User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4a) Gecko/20030407 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4a) Gecko/20030407 Clicking on any "View Ad" links on http://www.unicast.com/gallery/gallery.asp crashes Galeon and Epiphany due to a stack overflow. Reproducible: Always Steps to Reproduce: 1. Open Epiphany or Galeon 2. go to http://www.unicast.com/gallery/gallery.asp 3. Click any "View AD" link 4. A new window opens in the background 5. Click new window to focus Actual Results: The browser crashed Expected Results: guess :) #0 0x419f3087 in nsScriptSecurityManager::GetFramePrincipal(JSContext*, JSStackFrame*, nsIPrincipal**) () from /usr/mozilla/lib/mozilla-1.4a/components/libcaps.so #1 0x419f316b in nsScriptSecurityManager::GetPrincipalAndFrame(JSContext*, nsIPrincipal**, JSStackFrame**) () from /usr/mozilla/lib/mozilla-1.4a/components/libcaps.so #2 0x419f33b6 in nsScriptSecurityManager::GetSubjectPrincipal(JSContext*, nsIPrincipal**) () from /usr/mozilla/lib/mozilla-1.4a/components/libcaps.so #3 0x419ee830 in nsScriptSecurityManager::CheckPropertyAccessImpl(unsigned, nsIXPCNativeCallContext*, JSContext*, JSObject*, nsISupports*, nsIURI*, nsIClassInfo*, char const*, long, void**) () from /usr/mozilla/lib/mozilla-1.4a/components/libcaps.so #4 0x419f59d1 in nsScriptSecurityManager::CanAccess(unsigned, nsIXPCNativeCallContext*, JSContext*, JSObject*, nsISupports*, nsIClassInfo*, long, void**) () from /usr/mozilla/lib/mozilla-1.4a/components/libcaps.so #5 0x412b5b3a in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) () from /usr/mozilla/lib/mozilla-1.4a/components/libxpconnect.so #6 0x412bda23 in XPC_WN_CallMethod(JSContext*, JSObject*, unsigned, long*, long*) () from /usr/mozilla/lib/mozilla-1.4a/components/libxpconnect.so #7 0x411efe45 in js_Invoke () from /usr/mozilla/lib/mozilla-1.4a/libmozjs.so #8 0x411f01b1 in js_InternalInvoke () from /usr/mozilla/lib/mozilla-1.4a/libmozjs.so #9 0x411c452b in JS_CallFunctionValue () from /usr/mozilla/lib/mozilla-1.4a/libmozjs.so #10 0x41e4651d in nsFocusController::UpdateCommands(nsAString const&) () from /usr/mozilla/lib/mozilla-1.4a/components/libjsdom.so #11 0x41e7f8d9 in nsJSChannel::Resume() () from /usr/mozilla/lib/mozilla-1.4a/components/libjsdom.so #12 0x41689d56 in nsEventListenerManager::HandleEventSubType(nsListenerStruct*, nsIDOMEvent*, nsIDOMEventTarget*, unsigned, unsigned) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #13 0x4168ba6a in nsEventListenerManager::HandleEvent(nsIPresContext*, nsEvent*, nsIDOMEvent**, nsIDOMEventTarget*, unsigned, nsEventStatus*) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #14 0x41e4c816 in GlobalWindowImpl::GetInnerWidth(int*) () from /usr/mozilla/lib/mozilla-1.4a/components/libjsdom.so #15 0x41603d97 in nsDocument::HandleDOMEvent(nsIPresContext*, nsEvent*, nsIDOMEvent**, unsigned, nsEventStatus*) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #16 0x41691c4c in nsEventStateManager::PreHandleEvent(nsIPresContext*, nsEvent*, nsIFrame*, nsEventStatus*, nsIView*) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #17 0x414c28ff in PresShell::HandleEventInternal(nsEvent*, nsIView*, unsigned, nsEventStatus*) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #18 0x414c2738 in PresShell::HandleEvent(nsIView*, nsGUIEvent*, nsEventStatus*, int, int&) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #19 0x418265d0 in nsViewManager::HandleEvent(nsView*, nsGUIEvent*, int) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #20 0x41818450 in nsView::HandleEvent(nsViewManager*, nsGUIEvent*, int) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #21 0x41825e14 in nsViewManager::DispatchEvent(nsGUIEvent*, nsEventStatus*) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #22 0x41e57c49 in nsTimeoutImpl::Release(nsIScriptContext*) () from /usr/mozilla/lib/mozilla-1.4a/components/libjsdom.so #23 0x40036aa5 in EmbedPrivate::ChildFocusOut() () from /usr/mozilla/lib/mozilla-1.4a/libgtkembedmoz.so #24 0x40032f50 in handle_child_focus_out(_GtkWidget*, _GdkEventFocus*, _GtkMozEmbed*) () from /usr/mozilla/lib/mozilla-1.4a/libgtkembedmoz.so #25 0x406602c0 in _gtk_marshal_BOOLEAN__BOXED (closure=0x81dafe0, return_value=0xbfe0266c, n_param_values=2, param_values=0xbfe027fc, invocation_hint=0xbfe026a4, marshal_data=0x0) at gtkmarshalers.c:82 #26 0x40dfc91e in g_closure_invoke (closure=0x81dafe0, return_value=0xbfe0266c, n_param_values=2, param_values=0xbfe027fc, invocation_hint=0xbfe026a4) at gclosure.c:437 #27 0x40e13542 in signal_emit_unlocked_R (node=0x81e0248, detail=0, instance=0x85b5b58, emission_return=0xbfe0277c, instance_and_params=0xbfe027fc) at gsignal.c:2822 #28 0x40e127c9 in g_signal_emit_valist (instance=0x85b5b58, signal_id=62, detail=0, var_args=0xbfe0298c "?)??8?\026\b\001") at gsignal.c:2564 #29 0x40e12b3a in g_signal_emit (instance=0x85b5b58, signal_id=62, detail=0) at gsignal.c:2612 #30 0x40774c97 in gtk_widget_event_internal (widget=0x85b5b58, event=0x8769ea8) at gtkwidget.c:3143 #31 0x40774855 in gtk_widget_event (widget=0x85b5b58, event=0x8769ea8) at gtkwidget.c:3004 #32 0x40785864 in do_focus_change (widget=0x85b5b58, in=0) at gtkwindow.c:4169 #33 0x40785c87 in gtk_window_real_set_focus (window=0x8275f18, focus=0x85b5b58) at gtkwindow.c:4345 #34 0x40e14c34 in g_cclosure_marshal_VOID__OBJECT (closure=0x8273f28, return_value=0x0, n_param_values=2, param_values=0xbfe02d2c, invocation_hint=0xbfe02bd4, marshal_data=0x40785b84) at gmarshal.c:636 #35 0x40dfcc48 in g_type_class_meta_marshal (closure=0x8273f28, return_value=0x0, n_param_values=2, param_values=0xbfe02d2c, invocation_hint=0xbfe02bd4, marshal_data=0x1a0) at gclosure.c:514 #36 0x40dfc91e in g_closure_invoke (closure=0x8273f28, return_value=0x0, n_param_values=2, param_values=0xbfe02d2c, invocation_hint=0xbfe02bd4) at gclosure.c:437 #37 0x40e13730 in signal_emit_unlocked_R (node=0x8273f70, detail=0, instance=0x8275f18, emission_return=0x0, instance_and_params=0xbfe02d2c) at gsignal.c:2860 #38 0x40e12725 in g_signal_emit_valist (instance=0x8275f18, signal_id=109, detail=0, var_args=0xbfe02ebc "(?\024\b") at gsignal.c:2554 #39 0x40e12b3a in g_signal_emit (instance=0x8275f18, signal_id=109, detail=0) at gsignal.c:2612 #40 0x4077f970 in _gtk_window_internal_set_focus (window=0x8275f18, focus=0x85b5b58) at gtkwindow.c:1126 #41 0x407759aa in gtk_widget_real_grab_focus (focus_widget=0x85b5b58) at gtkwidget.c:3452 #42 0x40e13d9e in g_cclosure_marshal_VOID__VOID (closure=0x81e2170, return_value=0x0, n_param_values=1, param_values=0xbfe0320c, invocation_hint=0xbfe030b4, marshal_data=0x40775934) at gmarshal.c:77 #43 0x40dfcc48 in g_type_class_meta_marshal (closure=0x81e2170, return_value=0x0, n_param_values=1, param_values=0xbfe0320c, invocation_hint=0xbfe030b4, marshal_data=0xa4) at gclosure.c:514 #44 0x40dfc91e in g_closure_invoke (closure=0x81e2170, return_value=0x0, n_param_values=1, param_values=0xbfe0320c, invocation_hint=0xbfe030b4) at gclosure.c:437 #45 0x40e13730 in signal_emit_unlocked_R (node=0x81e2198, detail=0, instance=0x85b5b58, emission_return=0x0, instance_and_params=0xbfe0320c) at gsignal.c:2860 #46 0x40e12725 in g_signal_emit_valist (instance=0x85b5b58, signal_id=45, detail=0, var_args=0xbfe03398 "") at gsignal.c:2554 #47 0x40e12b3a in g_signal_emit (instance=0x85b5b58, signal_id=45, detail=0) at gsignal.c:2612 #48 0x40775873 in gtk_widget_grab_focus (widget=0x85b5b58) at gtkwidget.c:3406 #49 0x41aae560 in nsWindow::SetFocus(int) () from /usr/mozilla/lib/mozilla-1.4a/components/libwidget_gtk2.so #50 0x41e51abd in GlobalWindowImpl::Open(nsIDOMWindow**) () from /usr/mozilla/lib/mozilla-1.4a/components/libjsdom.so #51 0x400c9b07 in XPTC_InvokeByIndex () from /usr/mozilla/lib/mozilla-1.4a/libxpcom.so #52 0x412b6960 in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) () from /usr/mozilla/lib/mozilla-1.4a/components/libxpconnect.so #53 0x412bda23 in XPC_WN_CallMethod(JSContext*, JSObject*, unsigned, long*, long*) () from /usr/mozilla/lib/mozilla-1.4a/components/libxpconnect.so #54 0x411efe45 in js_Invoke () from /usr/mozilla/lib/mozilla-1.4a/libmozjs.so #55 0x411f01b1 in js_InternalInvoke () from /usr/mozilla/lib/mozilla-1.4a/libmozjs.so #56 0x411c452b in JS_CallFunctionValue () from /usr/mozilla/lib/mozilla-1.4a/libmozjs.so #57 0x41e4651d in nsFocusController::UpdateCommands(nsAString const&) () from /usr/mozilla/lib/mozilla-1.4a/components/libjsdom.so #58 0x41e7f8d9 in nsJSChannel::Resume() () from /usr/mozilla/lib/mozilla-1.4a/components/libjsdom.so #59 0x41689d56 in nsEventListenerManager::HandleEventSubType(nsListenerStruct*, nsIDOMEvent*, nsIDOMEventTarget*, unsigned, unsigned) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #60 0x4168ba6a in nsEventListenerManager::HandleEvent(nsIPresContext*, nsEvent*, nsIDOMEvent**, nsIDOMEventTarget*, unsigned, nsEventStatus*) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #61 0x41e4c816 in GlobalWindowImpl::GetInnerWidth(int*) () from /usr/mozilla/lib/mozilla-1.4a/components/libjsdom.so #62 0x41603d97 in nsDocument::HandleDOMEvent(nsIPresContext*, nsEvent*, nsIDOMEvent**, unsigned, nsEventStatus*) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #63 0x41691c4c in nsEventStateManager::PreHandleEvent(nsIPresContext*, nsEvent*, nsIFrame*, nsEventStatus*, nsIView*) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #64 0x414c28ff in PresShell::HandleEventInternal(nsEvent*, nsIView*, unsigned, nsEventStatus*) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #65 0x414c2738 in PresShell::HandleEvent(nsIView*, nsGUIEvent*, nsEventStatus*, int, int&) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #66 0x418265d0 in nsViewManager::HandleEvent(nsView*, nsGUIEvent*, int) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #67 0x41818450 in nsView::HandleEvent(nsViewManager*, nsGUIEvent*, int) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #68 0x41825e14 in nsViewManager::DispatchEvent(nsGUIEvent*, nsEventStatus*) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #69 0x41e57c49 in nsTimeoutImpl::Release(nsIScriptContext*) () from /usr/mozilla/lib/mozilla-1.4a/components/libjsdom.so #70 0x40036aa5 in EmbedPrivate::ChildFocusOut() () from /usr/mozilla/lib/mozilla-1.4a/libgtkembedmoz.so #71 0x40032f50 in handle_child_focus_out(_GtkWidget*, _GdkEventFocus*, _GtkMozEmbed*) () from /usr/mozilla/lib/mozilla-1.4a/libgtkembedmoz.so #72 0x406602c0 in _gtk_marshal_BOOLEAN__BOXED (closure=0x81dafe0, return_value=0xbfe04868, n_param_values=2, param_values=0xbfe049f8, invocation_hint=0xbfe048a0, marshal_data=0x0) at gtkmarshalers.c:82 #73 0x40dfc91e in g_closure_invoke (closure=0x81dafe0, return_value=0xbfe04868, n_param_values=2, param_values=0xbfe049f8, invocation_hint=0xbfe048a0) at gclosure.c:437 #74 0x40e13542 in signal_emit_unlocked_R (node=0x81e0248, detail=0, instance=0x85b5b58, emission_return=0xbfe04978, instance_and_params=0xbfe049f8) at gsignal.c:2822 #75 0x40e127c9 in g_signal_emit_valist (instance=0x85b5b58, signal_id=62, detail=0, var_args=0xbfe04b88 "?K??8?\026\b\001") at gsignal.c:2564 #76 0x40e12b3a in g_signal_emit (instance=0x85b5b58, signal_id=62, detail=0) at gsignal.c:2612 #77 0x40774c97 in gtk_widget_event_internal (widget=0x85b5b58, event=0x8769e5c) at gtkwidget.c:3143 #78 0x40774855 in gtk_widget_event (widget=0x85b5b58, event=0x8769e5c) at gtkwidget.c:3004 #79 0x40785864 in do_focus_change (widget=0x85b5b58, in=0) at gtkwindow.c:4169 #80 0x40785c87 in gtk_window_real_set_focus (window=0x8275f18, focus=0x85b5b58) at gtkwindow.c:4345 #81 0x40e14c34 in g_cclosure_marshal_VOID__OBJECT (closure=0x8273f28, return_value=0x0, n_param_values=2, param_values=0xbfe04f28, invocation_hint=0xbfe04dd0, marshal_data=0x40785b84) at gmarshal.c:636 #82 0x40dfcc48 in g_type_class_meta_marshal (closure=0x8273f28, return_value=0x0, n_param_values=2, param_values=0xbfe04f28, invocation_hint=0xbfe04dd0, marshal_data=0x1a0) at gclosure.c:514 #83 0x40dfc91e in g_closure_invoke (closure=0x8273f28, return_value=0x0, n_param_values=2, param_values=0xbfe04f28, invocation_hint=0xbfe04dd0) at gclosure.c:437 #84 0x40e13730 in signal_emit_unlocked_R (node=0x8273f70, detail=0, instance=0x8275f18, emission_return=0x0, instance_and_params=0xbfe04f28) at gsignal.c:2860 #85 0x40e12725 in g_signal_emit_valist (instance=0x8275f18, signal_id=109, detail=0, var_args=0xbfe050b8 "(?\024\b") at gsignal.c:2554 #86 0x40e12b3a in g_signal_emit (instance=0x8275f18, signal_id=109, detail=0) at gsignal.c:2612 #87 0x4077f970 in _gtk_window_internal_set_focus (window=0x8275f18, focus=0x85b5b58) at gtkwindow.c:1126 #88 0x407759aa in gtk_widget_real_grab_focus (focus_widget=0x85b5b58) at gtkwidget.c:3452 #89 0x40e13d9e in g_cclosure_marshal_VOID__VOID (closure=0x81e2170, return_value=0x0, n_param_values=1, param_values=0xbfe05408, invocation_hint=0xbfe052b0, marshal_data=0x40775934) at gmarshal.c:77 #90 0x40dfcc48 in g_type_class_meta_marshal (closure=0x81e2170, return_value=0x0, n_param_values=1, param_values=0xbfe05408, invocation_hint=0xbfe052b0, marshal_data=0xa4) at gclosure.c:514 #91 0x40dfc91e in g_closure_invoke (closure=0x81e2170, return_value=0x0, n_param_values=1, param_values=0xbfe05408, invocation_hint=0xbfe052b0) at gclosure.c:437 #92 0x40e13730 in signal_emit_unlocked_R (node=0x81e2198, detail=0, instance=0x85b5b58, emission_return=0x0, instance_and_params=0xbfe05408) at gsignal.c:2860 #93 0x40e12725 in g_signal_emit_valist (instance=0x85b5b58, signal_id=45, detail=0, var_args=0xbfe05594 "") at gsignal.c:2554 #94 0x40e12b3a in g_signal_emit (instance=0x85b5b58, signal_id=45, detail=0) at gsignal.c:2612 #95 0x40775873 in gtk_widget_grab_focus (widget=0x85b5b58) at gtkwidget.c:3406 #96 0x41aae560 in nsWindow::SetFocus(int) () from /usr/mozilla/lib/mozilla-1.4a/components/libwidget_gtk2.so #97 0x41e51abd in GlobalWindowImpl::Open(nsIDOMWindow**) () from /usr/mozilla/lib/mozilla-1.4a/components/libjsdom.so #98 0x400c9b07 in XPTC_InvokeByIndex () from /usr/mozilla/lib/mozilla-1.4a/libxpcom.so #99 0x412b6960 in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) () from /usr/mozilla/lib/mozilla-1.4a/components/libxpconnect.so #100 0x412bda23 in XPC_WN_CallMethod(JSContext*, JSObject*, unsigned, long*, long*) () from /usr/mozilla/lib/mozilla-1.4a/components/libxpconnect.so #101 0x411efe45 in js_Invoke () from /usr/mozilla/lib/mozilla-1.4a/libmozjs.so #102 0x411f01b1 in js_InternalInvoke () from /usr/mozilla/lib/mozilla-1.4a/libmozjs.so #103 0x411c452b in JS_CallFunctionValue () from /usr/mozilla/lib/mozilla-1.4a/libmozjs.so #104 0x41e4651d in nsFocusController::UpdateCommands(nsAString const&) () from /usr/mozilla/lib/mozilla-1.4a/components/libjsdom.so #105 0x41e7f8d9 in nsJSChannel::Resume() () from /usr/mozilla/lib/mozilla-1.4a/components/libjsdom.so #106 0x41689d56 in nsEventListenerManager::HandleEventSubType(nsListenerStruct*, nsIDOMEvent*, nsIDOMEventTarget*, unsigned, unsigned) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #107 0x4168ba6a in nsEventListenerManager::HandleEvent(nsIPresContext*, nsEvent*, nsIDOMEvent**, nsIDOMEventTarget*, unsigned, nsEventStatus*) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #108 0x41e4c816 in GlobalWindowImpl::GetInnerWidth(int*) () from /usr/mozilla/lib/mozilla-1.4a/components/libjsdom.so #109 0x41603d97 in nsDocument::HandleDOMEvent(nsIPresContext*, nsEvent*, nsIDOMEvent**, unsigned, nsEventStatus*) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so #110 0x41691c4c in nsEventStateManager::PreHandleEvent(nsIPresContext*, nsEvent*, nsIFrame*, nsEventStatus*, nsIView*) () from /usr/mozilla/lib/mozilla-1.4a/components/libgklayout.so [...] This loop continues for a while.

Confirming on Mozilla 1.4 GTK2 official RPM package (build 20030701)

The URL is gone; need a new testcase.

AFAIK, GTK embedding in that way has been discontinued, and future embedding efforts will likely go different ways, so this bug is probably not relevant any more. That said, there's no info here on any recent software versions and code responsible for that probably has changed a lot. If this is still relevant, please reopen with current info and a crash signature.