Closed
Bug 3286
Opened 26 years ago
Closed 26 years ago
browser crashes in layout
Categories
(Core :: Layout, defect, P1)
Tracking
()
VERIFIED
FIXED
M4
People
(Reporter: morse, Assigned: harishd)
References
()
Details
Go to http://people.netscape.com/morse/bugs/walleted.html. Under Linux this
crashes immediately and gives the stack trace shown below. Appears to be in
layout.
Under win32 it doesn't crash immediately. But if you go to the third pull-down
list (labelled "synonyms") and click on it, you get a crash. Furthermore, the
stack trace of that crash does not indicate any decipherable modules (it just
says USER:). If you look at the content, you will see it has a lot of
javascript so this bug could be due to javascript rather than layout, or perhaps
some interaction between them. Of course this works just fine in 4.5.
Finally, even before the win32 crash, the javascript behavior is incorrect.
There are onchange handlers for each of the dropdown lists which are supposed to
update the other lists when the selected element in any one of the lists
changes. This works fine in 4.5. But in 5.0, the updating of the other lists
doesn't occur until you go select some other list and go back and reselect the
list that changed.
Here's the linux trace:
(gdb) bt
#0 0x40cd86a1 in __kill ()
#1 0x40cd84cf in raise (sig=6) at ../sysdeps/posix/raise.c:27
#2 0x40cd96df in abort () at ../sysdeps/generic/abort.c:83
#3 0x409c3d06 in nsDebug::Abort (aFile=0x404afa72 "nsHTMLContentSink.cpp",
aLine=1682)
at nsDebug.cpp:85
#4 0x409c3d6e in nsDebug::Break (aFile=0x404afa72 "nsHTMLContentSink.cpp",
aLine=1682)
at nsDebug.cpp:100
#5 0x409c3dd9 in nsDebug::PreCondition (
aStr=0x404afe37 "parser called OpenBody twice",
aExpr=0x404afe27 "nsnull == mBody", aFile=0x404afa72
"nsHTMLContentSink.cpp",
aLine=1682) at nsDebug.cpp:112
#6 0x4039bb37 in HTMLContentSink::OpenBody (this=0x82ac978, aNode=@0xbfffdb58)
at nsHTMLContentSink.cpp:1682
#7 0x40616bea in CNavDTD::OpenBody (this=0x82f12e8, aNode=@0xbfffdb58)
at CNavDTD.cpp:2129
#8 0x406172af in CNavDTD::OpenContainer (this=0x82f12e8, aNode=@0xbfffdb58,
aUpdateStyleStack=1) at CNavDTD.cpp:2287
#9 0x406141b6 in CNavDTD::HandleDefaultStartToken (this=0x82f12e8,
aToken=0xbfffdbf4,
aChildTag=eHTMLTag_body, aNode=@0xbfffdb58) at CNavDTD.cpp:905
#10 0x40614759 in CNavDTD::HandleStartToken (this=0x82f12e8, aToken=0xbfffdbf4)
at CNavDTD.cpp:1052
#11 0x4061400e in CNavDTD::HandleDefaultStartToken (this=0x82f12e8,
aToken=0x81d90e8,
aChildTag=eHTMLTag_br, aNode=@0xbfffdc94) at CNavDTD.cpp:831
#12 0x40614759 in CNavDTD::HandleStartToken (this=0x82f12e8, aToken=0x81d90e8)
at CNavDTD.cpp:1052
#13 0x40612a15 in NavDispatchTokenHandler (aToken=0x81d90e8, aDTD=0x82f12e8)
at CNavDTD.cpp:251
---Type <return> to continue, or q <return> to quit---
#14 0x40624f38 in CTokenHandler::operator() (this=0x82f1380, aToken=0x81d90e8,
aDTD=0x82f12e8) at nsTokenHandler.cpp:80
#15 0x40613958 in CNavDTD::HandleToken (this=0x82f12e8, aToken=0x81d90e8,
aParser=0x82af3a0) at CNavDTD.cpp:596
#16 0x40613642 in CNavDTD::BuildModel (this=0x82f12e8, aParser=0x82af3a0,
aTokenizer=0x831d9b8, anObserver=0x0, aSink=0x82ac978) at CNavDTD.cpp:505
#17 0x406220e7 in nsParser::BuildModel (this=0x82af3a0) at nsParser.cpp:717
#18 0x40621fd0 in nsParser::ResumeParse (this=0x82af3a0, aDefaultDTD=0x0)
at nsParser.cpp:669
#19 0x40621e5e in nsParser::Parse (this=0x82af3a0, aSourceBuffer=@0xbfffde94,
aKey=0x1, aContentType=@0xbfffde80, aEnableVerify=0, aLastCall=1)
at nsParser.cpp:637
#20 0x403a53d6 in nsHTMLDocument::WriteCommon (this=0x82af100, cx=0x81a4290,
argv=0x82d2e68, argc=1, aNewlineTerminate=0) at nsHTMLDocument.cpp:1329
#21 0x403a5510 in nsHTMLDocument::Write (this=0x82af100, cx=0x81a4290,
argv=0x82d2e68,
argc=1) at nsHTMLDocument.cpp:1342
#22 0x406c0996 in HTMLDocumentWrite (cx=0x81a4290, obj=0x8318190, argc=1,
argv=0x82d2e68, rval=0xbfffdfd8) at nsJSHTMLDocument.cpp:714
#23 0x4095f79b in js_Invoke (cx=0x81a4290, argc=1, constructing=0) at
jsinterp.c:650
#24 0x4096f372 in js_Interpret (cx=0x81a4290, result=0xbfffe380) at
jsinterp.c:2183
#25 0x4095f7f9 in js_Invoke (cx=0x81a4290, argc=0, constructing=0) at
jsinterp.c:666
#26 0x4096f372 in js_Interpret (cx=0x81a4290, result=0xbfffe754) at
jsinterp.c:2183
#27 0x4095f7f9 in js_Invoke (cx=0x81a4290, argc=0, constructing=0) at
jsinterp.c:666
#28 0x4096f372 in js_Interpret (cx=0x81a4290, result=0xbfffeb28) at
jsinterp.c:2183
#29 0x4095f7f9 in js_Invoke (cx=0x81a4290, argc=1, constructing=0) at
jsinterp.c:666
#30 0x4095fab0 in js_CallFunctionValue (cx=0x81a4290, obj=0x819ba08,
fval=135910240,
argc=1, argv=0xbfffec74, rval=0xbfffec78) at jsinterp.c:735
---Type <return> to continue, or q <return> to quit---
#31 0x40939331 in JS_CallFunctionValue (cx=0x81a4290, obj=0x819ba08,
fval=135910240,
argc=1, argv=0xbfffec74, rval=0xbfffec78) at jsapi.c:2370
#32 0x406b08bd in nsJSEventListener::ProcessEvent (this=0x82aa8d8,
aEvent=0x82ae000)
at nsJSEventListener.cpp:97
#33 0x402cf002 in nsEventListenerManager::HandleEvent (this=0x82aa048,
aPresContext=@0x8201028, aEvent=0xbfffed68, aDOMEvent=0xbfffece0,
aEventStatus=@0xbfffed94) at nsEventListenerManager.cpp:499
#34 0x4069deec in GlobalWindowImpl::HandleDOMEvent (this=0x81b1678,
aPresContext=@0x8201028, aEvent=0xbfffed68, aDOMEvent=0xbfffece0, aFlags=1,
aEventStatus=@0xbfffed94) at nsGlobalWindow.cpp:1820
#35 0x40026c7f in nsWebShell::OnConnectionsComplete (this=0x80e8fb8)
at nsWebShell.cpp:1997
#36 0x4001df67 in nsDocLoaderImpl::AreAllConnectionsComplete (this=0x80e9240)
at nsDocLoader.cpp:1257
#37 0x4001dea8 in nsDocLoaderImpl::LoadURLComplete (this=0x80e9240,
aURL=0x82154f8,
aBindInfo=0x82154c8, aStatus=0) at nsDocLoader.cpp:1226
#38 0x4001ef21 in nsDocumentBindInfo::OnStopBinding (this=0x82154c8,
aURL=0x82154f8,
aStatus=0, aMsg=0xbfffee54) at nsDocLoader.cpp:1729
#39 0x407c2653 in stub_complete (stream=0x8215ce0) at nsStubContext.cpp:585
#40 0x4079ab9c in net_MemCacheComplete (stream=0x81a81c8) at mkmemcac.c:724
#41 0x40775413 in net_ProcessHTTP (ce=0x82158b8) at mkhttp.c:3523
#42 0x407e8e23 in NET_ProcessNet (ready_fd=0x81fb438, fd_type=2) at
mkgeturl.c:3367
#43 0x407f0d01 in NET_PollSockets () at mkselect.c:298
#44 0x407baf0e in nsNetlibService::NetPollSocketsCallback (aTimer=0x81e4b88,
aClosure=0x807c6a0) at nsNetService.cpp:1217
#45 0x405ee149 in TimerImpl::FireTimeout (this=0x81e4b88) at nsTimer.cpp:73
#46 0x405ee67e in nsTimerExpired (aCallData=0x81e4b88) at nsTimer.cpp:188
---Type <return> to continue, or q <return> to quit---
#47 0x40b8fae1 in g_timeout_dispatch ()
#48 0x40b8eda2 in g_main_dispatch ()
#49 0x40b8f291 in g_main_iterate ()
#50 0x40b8f441 in g_main_run ()
#51 0x40ab970b in gtk_main ()
#52 0x40054000 in nsAppShell::Run (this=0x8097798) at nsAppShell.cpp:145
#53 0x8053aea in nsNativeViewerApp::Run (this=0x8094220) at nsGTKMain.cpp:42
#54 0x8053d4e in main (argc=1, argv=0xbffff7d4) at nsGTKMain.cpp:
Reporter | ||
Comment 1•26 years ago
|
||
Second paragraph of description (dealing with win32 crash) is really a separate
bug and so is being broken out as a separate report (see 3317). So ignore that
paragraph in this report.
Reporter | ||
Comment 2•26 years ago
|
||
Third paragraph of description (dealing with incorrect behavior of onchange
handler) is really a separate bug and so is being broken out as a separate
report (see 3322). So ignore that paragraph in this report.
The only portion of the description in this bug report that is still relevant is
the first paragraph (dealing with the linux crash) and the stack trace.
Harish -- take a look at this. It may be the same multi-body problem that you've
already fixed. If not, let me know what you find.
Updated•26 years ago
|
Product: MozillaClassic → Browser
Version: 1998-03-31 → other
Comment 4•26 years ago
|
||
per leger, assigning QA contacts to all open bugs without QA contacts according
to list at http://bugzilla.mozilla.org/describecomponents.cgi?product=Browser
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
This bug could be related to Bug#3396. Anyway, the browser dosen't crash
( checked in Linux ). However, the win32 crash does happen. But, as steve
had explained, it's a separate bug. Therefore, marking the bug fixed.
Updated•26 years ago
|
Status: RESOLVED → VERIFIED
Comment 8•26 years ago
|
||
Fixed in the March 23rd build.
You need to log in
before you can comment on or make changes to this bug.
Description
•