Closed Bug 96440 Opened 23 years ago Closed 23 years ago

Trunk crash in [@ HTMLContentSink::ProcessHeaderData]

Categories

(Core :: DOM: HTML Parser, defect, P1)

x86
All
defect

Tracking

()

VERIFIED FIXED
mozilla0.9.4

People

(Reporter: spam, Assigned: harishd)

References

()

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(5 files)

linux CVS build, non-debug, around 12 hours old

Going to http://news.wideopen.com/r/2-118,209-103,16673606 causes a reproducable
crash.
debug build would provide better trace - please adjust summary accordingly.
Here's what i get:

#0  0x40e2d2f1 in HTMLContentSink::ProcessHeaderData ()  from
components/libgkcontent.so
#1  0x40e2c98b in HTMLContentSink::ProcessMETATag () from components/libgkcontent.so
#2  0x40e297e1 in HTMLContentSink::AddLeaf () from components/libgkcontent.so
#3  0x40c23738 in CNavDTD::AddLeaf () from components/libhtmlpars.so
#4  0x40c23844 in CNavDTD::AddHeadLeaf () from components/libhtmlpars.so
#5  0x40c2078f in CNavDTD::HandleStartToken () from components/libhtmlpars.so
#6  0x40c1f0a0 in CNavDTD::HandleToken () from components/libhtmlpars.so
#7  0x40c1e245 in CNavDTD::BuildModel () from components/libhtmlpars.so
#8  0x40c2fe41 in nsParser::BuildModel () from components/libhtmlpars.so
#9  0x40c2fba9 in nsParser::ResumeParse () from components/libhtmlpars.so
#10 0x40c321f1 in nsParser::OnDataAvailable () from components/libhtmlpars.so
#11 0x40c6595b in nsDocumentOpenInfo::OnDataAvailable () from
components/liburiloader.so
#12 0x40795836 in nsStreamListenerTee::OnDataAvailable () from
components/libnecko.so
#13 0x407beb06 in nsHttpChannel::OnDataAvailable () from components/libnecko.so
#14 0x40794e7a in nsOnDataAvailableEvent::HandleEvent () from components/libnecko.so
#15 0x4078845b in nsARequestObserverEvent::HandlePLEvent () from
components/libnecko.so
#16 0x4012d127 in PL_HandleEvent () at eval.c:41
#17 0x4012d021 in PL_ProcessPendingEvents () at eval.c:41
#18 0x4012e0ef in nsEventQueueImpl::ProcessPendingEvents () at eval.c:41
#19 0x40c89e56 in event_processor_callback ()
   from /home/dark/DISK/mozilla/dist/bin/components/libwidget_gtk.so
#20 0x40c89bb8 in our_gdk_io_invoke () from
/home/dark/DISK/mozilla/dist/bin/components/libwidget_gtk.so
#21 0x4036da7a in g_io_unix_dispatch (source_data=0x8327008,
current_time=0xbffff180, 
    user_data=0x81c7db8) at giounix.c:137
#22 0x4036f055 in g_main_dispatch (dispatch_time=0xbffff180) at gmain.c:656
#23 0x4036f659 in g_main_iterate (block=1, dispatch=1) at gmain.c:877
#24 0x4036f7e8 in g_main_run (loop=0x81540f8) at gmain.c:935
#25 0x4028465b in gtk_main () at gtkmain.c:524
#26 0x40c8a335 in nsAppShell::Run () from
/home/dark/DISK/mozilla/dist/bin/components/libwidget_gtk.so
#27 0x40714836 in nsAppShellService::Run ()
   from /home/dark/DISK/mozilla/dist/bin/components/libnsappshell.so
#28 0x08051ffd in main1 () at eval.c:41
#29 0x08052905 in main () at eval.c:41
#30 0x404b8177 in __libc_start_main (main=0x80527cc <main>, argc=1,
ubp_av=0xbffff71c, 
    init=0x804c1fc <_init>, fini=0x8054798 <_fini>, rtld_fini=0x4000e184
<_dl_fini>, 
    stack_end=0xbffff70c) at ../sysdeps/generic/libc-start.c:129
(gdb)
Here's 2 more URL's that I see this same crash on, using a linux CVS build from
this morning.  With --disable-debug, but with -g for symbols.  Similar stack.
http://cgi.ebay.com/ebaymotors/aw-cgi/eBayISAPI.dll?ViewItem&item=594023445
http://www.space.com/businesstechnology/technology/lunar_future_010820-1.html   

I'll attach my stack.
Summary: crash in HTMLContentSink::ProcessHeaderData → crash in HTMLContentSink::ProcessHeaderData
Severity: normal → critical
CC darin since he touched nsHTMLContentSink last..
Keywords: crash
yeah.. probably a regression from my checkin yesterday.  investigating...
Assignee: asa → darin
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → mozilla0.9.4
harish knows why mParser is null.
Component: Browser-General → Parser
QA Contact: doronr → bsharma
*** Bug 96483 has been marked as a duplicate of this bug. ***
r=harishd. Before reloading the document with the new charset we should
completely shutoff the current load. It looks like the NavDTD is sending in the
META tag to the sink before shutting down. That's the root cause of the problem.
Darin, your work around is fine however please reassign the bug to me so that I
can fix the problem on the parser end.
sr=vidur for the temporary fix.
*** Bug 96665 has been marked as a duplicate of this bug. ***
*** Bug 96650 has been marked as a duplicate of this bug. ***
Changing severity to blocker and adding smoketest keyword since there have been
2 blocker smoketest bugs dup'd to this one.
Severity: critical → blocker
Keywords: smoketest
I saw this on Win 98 at the url:
http://www.va-oakland.com/caproperty.html when clicking on the Photographic 
Virtual Tours link.
OS: Linux → All
a=dbaron on behalf of drivers for the temporary fix, although you really don't
need that for a smoketest blocker and it would also probably be nice to have the
real fix soon.
workaround fix checked in -> over to harish
Assignee: darin → harishd
Status: ASSIGNED → NEW
Removing keywords. Since after the workaround fix it's neither a crash nor a
blocker.
Status: NEW → ASSIGNED
Keywords: crash, smoketest
Leaving topcrash keyword out, but adding [@ HTMLContentSink::ProcessHeaderData]
to summary for tracking, since this *was* a topcrasher on the MozillaTrunk.
Summary: crash in HTMLContentSink::ProcessHeaderData → Trunk crash in [@ HTMLContentSink::ProcessHeaderData]
Found out the offending checkin ( with the help of ftang ):

http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=nsMetaCharsetObserver.cpp&root=/cvsroot&subdir=mozilla/intl/chardet/src&command=DIFF_FRAMESET&rev1=1.27&rev2=1.28

nsMetaCharsetObserver was supposed to return an error message after stopping the
current document load. I talked to ftang about the checkin ( above mentioned ) and
it looks like the return value got removed accidentely
Fix the crasher the correct way.
Keywords: nsbranch+
Adding crash, topcrash keywords once again until we can verify this problem has
been fixed either from testing or Talkback data.
Keywords: crash, topcrash
r=ftang 
harish, there is 2 places "NotifyWebShell" is called inside function "Notify". 
I am suggesting to use following patch instead:
Index: nsMetaCharsetObserver.cpp
===================================================================
RCS file: /cvsroot/mozilla/intl/chardet/src/nsMetaCharsetObserver.cpp,v
retrieving revision 1.45
diff -u -r1.45 nsMetaCharsetObserver.cpp
--- nsMetaCharsetObserver.cpp   2001/08/10 18:08:55     1.45
+++ nsMetaCharsetObserver.cpp   2001/08/25 03:04:11
@@ -289,7 +289,7 @@
               res = NotifyWebShell(aDocumentID, NS_ConvertUCS2toUTF8(compatChar
set).get(), kCharsetFromMetaTag);
       }
     }
-    return NS_OK;
+    return res;
 }

 //-------------------------------------------------------------------------
a=dbaron, but shouln't the null check that was added originally be removed now?
Fix is in. 
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
*** Bug 96805 has been marked as a duplicate of this bug. ***
The latest trunk build ID for talkback crashes with this stack sig is 
2001082309.  Marking verified.
Status: RESOLVED → VERIFIED
*** Bug 97042 has been marked as a duplicate of this bug. ***
*** Bug 97131 has been marked as a duplicate of this bug. ***
Crash Signature: [@ HTMLContentSink::ProcessHeaderData]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: