Closed Bug 8921 Opened 26 years ago Closed 26 years ago

crash on script & noscript sequence between HEAD and BODY

Categories

(Core :: Layout: Images, Video, and HTML Frames, defect, P3)

Product:
Core
Component:
Layout: Images, Video, and HTML Frames
Platform:
All
Windows 95
Type:
defect

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: fabioterracini, Assigned: pollmann)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: [TESTCASE] fix handling of JS-generated content between HEAD and BODY)

Attachments

(3 files)

copy of original problem page
1.94 KB, text/html
Details
testcase
894 bytes, text/html
Details
GDB backtrace
2.70 KB, text/plain
Details
Gecko M7 (Build ID: 19999062113) crash (don't freeze) if size of the frame is null, like <FRAMESET ROWS="100%,*"> I Have tested it on Win32 (Win 95 OSR2) I think that it's occur in all platforms. An exemple at http://www.puruca.com.br/index2.html
Yup M7 talkback release Win98 crashed too APPRUNNER caused an invalid page fault in module KERNEL32.DLL at 015f:bff9d709. Registers: EAX=c002fb08 CS=015f EIP=bff9d709 EFLGS=00010216 EBX=00000000 SS=0167 ESP=0066fe88 EBP=00670124 ECX=00000000 DS=0167 ESI=00890f80 FS=565f EDX=780373c0 ES=0167 EDI=00403850 GS=0000 Bytes at CS:EIP: 53 8b 15 dc 9c fc bf 56 89 4d e4 57 89 4d dc 89 Stack dump:
Component: HTMLFrames → Parser
Summary: Gecko crash if ROWS="100%,*" → crash on script & noscript sequence between HEAD and BODY
Whiteboard: [TESTCASE] fix handling of JS-generated content between HEAD and BODY
I can confirm that http://www.puruca.com.br/index2.html crashes M7/Linux, too. It's not the frameset, though. It's one of the frame documents, specifically: http://www.puruca.com.br/alldown1.html (attaching a copy, just in case) alldown1.html contains a series of (horribly formatted!) JavaScript blocks after the HEAD element, and is missing the BODY start tag. Nasty stuff, but I boiled the testcase down to a simple (but bizarre) series of SCRIPT and NOSCRIPT elements between the HEAD and BODY elements. See attached. Step(s) to Reproduce: 1. Load attached testcase Actual Results: Crash-O-Rama. Every time Build Date & Platform: M7 viewer and apprunner on Linux 2.0.36 (Build ID: 1999062115) Additional Information: See attached testcase. GDB backtrace from testcase crash attached. (Changing component to Parser, but maybe should be Layout or JS Engine?)
Attached file testcase
Attached file GDB backtrace
Assignee: karnaze → pollmann
Component: Parser → HTMLFrames
Reassigning to Eric.
Re-tested with M8 under Linux. The original URL and test cases load OK now.
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → WORKSFORME
This is also not crashing for me any longer. Cool... Marking WorksForMe.
Adding crash keyword
Keywords: crash
Verified Platform: PC OS: Windows 98 Mozilla Build: 2000101020 M18 Trunk Build
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
Component: Layout: HTML Frames → Layout: Images
Product: Core Graveyard → Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: