crash [@ nsXMLContentSink::RefreshIfEnabled ] when calling Document.load()

RESOLVED WORKSFORME

Status

()

Core
XML
P2
critical
RESOLVED WORKSFORME
17 years ago
14 years ago

People

(Reporter: Jesse Ruderman, Assigned: Heikki Toivonen (remove -bugzilla when emailing directly))

Tracking

({crash, testcase})

Trunk
Future
x86
All
crash, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(3 attachments)

(Reporter)

Description

17 years ago
Steps to reproduce:
1. Debug->Viewer Demos->XML Sorting
2. Type javascript:document.load(".","text/xml"); into the location bar and 
press enter.  (Using "text/html" instead of "text/xml" gives the same result.)

Result: assertion, followed by a crash
###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().: 'mRa
wPtr != 0', file ..\..\..\dist\include\nsCOMPtr.h, line 649

If I replace "." with "books.xml", the page appears to reload, and I get an 
extra assertion before the dereferencing-null assertion:
###!!! ASSERTION: initial containing block already created: 'nsnull == mInitialC
ontainingBlock', file d:\buildmoz\mozilla\layout\html\style\src\nsCSSFrameConstr
uctor.cpp, line 8444

Comment 1

17 years ago
Heikki's domain.
Assignee: harishd → heikki
So this only occurs if you type that funny URL in the URLbar? Or do we crash if
that URL is embedded in the page as well?
Keywords: crash
Priority: -- → P1
Target Milestone: --- → mozilla0.9.3
(Reporter)

Comment 3

17 years ago
Created attachment 39991 [details]
testcase with javascript in the page

Comment 4

17 years ago
Created attachment 40233 [details]
stack trace from the testcase

Comment 5

17 years ago
I just attached a stack trace that I got from a crash using the testcase, using
a linux cvs build from this afternoon.
OS: Windows NT → All
Target Milestone: mozilla0.9.3 → mozilla0.9.4
document.load() tries to load document as data, so it is no wonder there are
problems with this usage scenario. I have a fix to the crash, but I don't like
it... The idea in the fix is: in XML content sink DidBuildModel() where we
normally call StartLayout() check the parser command and if it is "loadAsData"
don't call StartLayout(). The reason why I don't like it is that for typical
document.load() calls embedded in scripts things just work even without this
hack. I have not yet tracked down why this usase pattern here causes these
problems...
Priority: P1 → P2
Target Milestone: mozilla0.9.4 → mozilla0.9.5

Updated

17 years ago
QA Contact: bsharma → moied
Target Milestone: mozilla0.9.5 → mozilla0.9.6
Target Milestone: mozilla0.9.6 → mozilla0.9.8
Target Milestone: mozilla0.9.8 → mozilla0.9.9
Target Milestone: mozilla0.9.9 → mozilla1.0

Comment 8

17 years ago
Moving Netscape owned 0.9.9 and 1.0 bugs that don't have an nsbeta1, nsbeta1+,
topembed, topembed+, Mozilla0.9.9+ or Mozilla1.0+ keyword.  Please send any
questions or feedback about this to adt@netscape.com.  You can search for
"Moving bugs not scheduled for a project" to quickly delete this bugmail.
Target Milestone: mozilla1.0 → mozilla1.2

Updated

16 years ago
Keywords: testcase

Comment 9

16 years ago
*** Bug 141245 has been marked as a duplicate of this bug. ***
Target Milestone: mozilla1.2alpha → Future
Component: Parser → XML

Updated

15 years ago
Summary: crash at nsXMLContentSink::RefreshIfEnabled when calling Document.load() → crash [@ nsXMLContentSink::RefreshIfEnabled ] when calling Document.load()

Comment 10

14 years ago
Not seeing any crashes on Windows XP using the attached test case or following
the manual procedure to reproduce.

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7b) Gecko/20040316
(Reporter)

Comment 11

14 years ago
Clicking #2 in the testcase crashes in a month-old build:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7a) Gecko/20040210
Firebird/0.8.0+

But WFM in a build from this week:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7b) Gecko/20040327
Firefox/0.8.0+
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → WORKSFORME
Crash Signature: [@ nsXMLContentSink::RefreshIfEnabled ]
You need to log in before you can comment on or make changes to this bug.