Closed
Bug 3308
Opened 26 years ago
Closed 26 years ago
<head><img ..> crashes the viewer
Categories
(Core :: DOM: HTML Parser, defect, P2)
Tracking
()
VERIFIED
FIXED
People
(Reporter: igor, Assigned: rickg)
Details
The following (broken) HTML crashes the viewer:
<head>
<img src="http://www.mozilla.org/images/logo-star.gif">
Adding <body> after the <head> fixes the problem.
My guess is that the parser does not open the <body> when it
sees the <img> element, so the while loop in
CNavDTD::ReduceContextStackFor (frame 8) runs out of elements
calling CloseTopmostContainer() (frame 7).
This is the stack trace:
#0 0x40dbc601 in kill ()
#1 0x40dbc42f in gsignal ()
#2 0x40dbd64f in abort ()
#3 0x40a387ea in PR_Abort () at prlog.c:461
#4 0x40a072dc in nsDebug::Abort (
aFile=0x4063b120 "../../../htmlparser/src/CNavDTD.cpp", aLine=2477)
at ../../../xpcom/src/nsDebug.cpp:91
#5 0x40a07344 in nsDebug::Break (
aFile=0x4063b120 "../../../htmlparser/src/CNavDTD.cpp", aLine=2477)
at ../../../xpcom/src/nsDebug.cpp:106
#6 0x40a073b5 in nsDebug::PreCondition (
aStr=0x4063b0e0 "Error: invalid tag stack position",
aExpr=0x4063b2ae "mBodyContext->GetCount() > 0",
aFile=0x4063b120 "../../../htmlparser/src/CNavDTD.cpp", aLine=2477)
at ../../../xpcom/src/nsDebug.cpp:118
#7 0x4061fac2 in CNavDTD::CloseTopmostContainer (this=0x81bd1c8)
at ../../../htmlparser/src/CNavDTD.cpp:2477
#8 0x4061ff78 in CNavDTD::ReduceContextStackFor (this=0x81bd1c8,
aChildTag=eHTMLTag_img) at ../../../htmlparser/src/CNavDTD.cpp:2622
#9 0x4061beba in CNavDTD::HandleDefaultStartToken (this=0x81bd1c8,
aToken=0x81bdf80, aChildTag=eHTMLTag_img, aNode=@0xbffff350)
at ../../../htmlparser/src/CNavDTD.cpp:888
#10 0x4061c50d in CNavDTD::HandleStartToken (this=0x81bd1c8, aToken=0x81bdf80)
---Type <return> to continue, or q <return> to quit---
at ../../../htmlparser/src/CNavDTD.cpp:1054
#11 0x4061a71d in NavDispatchTokenHandler (aToken=0x81bdf80, aDTD=0x81bd1c8)
at ../../../htmlparser/src/CNavDTD.cpp:251
#12 0x4062dbb8 in CTokenHandler::operator() (this=0x81d3c28, aToken=0x81bdf80,
aDTD=0x81bd1c8) at ../../../htmlparser/src/nsTokenHandler.cpp:80
#13 0x4061b6a8 in CNavDTD::HandleToken (this=0x81bd1c8, aToken=0x81bdf80,
aParser=0x81af5e0) at ../../../htmlparser/src/CNavDTD.cpp:598
#14 0x4061b356 in CNavDTD::BuildModel (this=0x81bd1c8, aParser=0x81af5e0,
aTokenizer=0x81f5ec8, anObserver=0x0, aSink=0x81af668)
at ../../../htmlparser/src/CNavDTD.cpp:505
#15 0x4062ab23 in nsParser::BuildModel (this=0x81af5e0)
at ../../../htmlparser/src/nsParser.cpp:717
#16 0x4062a9f8 in nsParser::ResumeParse (this=0x81af5e0, aDefaultDTD=0x0)
at ../../../htmlparser/src/nsParser.cpp:669
#17 0x4062af92 in nsParser::OnDataAvailable (this=0x81af5e0, aURL=0x817fbc8,
pIStream=0x81acf90, aLength=63) at ../../../htmlparser/src/nsParser.cpp:881
#18 0x400200bf in nsDocumentBindInfo::OnDataAvailable (this=0x817fa88,
aURL=0x817fbc8, aStream=0x81acf90, aLength=63)
at ../../../webshell/src/nsDocLoader.cpp:1694
#19 0x407c12a7 in stub_put_block (stream=0x81acf68,
buffer=0x8083dd8 "<head>\n<img
src=\"http://www.mozilla.org/images/logo-star.gif\">\nkground-color:rgb(206,
207, 206);\n color:black;\n}\n\ninput[type=reset].rollover
{\n}\n\ninput[type=reset].pressed {\n border-style : inset;\n}"...,---Type
<return> to continue, or q <return> to quit---
length=63) at ../../../network/module/nsStubContext.cpp:647
#20 0x40748ede in net_read_file_chunk (cur_entry=0x8180508)
at ../../../../network/protocol/file/mkfile.c:956
#21 0x40749969 in net_ProcessFile (cur_entry=0x8180508)
at ../../../../network/protocol/file/mkfile.c:1327
#22 0x407e8c67 in NET_ProcessNet (ready_fd=0x0, fd_type=1)
at ../../../network/main/mkgeturl.c:3367
#23 0x407f1f85 in NET_PollSockets () at ../../../network/main/mkselect.c:298
#24 0x407b92c2 in nsNetlibService::NetPollSocketsCallback (aTimer=0x8206fc8,
aClosure=0x8079910) at ../../../network/module/nsNetService.cpp:1217
#25 0x405f51f5 in TimerImpl::FireTimeout (this=0x8206fc8)
at ../../../../base/src/gtk/nsTimer.cpp:73
#26 0x405f57a2 in nsTimerExpired (aCallData=0x8206fc8)
at ../../../../base/src/gtk/nsTimer.cpp:188
#27 0x40c68af1 in g_timeout_dispatch (source_data=0x8206ed0,
current_time=0xbffff9f0, user_data=0x8206fc8) at gmain.c:1122
#28 0x40c67db2 in g_main_dispatch (current_time=0xbffff9f0) at gmain.c:640
#29 0x40c682a1 in g_main_iterate (block=1, dispatch=1) at gmain.c:829
#30 0x40c68451 in g_main_run (loop=0x817fb10) at gmain.c:887
#31 0x40b44db9 in gtk_main () at gtkmain.c:457
#32 0x40055831 in nsAppShell::Run (this=0x8097928)
at ../../../../widget/src/gtk/nsAppShell.cpp:145
#33 0x8053392 in nsNativeViewerApp::Run (this=0x8093938)
---Type <return> to continue, or q <return> to quit---
at ../../../../webshell/tests/viewer/nsGTKMain.cpp:42
#34 0x8053624 in main (argc=2, argv=0xbffffab4)
at ../../../../webshell/tests/viewer/nsGTKMain.cpp:97
Updated•26 years ago
|
QA Contact: 3847 → 4141
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•