Closed Bug 92644 Opened 24 years ago Closed 24 years ago

Trying to install Cult3d plug-in crashes Mozilla (not plug-in related however)

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: wolruf, Assigned: jst)

References

(
URL
)

Details

(Keywords: crash)

Attachments

(2 files)

Full Stack Trace (really long)
131.49 KB, text/plain
Details
left click returns here immediately, middle click crashes.
271 bytes, text/html
Details
Mozilla build: 20010727 on Win2k and Linux URL: http://www.cult3d.com/3dmenow/ Then click on "Click here to get plugin" and wait the new window then Click on "Get the plug-in", 2 new windows will open and Mozilla crashes. I know this plug-in is not supported by Cycore (Cult3d makers) but the crash seems unrelated to the plug-in installation anyway. The URL then loaded by Mozilla does not crash the browser if launched alone or in another window: http://www.cult3d.com/newuser/index.html?application/x-cult3d-object Talkback ID on Win2k: TB33421072G Cannot generate Talkback data on Linux, gdb sees the following: #0 0x404bb6bf in chunk_alloc (ar_ptr=0xbfe0205c, nb=22356460) at malloc.c:2728
confirming with win2k build 20010725.. VC++ 6 means : Stack overflow A part of the stack : PR_AtomicIncrement(int * 0x01057218) line 285 + 4 bytes nsSystemPrincipal::AddRef(nsSystemPrincipal * const 0x01057208) line 36 + 87 bytes nsScriptSecurityManager::GetScriptPrincipal(JSContext * 0x04e84c00, JSScript * 0x051922a8, nsIPrincipal * * 0x00033064) line 1106 nsScriptSecurityManager::GetFunctionObjectPrincipal(JSContext * 0x04e84c00, JSObject * 0x04ed4ca8, nsIPrincipal * * 0x0003325c) line 1120 + 40 bytes nsScriptSecurityManager::GetFramePrincipal(JSContext * 0x04e84c00, JSStackFrame * 0x0003436c, nsIPrincipal * * 0x0003325c) line 1150
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
maybe this is a dupe of bug 92425 trying with Dom0....
Assignee: asa → jst
Component: Browser-General → DOM Level 0
QA Contact: doronr → desale
This bug is caused by <body onLoad="parent.location='javascript:history.back(-1)';"> ...which crashes when opened in a new window. _basic's testcase attachment 43777 [details] in bug 92425 has <body onLoad="javascript:location = 'javascript:void(null);'"> so it looks pretty similar Attaching a testcase here anyways...
wfm using build 20010822 on Win2k, I guess it comes from bug #92425 being resolved and fixed. Someone more experienced could mark this bug as fixed ? (it would reduce the number of crashers)
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WORKSFORME
WORKSFORME too. Verified on 2001-08-28-09-trunk on Win-95.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: