Closed Bug 3286 Opened 26 years ago Closed 26 years ago

browser crashes in layout

Categories

(Core :: Layout, defect, P1)

x86
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: morse, Assigned: harishd)

References

()

Details

Go to http://people.netscape.com/morse/bugs/walleted.html. Under Linux this crashes immediately and gives the stack trace shown below. Appears to be in layout. Under win32 it doesn't crash immediately. But if you go to the third pull-down list (labelled "synonyms") and click on it, you get a crash. Furthermore, the stack trace of that crash does not indicate any decipherable modules (it just says USER:). If you look at the content, you will see it has a lot of javascript so this bug could be due to javascript rather than layout, or perhaps some interaction between them. Of course this works just fine in 4.5. Finally, even before the win32 crash, the javascript behavior is incorrect. There are onchange handlers for each of the dropdown lists which are supposed to update the other lists when the selected element in any one of the lists changes. This works fine in 4.5. But in 5.0, the updating of the other lists doesn't occur until you go select some other list and go back and reselect the list that changed. Here's the linux trace: (gdb) bt #0 0x40cd86a1 in __kill () #1 0x40cd84cf in raise (sig=6) at ../sysdeps/posix/raise.c:27 #2 0x40cd96df in abort () at ../sysdeps/generic/abort.c:83 #3 0x409c3d06 in nsDebug::Abort (aFile=0x404afa72 "nsHTMLContentSink.cpp", aLine=1682) at nsDebug.cpp:85 #4 0x409c3d6e in nsDebug::Break (aFile=0x404afa72 "nsHTMLContentSink.cpp", aLine=1682) at nsDebug.cpp:100 #5 0x409c3dd9 in nsDebug::PreCondition ( aStr=0x404afe37 "parser called OpenBody twice", aExpr=0x404afe27 "nsnull == mBody", aFile=0x404afa72 "nsHTMLContentSink.cpp", aLine=1682) at nsDebug.cpp:112 #6 0x4039bb37 in HTMLContentSink::OpenBody (this=0x82ac978, aNode=@0xbfffdb58) at nsHTMLContentSink.cpp:1682 #7 0x40616bea in CNavDTD::OpenBody (this=0x82f12e8, aNode=@0xbfffdb58) at CNavDTD.cpp:2129 #8 0x406172af in CNavDTD::OpenContainer (this=0x82f12e8, aNode=@0xbfffdb58, aUpdateStyleStack=1) at CNavDTD.cpp:2287 #9 0x406141b6 in CNavDTD::HandleDefaultStartToken (this=0x82f12e8, aToken=0xbfffdbf4, aChildTag=eHTMLTag_body, aNode=@0xbfffdb58) at CNavDTD.cpp:905 #10 0x40614759 in CNavDTD::HandleStartToken (this=0x82f12e8, aToken=0xbfffdbf4) at CNavDTD.cpp:1052 #11 0x4061400e in CNavDTD::HandleDefaultStartToken (this=0x82f12e8, aToken=0x81d90e8, aChildTag=eHTMLTag_br, aNode=@0xbfffdc94) at CNavDTD.cpp:831 #12 0x40614759 in CNavDTD::HandleStartToken (this=0x82f12e8, aToken=0x81d90e8) at CNavDTD.cpp:1052 #13 0x40612a15 in NavDispatchTokenHandler (aToken=0x81d90e8, aDTD=0x82f12e8) at CNavDTD.cpp:251 ---Type <return> to continue, or q <return> to quit--- #14 0x40624f38 in CTokenHandler::operator() (this=0x82f1380, aToken=0x81d90e8, aDTD=0x82f12e8) at nsTokenHandler.cpp:80 #15 0x40613958 in CNavDTD::HandleToken (this=0x82f12e8, aToken=0x81d90e8, aParser=0x82af3a0) at CNavDTD.cpp:596 #16 0x40613642 in CNavDTD::BuildModel (this=0x82f12e8, aParser=0x82af3a0, aTokenizer=0x831d9b8, anObserver=0x0, aSink=0x82ac978) at CNavDTD.cpp:505 #17 0x406220e7 in nsParser::BuildModel (this=0x82af3a0) at nsParser.cpp:717 #18 0x40621fd0 in nsParser::ResumeParse (this=0x82af3a0, aDefaultDTD=0x0) at nsParser.cpp:669 #19 0x40621e5e in nsParser::Parse (this=0x82af3a0, aSourceBuffer=@0xbfffde94, aKey=0x1, aContentType=@0xbfffde80, aEnableVerify=0, aLastCall=1) at nsParser.cpp:637 #20 0x403a53d6 in nsHTMLDocument::WriteCommon (this=0x82af100, cx=0x81a4290, argv=0x82d2e68, argc=1, aNewlineTerminate=0) at nsHTMLDocument.cpp:1329 #21 0x403a5510 in nsHTMLDocument::Write (this=0x82af100, cx=0x81a4290, argv=0x82d2e68, argc=1) at nsHTMLDocument.cpp:1342 #22 0x406c0996 in HTMLDocumentWrite (cx=0x81a4290, obj=0x8318190, argc=1, argv=0x82d2e68, rval=0xbfffdfd8) at nsJSHTMLDocument.cpp:714 #23 0x4095f79b in js_Invoke (cx=0x81a4290, argc=1, constructing=0) at jsinterp.c:650 #24 0x4096f372 in js_Interpret (cx=0x81a4290, result=0xbfffe380) at jsinterp.c:2183 #25 0x4095f7f9 in js_Invoke (cx=0x81a4290, argc=0, constructing=0) at jsinterp.c:666 #26 0x4096f372 in js_Interpret (cx=0x81a4290, result=0xbfffe754) at jsinterp.c:2183 #27 0x4095f7f9 in js_Invoke (cx=0x81a4290, argc=0, constructing=0) at jsinterp.c:666 #28 0x4096f372 in js_Interpret (cx=0x81a4290, result=0xbfffeb28) at jsinterp.c:2183 #29 0x4095f7f9 in js_Invoke (cx=0x81a4290, argc=1, constructing=0) at jsinterp.c:666 #30 0x4095fab0 in js_CallFunctionValue (cx=0x81a4290, obj=0x819ba08, fval=135910240, argc=1, argv=0xbfffec74, rval=0xbfffec78) at jsinterp.c:735 ---Type <return> to continue, or q <return> to quit--- #31 0x40939331 in JS_CallFunctionValue (cx=0x81a4290, obj=0x819ba08, fval=135910240, argc=1, argv=0xbfffec74, rval=0xbfffec78) at jsapi.c:2370 #32 0x406b08bd in nsJSEventListener::ProcessEvent (this=0x82aa8d8, aEvent=0x82ae000) at nsJSEventListener.cpp:97 #33 0x402cf002 in nsEventListenerManager::HandleEvent (this=0x82aa048, aPresContext=@0x8201028, aEvent=0xbfffed68, aDOMEvent=0xbfffece0, aEventStatus=@0xbfffed94) at nsEventListenerManager.cpp:499 #34 0x4069deec in GlobalWindowImpl::HandleDOMEvent (this=0x81b1678, aPresContext=@0x8201028, aEvent=0xbfffed68, aDOMEvent=0xbfffece0, aFlags=1, aEventStatus=@0xbfffed94) at nsGlobalWindow.cpp:1820 #35 0x40026c7f in nsWebShell::OnConnectionsComplete (this=0x80e8fb8) at nsWebShell.cpp:1997 #36 0x4001df67 in nsDocLoaderImpl::AreAllConnectionsComplete (this=0x80e9240) at nsDocLoader.cpp:1257 #37 0x4001dea8 in nsDocLoaderImpl::LoadURLComplete (this=0x80e9240, aURL=0x82154f8, aBindInfo=0x82154c8, aStatus=0) at nsDocLoader.cpp:1226 #38 0x4001ef21 in nsDocumentBindInfo::OnStopBinding (this=0x82154c8, aURL=0x82154f8, aStatus=0, aMsg=0xbfffee54) at nsDocLoader.cpp:1729 #39 0x407c2653 in stub_complete (stream=0x8215ce0) at nsStubContext.cpp:585 #40 0x4079ab9c in net_MemCacheComplete (stream=0x81a81c8) at mkmemcac.c:724 #41 0x40775413 in net_ProcessHTTP (ce=0x82158b8) at mkhttp.c:3523 #42 0x407e8e23 in NET_ProcessNet (ready_fd=0x81fb438, fd_type=2) at mkgeturl.c:3367 #43 0x407f0d01 in NET_PollSockets () at mkselect.c:298 #44 0x407baf0e in nsNetlibService::NetPollSocketsCallback (aTimer=0x81e4b88, aClosure=0x807c6a0) at nsNetService.cpp:1217 #45 0x405ee149 in TimerImpl::FireTimeout (this=0x81e4b88) at nsTimer.cpp:73 #46 0x405ee67e in nsTimerExpired (aCallData=0x81e4b88) at nsTimer.cpp:188 ---Type <return> to continue, or q <return> to quit--- #47 0x40b8fae1 in g_timeout_dispatch () #48 0x40b8eda2 in g_main_dispatch () #49 0x40b8f291 in g_main_iterate () #50 0x40b8f441 in g_main_run () #51 0x40ab970b in gtk_main () #52 0x40054000 in nsAppShell::Run (this=0x8097798) at nsAppShell.cpp:145 #53 0x8053aea in nsNativeViewerApp::Run (this=0x8094220) at nsGTKMain.cpp:42 #54 0x8053d4e in main (argc=1, argv=0xbffff7d4) at nsGTKMain.cpp:
Second paragraph of description (dealing with win32 crash) is really a separate bug and so is being broken out as a separate report (see 3317). So ignore that paragraph in this report.
Third paragraph of description (dealing with incorrect behavior of onchange handler) is really a separate bug and so is being broken out as a separate report (see 3322). So ignore that paragraph in this report. The only portion of the description in this bug report that is still relevant is the first paragraph (dealing with the linux crash) and the stack trace.
Assignee: rickg → harishd
Harish -- take a look at this. It may be the same multi-body problem that you've already fixed. If not, let me know what you find.
Product: MozillaClassic → Browser
Version: 1998-03-31 → other
per leger, assigning QA contacts to all open bugs without QA contacts according to list at http://bugzilla.mozilla.org/describecomponents.cgi?product=Browser
Target Milestone: M4
Assigned M4 milestone.
Priority: P2 → P1
Increasing the priority to P1
Status: NEW → ASSIGNED
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
This bug could be related to Bug#3396. Anyway, the browser dosen't crash ( checked in Linux ). However, the win32 crash does happen. But, as steve had explained, it's a separate bug. Therefore, marking the bug fixed.
Status: RESOLVED → VERIFIED
Fixed in the March 23rd build.
You need to log in before you can comment on or make changes to this bug.