Closed Bug 91582 Opened 24 years ago Closed 24 years ago

RTM candidate crashes loading www.aol.co.jp

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 91538

People

(Reporter: jrgmorrison, Assigned: karnaze)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: can't ship with this.)

So, like, this seems like a stop-ship bug to me. This is with the 2001-07-19-nn-0.9.2 candidate build on Mac, Windows & Linux Steps to reproduce: 1) load www.aol.co.jp, the home page of AOL Japan 2) die a horrible death. Windows ... HTMLContentSink::ProcessMETATag [d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp, line 4525] HTMLContentSink::AddLeaf [d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp, line 3390] CNavDTD::AddLeaf [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 3796] CNavDTD::AddHeadLeaf [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 3855] CNavDTD::HandleStartToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 1750] CNavDTD::HandleToken [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 924] CNavDTD::BuildModel [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp, line 549] nsParser::BuildModel [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 2222] nsParser::ResumeParse [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 2086] nsParser::OnDataAvailable [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 2696] nsDocumentOpenInfo::OnDataAvailable [d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp, line 236] nsStreamListenerTee::OnDataAvailable [d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamListenerTee.cpp, line 57] nsHttpChannel::OnDataAvailable [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHttpChannel.cpp, line 2227] nsOnDataAvailableEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamListenerProxy.cpp, line 188] PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 591] PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 524] _md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 1072] nsAppShellService::Run [d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsAppShellService.cpp, line 426] netscp6.exe + 0x16f0 (0x004016f0) netscp6.exe + 0x11b8 (0x004011b8) netscp6.exe + 0x3243 (0x00403243) KERNEL32.DLL + 0x7903 (0x77e87903) Macintosh .... .__ptr_glue HTMLContentSink::AddLeaf() [nsHTMLContentSink.cpp, line 3389] CNavDTD::AddLeaf() [CNavDTD.cpp, line 3789] CNavDTD::AddHeadLeaf() [CNavDTD.cpp, line 3847] CNavDTD::HandleStartToken() [CNavDTD.cpp, line 1744] CNavDTD::HandleToken() [CNavDTD.cpp, line 910] CNavDTD::BuildModel() [CNavDTD.cpp, line 540] nsParser::BuildModel() [nsParser.cpp, line 2218] nsParser::ResumeParse() [nsParser.cpp, line 2084] nsParser::OnDataAvailable() [nsParser.cpp, line 2692] nsDocumentOpenInfo::OnDataAvailable() [nsURILoader.cpp, line 235] Linux ... (same story, crashes in HTMLContentSink::ProcessMETATag()
Keywords: crash, mozilla0.9.3, nsBranch
Whiteboard: can't ship with this.
Severity: normal → critical
Modifying URL from http://www.aol.co.jp/ to http://www.jp.aol.com/ (the "official" URL) The page at http://www.aol.co.jp/ just does a redirect: <META HTTP-EQUIV="Refresh" CONTENT="1; URL=http://www.aol.co.jp/"> but just going to http://www.jp.aol.com/ directly will trigger this crash.
URL: http://www.aol.co.jp/http://www.jp.aol.com/
This is not crashing in current trunk builds, and did not crash in the 7/18 0.9.2 build (on win32 at least). The AOL Japan page is a frameset with a hidden frame (rows="100%,*"). The hidden frame contains something about this simple: ------ http://jrgm.mcom.com/bugs/91582/minimal/page-dummy.html ----- <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS"> </HEAD> <BODY> Bang! </BODY> </HTML> ----- Just loading that page (without a frameset) will crash the 7/19 0.9.2 build. Note that the CONTENT is "text/html;charset=Shift_JIS" and there is not space following the 'text/html;'. If I put a space in there, I do not crash. But the parsing code for that has not changed in some time as far as I can tell from LXR. [There is one other curious thing about that document (and this happens in either the current trunk, or the 7/18 branch): the first time that you go to that test URL, on win2k, a window briefly flashes on the screen and then disappears. Where the heck is a window coming from?]
Making that small correction to the CONTENT also avoids the crash on Linux 7/19 branch, but the Mac 7/19 branch build still crashes (so it's not the parsing of that string, per se, that is behind the crash).
Oops, sorry. Pilot error. The 7/19 Mac branch build does _not_ crash if there is a space between 'text/html;' and 'charset...', just like win32 and linux 7/19 branch do not crash. So, it is something about the parse, but it is strange that this just started happening on the branch today.
From the stack trace, this is a dupe. gagan's patch has been backed out. *** This bug has been marked as a duplicate of 91538 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
I was just about to dup this myself. Nevermind.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.