If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

[CRASHER] Looks like JavaScript write causes crash during document load

VERIFIED DUPLICATE of bug 9035

Status

()

Core
JavaScript Engine
P3
critical
VERIFIED DUPLICATE of bug 9035
19 years ago
16 years ago

People

(Reporter: Kevin McCluskey (gone), Assigned: Mike McCabe)

Tracking

Trunk
x86
Windows NT
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

19 years ago
When I try to load http://www.stroud.com/ on WINNT with June 16 10:00am build it
dies with the following stack trace:

NTDLL! 77f76148()
nsDebug::PreCondition(char * 0x01d785f4, char * 0x01d785e4, char * 0x01d785b4,
int 147) line 126 + 13 bytes
nsContentList::Release(nsContentList * const 0x0130b4a0) line 147 + 41 bytes
nsHTMLDocument::Reset(nsIURL * 0x01332450) line 245 + 36 bytes
nsHTMLDocument::OpenCommon(nsIURL * 0x01332450) line 1248 + 18 bytes
nsHTMLDocument::Open(nsHTMLDocument * const 0x0127c628, JSContext * 0x010b6ac0,
long * 0x013fccc4, unsigned int 1) line 1326 + 18 bytes
nsHTMLDocument::ScriptWriteCommon(JSContext * 0x010b6ac0, long * 0x013fccc4,
unsigned int 1, int 0) line 1404 + 34 bytes
nsHTMLDocument::Write(nsHTMLDocument * const 0x0127c628, JSContext * 0x010b6ac0,
long * 0x013fccc4, unsigned int 1) line 1443
NSHTMLDocumentWrite(JSContext * 0x010b6ac0, JSObject * 0x01416668, unsigned int
1, long * 0x013fccc4, long * 0x0012f5ac) line 1148 + 24 bytes
js_Invoke(JSContext * 0x010b6ac0, unsigned int 1, int 0) line 655 + 26 bytes
js_Interpret(JSContext * 0x010b6ac0, long * 0x0012fdbc) line 2206 + 15 bytes
js_Execute(JSContext * 0x010b6ac0, JSObject * 0x01415000, JSScript * 0x013f6e20,
JSFunction * 0x00000000, JSStackFrame * 0x00000000, int 0, long * 0x0012fdbc)
line 820 + 13 bytes
JS_EvaluateUCScriptForPrincipals(JSContext * 0x010b6ac0, JSObject * 0x01415000,
JSPrincipals * 0x00000000, unsigned short * 0x02313038, unsigned int 4970, char
* 0x01278a60, unsigned int 0, long * 0x0012fdbc) line 2507 + 27 bytes
nsJSContext::EvaluateString(nsJSContext * const 0x010b6a80, const nsString &
{"<!--
isOpera = (navigator.userAgent.indexOf("Opera") != -1)
isNOp = ((parseInt(navigator.appVersion) < 4) | (isOpera))
isN3"}, char * 0x01278a60, unsigned int 0, nsString & {""}, int * 0x0012fde8)
line 138 + 64 bytes
HTMLContentSink::EvaluateScript(nsString & {"<!--
isOpera = (navigator.userAgent.indexOf("Opera") != -1)
isNOp = ((parseInt(navigator.appVersion) < 4) | (isOpera))
isN3"}, int 0) line 2810
nsDoneLoadingScript(nsIUnicharStreamLoader * 0x01234440, nsString & {"<!--
isOpera = (navigator.userAgent.indexOf("Opera") != -1)
isNOp = ((parseInt(navigator.appVersion) < 4) | (isOpera))
isN3"}, void * 0x0128b670, unsigned int 0) line 2835
nsUnicharStreamLoader::OnStopBinding(nsUnicharStreamLoader * const 0x01234444,
nsIURL * 0x01234240, unsigned int 0, unsigned short * 0x012931c0) line 156 + 31
bytes
nsDocumentBindInfo::OnStopBinding(nsDocumentBindInfo * const 0x012344c0, nsIURL
* 0x01234240, unsigned int 0, unsigned short * 0x012931c0) line 1539 + 30 bytes
OnStopBindingProxyEvent::HandleEvent(OnStopBindingProxyEvent * const 0x01293890)
line 593 + 45 bytes
StreamListenerProxyEvent::HandlePLEvent(PLEvent * 0x01293894) line 473 + 12
bytes
PL_HandleEvent(PLEvent * 0x01293894) line 491 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00ff24d0) line 452 + 9 bytes
_md_EventReceiverProc(void * 0x00530364, unsigned int 49332, unsigned int 0,
long 16721104) line 877 + 9 bytes
USER32! 77e71250()

Updated

19 years ago
Assignee: leger → mccabe
Component: JavaScript → Javascript Engine
QA Contact: leger → cbegle

Comment 1

19 years ago
Moving to Javascript Engine component.
kmcclusk...Javascript component is being retired shortly.  Please use Javascript
Engine for JS component bugs.

cbegle, is this for your folks?

Updated

19 years ago
QA Contact: cbegle → gerardok

Comment 2

19 years ago
i'll let mccabe re-componentize this, but it looks like a dom thing.

Updated

19 years ago
QA Contact: gerardok → desale

Comment 3

19 years ago
gerardok out...moving QA Contact to desale

Comment 4

19 years ago
Actually I'm not able to create this application crash so kinda tough to
generate talkback report. Application is not crashing.
Kevin McCluskey, can you see this crash ? If so please let me know talkback
report "Incident ID".

Comment 5

19 years ago
mike, the url for this bug longer crashes the browser. however the stack trace
is eerily similar to http://bugzilla.mozilla.org/show_bug.cgi?id=9035.  check
it out feel free to this a duplicate if you agree.
(Assignee)

Updated

19 years ago
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → DUPLICATE
(Assignee)

Comment 6

19 years ago
Christine - Thanks for looking at this!

Seems likely to be a dup.  Marking it so.

*** This bug has been marked as a duplicate of 9035 ***

Updated

19 years ago
Status: RESOLVED → VERIFIED

Comment 7

19 years ago
Verified Duplicate
You need to log in before you can comment on or make changes to this bug.