com/cnet.1d/i/se/search.com/complete.gif"; //--></script>
Comment 6•23 years ago
|
||
Here's a URL to load directly that will cause the crash: http://news.search.com/search?tag=ex.ne.fd.srch.ne&q=test Stuart, I'm handing this to you because I get a ton of asserts before the crash that look like this: nsDebug::Assertion(const char * 0x02720928, const char * 0x02720908, const char * 0x027208c4, int 1051) line 286 + 13 bytes FrameManager::CantRenderReplacedElement(FrameManager * const 0x04bfe030, nsIPresContext * 0x061333a0, nsIFrame * 0x02fa0d18) line 1051 + 43 bytes PresShell::CantRenderReplacedElement(PresShell * const 0x04c0eaf0, nsIPresContext * 0x061333a0, nsIFrame * 0x02fa0d18) line 3587 + 32 bytes nsImageFrame::OnStopDecode(nsImageFrame * const 0x02fa0d18, imgIRequest * 0x0616aa10, nsIPresContext * 0x061333a0, unsigned int 2152988677, const unsigned short * 0x00000000) line 473 nsImageListener::OnStopDecode(nsImageListener * const 0x06169220, imgIRequest * 0x0616aa10, nsISupports * 0x061333a0, unsigned int 2152988677, const unsigned short * 0x00000000) line 1926 + 42 bytes imgRequestProxy::OnStopDecode(imgRequestProxy * const 0x0616aa14, imgIRequest * 0x00000000, nsISupports * 0x00000000, unsigned int 2152988677, const unsigned short * 0x00000000) line 327 imgRequest::RemoveProxy(imgRequestProxy * 0x0616aa10, unsigned int 2147500037) line 181 imgRequestProxy::Cancel(imgRequestProxy * const 0x0616aa10, unsigned int 2147500037) line 144 nsImageFrame::AttributeChanged(nsImageFrame * const 0x02fa0d18, nsIPresContext * 0x061333a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int 3) line 1584 nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const 0x0443eeb0, nsIPresContext * 0x061333a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int 3) line 9868 + 35 bytes StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x0443ef70, nsIPresContext * 0x061333a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int -1) line 1298 PresShell::AttributeChanged(PresShell * const 0x04c0eaf8, nsIDocument * 0x061202a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int -1) line 4716 + 57 bytes nsDocument::AttributeChanged(nsDocument * const 0x061202a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int -1) line 1627 + 32 bytes nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x061202a0, nsIContent * 0x059959a0, int 3, nsIAtom * 0x01924560, int -1) line 1409 nsGenericHTMLElement::SetAttribute(nsGenericHTMLElement * const 0x059959a0, int 3, nsIAtom * 0x01924560, const nsAString & {...}, int 1) line 1429 nsHTMLImageElement::SetSrcInner(nsIURI * 0x0596b5e0, const nsAString & {...}) line 1076 + 27 bytes nsHTMLImageElement::SetProperty(JSContext * 0x04c35e70, JSObject * 0x02ef12a0, long 18818284, long * 0x0012ec44) line 762 + 33 bytes nsJSUtils::nsCallJSScriptObjectSetProperty(nsISupports * 0x059959c8, JSContext * 0x04c35e70, JSObject * 0x02ef12a0, long 18818284, long * 0x0012ec44) line 197 + 27 bytes SetHTMLImageElementProperty(JSContext * 0x04c35e70, JSObject * 0x02ef12a0, long 18818284, long * 0x0012ec44) line 628 + 25 bytes js_Interpret(JSContext * 0x04c35e70, long * 0x0012ee70) line 2551 + 1303 bytes js_Execute(JSContext * 0x04c35e70, JSObject * 0x02eb7ab0, JSScript * 0x05ecf160, JSStackFrame * 0x00000000, unsigned int 0, long * 0x0012ee70) line 992 + 13 bytes JS_EvaluateUCScriptForPrincipals(JSContext * 0x04c35e70, JSObject * 0x02eb7ab0, JSPrincipals * 0x05932300, const unsigned short * 0x05ecb780, unsigned int 89, const char * 0x05eceda0, unsigned int 121, long * 0x0012ee70) line 3287 + 25 bytes nsJSContext::EvaluateString(nsJSContext * const 0x04c34190, const nsAString & {...}, void * 0x02eb7ab0, nsIPrincipal * 0x059322fc, const char * 0x05eceda0, unsigned int 121, const char * 0x013575f0, nsAString & {...}, int * 0x0012eecc) line 609 + 85 bytes HTMLContentSink::EvaluateScript(const nsAString & {...}, nsIURI * 0x0596b5e0, int 121, const char * 0x013575f0) line 4591 HTMLContentSink::ProcessSCRIPTTag(const nsIParserNode & {...}) line 4957 HTMLContentSink::AddLeaf(HTMLContentSink * const 0x0612f850, const nsIParserNode & {...}) line 3223 + 12 bytes CNavDTD::AddLeaf(const nsIParserNode * 0x02f96778) line 3772 + 22 bytes CNavDTD::HandleScriptToken(const nsIParserNode * 0x02f96778) line 2251 + 12 bytes CNavDTD::OpenContainer(const nsCParserNode * 0x02f96778, nsHTMLTag eHTMLTag_script, int 1, nsEntryStack * 0x00000000) line 3424 + 12 bytes CNavDTD::HandleDefaultStartToken(CToken * 0x02f5ea80, nsHTMLTag eHTMLTag_script, nsCParserNode * 0x02f96778) line 1330 + 20 bytes CNavDTD::HandleStartToken(CToken * 0x02f5ea80) line 1739 + 22 bytes CNavDTD::HandleToken(CNavDTD * const 0x04c346e0, CToken * 0x00000000, nsIParser * 0x0612e570) line 896 + 12 bytes CNavDTD::BuildModel(CNavDTD * const 0x04c346e0, nsIParser * 0x0612e570, nsITokenizer * 0x04c39510, nsITokenObserver * 0x00000000, nsIContentSink * 0x0612f850) line 540 + 20 bytes nsParser::BuildModel() line 1979 + 34 bytes nsParser::ResumeParse(int 1, int 0) line 1860 + 11 bytes nsParser::OnDataAvailable(nsParser * const 0x0612e578, nsIRequest * 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x04c10b90, unsigned int 0, unsigned int 129) line 2314 + 19 bytes nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x05969810, nsIRequest * 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x04c10b90, unsigned int 0, unsigned int 129) line 259 + 46 bytes nsHTTPFinalListener::OnDataAvailable(nsHTTPFinalListener * const 0x059697c0, nsIRequest * 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x04c10b90, unsigned int 0, unsigned int 129) line 1170 + 46 bytes nsStreamListenerTee::OnDataAvailable(nsStreamListenerTee * const 0x0611cb80, nsIRequest * 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x0502df00, unsigned int 0, unsigned int 129) line 56 + 51 bytes nsHTTPChunkConv::OnDataAvailable(nsHTTPChunkConv * const 0x02f954b8, nsIRequest * 0x05968b60, nsISupports * 0x00000000, nsIInputStream * 0x06115d70, unsigned int 0, unsigned int 10834) line 211 + 46 bytes nsHTTPServerListener::OnDataAvailable(nsHTTPServerListener * const 0x06115e70, nsIRequest * 0x06115d00, nsISupports * 0x05968b60, nsIInputStream * 0x06115d70, unsigned int 0, unsigned int 10834) line 539 + 64 bytes nsOnDataAvailableEvent::HandleEvent() line 173 + 70 bytes nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x061176b4) line 64 PL_HandleEvent(PLEvent * 0x061176b4) line 588 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00aec470) line 518 + 9 bytes Then the crash: nsCSSFrameConstructor::CantRenderReplacedElement(nsCSSFrameConstructor * const 0x0443eeb0, nsIPresShell * 0x04c0eaf0, nsIPresContext * 0x061333a0, nsIFrame * 0x02fa0d18) line 10162 StyleSetImpl::CantRenderReplacedElement(StyleSetImpl * const 0x0443ef70, nsIPresContext * 0x061333a0, nsIFrame * 0x02fa0d18) line 1333 + 35 bytes FrameManager::HandlePLEvent(CantRenderReplacedElementEvent * 0x06180fc0) line 1008 PL_HandleEvent(PLEvent * 0x06180fc0) line 588 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00aec470) line 518 + 9 bytes
Assignee: pollmann → pavlov
Component: HTMLFrames → Layout
Comment 8•23 years ago
|
||
Agreed duping. *** This bug has been marked as a duplicate of 76407 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•