Closed
Bug 3694
Opened 26 years ago
Closed 26 years ago
[PP]Crash from cgi activation from clickthru ad at this page
Categories
(Core Graveyard :: Tracking, defect, P1)
Tracking
(Not tracked)
M3
People
(Reporter: glynn, Assigned: michaelp)
References
()
Details
Seamonkey March 12 build, apprunner optimized only
Mac 8.5.1/G3
1. Launch apprunner
2. Go to: http://schist.mcom.com/search-com.html and click on the ad. CGI
attempts redirect to beyond.com, then app crash.
• Crash with PPC illegal instruction. Viewer does work properly. On Linux you
simply do not go anywhere but you don't crash. Win98 works properly.
Updated•26 years ago
|
Assignee: don → michaelp
Comment 1•26 years ago
|
||
gImageManager looks to be bogus in NS_NewImageManager but I'm not sure the
Metrowerks debugger isn't lieing to me. Since I can't dump a stack crawl from it
here's a partial Macsbug log of crash:
PowerPC illegal instruction at 00062C1C
12-Mar-1999 4:23:41 PM (since boot = 3 days, 2 hours, 37 minutes)
Current application is “apprunnerDebug”
Machine = 67 (PowerMac9500), System $0850, sysu = $01008000
ROM version $077D, $28F2, $0001 (ROMBase $FFC00000)
VM is on; paging is currently safe
NIL^ = $FFC10000
Stack space used = -26871038
Address 00062C1C is in the System heap at 00002800
It is 0000369C bytes into this heap block:
Start Length Tag Mstr Ptr Lock Prg Type ID File Name
• 0005F580 000074E8+0C N
PowerPC 740/750 Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 00062C1C CR 0100 1010 0000 0000 0000 1000 0100 1000
LR = 198AB318 <>=O XEVO
CTR = 00062C1C
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 00 00 MQ = 06CCB140
R0 = 00062C1C R8 = 072F4894 R16 = 40000000 R24 = 00000000
SP = 0768F7E0 R9 = 00000000 R17 = 076914C4 R25 = 06D46470
TOC = 000611A0 R10 = 00000001 R18 = 06E99EE8 R26 = 0768F868
R3 = 06D76DA8 R11 = 00000002 R19 = 072F4894 R27 = 06E99F1C
R4 = 072D025C R12 = 00090048 R20 = 076914C4 R28 = 0768F92C
R5 = 0768F868 R13 = 00000000 R21 = 0768F92C R29 = 198C4408
R6 = 06E99EE8 R14 = 00000000 R22 = 0768FA28 R30 = 06D4644C
R7 = 06E99F2C R15 = 00000000 R23 = 06E99EE8 R31 = 00000000
Disassembling PowerPC code from 00062BF4
No procedure name
00062BF4 dc.l 0x00000000 |
00000000
00062BF8 dc.l 0xFFD50D20 |
FFD50D20
00062BFC dc.l 0x00066A18 |
00066A18
00062C00 dc.l 0x00000000 |
00000000
00062C04 dc.l 0xFFD50D5C |
FFD50D5C
00062C08 dc.l 0x00066A18 |
00066A18
00062C0C dc.l 0x00000000 |
00000000
00062C10 dc.l 0xFFD50D98 |
FFD50D98
00062C14 dc.l 0x00066A18 |
00066A18
00062C18 dc.l 0x00000000 |
00000000
00062C1C *dc.l 0xFFD50DD4 |
FFD50DD4
00062C20 dc.l 0x00066A18 |
00066A18
00062C24 dc.l 0x00000000 |
00000000
00062C28 dc.l 0xFFD50E10 |
FFD50E10
00062C2C dc.l 0x00066A18 |
00066A18
00062C30 dc.l 0x00000000 |
00000000
00062C34 dc.l 0xFFD50E4C |
FFD50E4C
00062C38 dc.l 0x00066A18 |
00066A18
00062C3C dc.l 0x00000000 |
00000000
00062C40 dc.l 0xFFD50E88 |
FFD50E88
Totaling the “apprunnerDebug” heap at 06CB9100
Total Blocks Total of Block Sizes
Free 007C #124 001942D0 #1655504
Nonrelocatable 008D #141 006A0E0C #6950412
Relocatable 01CE #462 0018D5E0 #1627616
Locked 0002 #2 001870E0 #1601760
Purgeable and not locked 0000 #0 00000000 #0
Heap size 02D7 #727 009C26BC #10233532
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 0064 #100 00095170 #610672
Nonrelocatable 0D1B #3355 007451DC #7623132
Relocatable 0D7F #3455 004EBC30 #5159984
Locked 020D #525 0039CF00 #3788544
Purgeable and not locked 00BA #186 00060E20 #396832
Heap size 1AFE #6910 00CC5F7C #13393788
The target heap is the “apprunnerDebug” heap at 06CB9100
Calling chain using A6/R1 links
Back chain ISA Caller
00000000 PPC 1B4F5B2C
07697640 PPC 1B4F4B3C main+005E4
07697560 PPC 1A8011B8 nsAppShellService::Run()+00020
07697520 PPC 198EC0C4 nsAppShell::Run()+00108
07697440 PPC 198ECA70 nsMacMessagePump::DoMessagePump()+001E4
076973D0 PPC 1A86CB3C Repeater::DoRepeaters(const EventRecord&)+00034
07697390 PPC 1A865238 TimerPeriodical::RepeatAction(const EventRecord&)+
00074
07697340 PPC 1A864CAC TimerImpl::Fire()+0005C
076972F0 PPC 19A211D8 nsNetlibService::NetPollSocketsCallback(nsITimer*,
void*)+0004C
076972B0 PPC 199F8EF4 NET_PollSockets+000BC
07697260 PPC 199F3DEC NET_ProcessNet+00520
07696EC0 PPC 19A17EA8 net_ProcessHTTP+0025C
07696A40 PPC 19A19D4C net_ChunkedComplete+00028
07696A00 PPC 199E7EA8 net_MemCacheComplete+000F8
076969C0 PPC 19A25144 stub_complete(_NET_StreamClass*)+000A8
07696920 PPC 1940D7C8 nsDocumentBindInfo::OnStopBinding(nsIURL*, unsigned
int, const unsigned short*)+0008C
076968C0 PPC 19913580 nsParser::OnStopBinding(nsIURL*, unsigned int, const
unsigned short*)+00048
07696870 PPC 19912DCC nsParser::ResumeParse(nsIDTD*)+000D8
07696820 PPC 19912364 nsParser::DidBuildModel(unsigned int)+0008C
076967D0 PPC 198FFE3C CNavDTD::DidBuildModel(unsigned int, int, nsIParser*
, nsIContentSink*)+0020C
07696710 PPC 194765D8 HTMLContentSink::DidBuildModel(int)+00208
07696680 PPC 1947E400 nsHTMLDocument::ContentAppended(nsIContent*, int)+
000F4
07696630 PPC 194479FC nsDocument::ContentAppended(nsIContent*, int)+00050
076965E0 PPC 1945A2C8 PresShell::ContentAppended(nsIDocument*, nsIContent*
, int)+00064
076965A0 PPC 19456AF4 PresShell::ExitReflowLock()+00034
07696560 PPC 19458D5C PresShell::ProcessReflowCommands()+00154
076964D0 PPC 194E595C nsHTMLReflowCommand::Dispatch(nsIPresContext&,
nsHTMLReflowMetrics&, const nsSize&, nsIRenderingContext&)+00178
076963B0 PPC 1968CCB4 ViewportFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00320
07696240 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*,
nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+
000E4
07696180 PPC 194E70A0 nsScrollFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+006C4
07695E60 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*,
nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+
000E4
07695DA0 PPC 194F2D20 RootFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00344
07695BF0 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*,
nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+
000E4
07695B30 PPC 19435B98 nsAreaFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00400
07695A00 PPC 19616A44 nsBlockFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00234
07694F30 PPC 19617B88 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&)+
0006C
07694EB0 PPC 1961823C nsBlockFrame::ReflowLine(nsBlockReflowState&,
nsLineBox*, int*)+0016C
07694E30 PPC 19619774 nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&,
nsLineBox*, int*)+00360
07694C50 PPC 196815AC nsBlockReflowContext::ReflowBlock(nsIFrame*, const
nsRect&, int, nsMargin&, unsigned int&)+0023C
07694AD0 PPC 19616A44 nsBlockFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00234
07694000 PPC 19617B88 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&)+
0006C
07693F80 PPC 196182EC nsBlockFrame::ReflowLine(nsBlockReflowState&,
nsLineBox*, int*)+0021C
07693F00 PPC 19619D3C nsBlockFrame::ReflowInlineFrame(nsBlockReflowState&,
nsLineBox*, nsIFrame*, int*)+0009C
07693E80 PPC 1962A7D0 nsInlineReflow::ReflowFrame(nsIFrame*, int, unsigned
int&)+00308
07693CC0 PPC 1961373C nsInlineFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+001B4
07693C40 PPC 19614B04 nsInlineFrame::ReflowBlockFrame(nsIPresContext&,
const nsHTMLReflowState&, nsInlineFrame::InlineReflowState&, nsHTMLReflowMetrics&
, unsigned int&)+000F8
07693B00 PPC 196815AC nsBlockReflowContext::ReflowBlock(nsIFrame*, const
nsRect&, int, nsMargin&, unsigned int&)+0023C
07693980 PPC 19616A44 nsBlockFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00234
07692EB0 PPC 19617B88 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&)+
0006C
07692E30 PPC 1961823C nsBlockFrame::ReflowLine(nsBlockReflowState&,
nsLineBox*, int*)+0016C
07692DB0 PPC 19619774 nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&,
nsLineBox*, int*)+00360
07692BD0 PPC 196815AC nsBlockReflowContext::ReflowBlock(nsIFrame*, const
nsRect&, int, nsMargin&, unsigned int&)+0023C
07692A50 PPC 194DAAE8 nsTableOuterFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+003A4
076926A0 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*,
nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+
000E4
076925E0 PPC 194CF7AC nsTableFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+0027C
076924B0 PPC 194CFF4C nsTableFrame::ResizeReflowPass1(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&,
nsTableRowGroupFrame*, nsReflowReason, int)+002E4
076921F0 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*,
nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+
000E4
07692130 PPC 194E1F6C nsTableRowGroupFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+001C0
07692050 PPC 194E0990
nsTableRowGroupFrame::ReflowMappedChildren(nsIPresContext&, nsHTMLReflowMetrics&,
RowGroupReflowState&, unsigned int&, nsTableRowFrame*, nsReflowReason, int)+001D4
07691EE0 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*,
nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+
000E4
07691E20 PPC 194DF17C nsTableRowFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00138
07691CD0 PPC 194DD834 nsTableRowFrame::InitialReflow(nsIPresContext&,
nsHTMLReflowMetrics&, RowReflowState&, unsigned int&, nsTableCellFrame*, int)+
00278
07691A60 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*,
nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+
000E4
076919A0 PPC 194C38AC nsTableCellFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00398
07691750 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*,
nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+
000E4
07691690 PPC 19435B98 nsAreaFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00400
07691560 PPC 19616A44 nsBlockFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00234
07690A90 PPC 19617B88 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&)+
0006C
07690A10 PPC 196182EC nsBlockFrame::ReflowLine(nsBlockReflowState&,
nsLineBox*, int*)+0021C
07690990 PPC 19619D3C nsBlockFrame::ReflowInlineFrame(nsBlockReflowState&,
nsLineBox*, nsIFrame*, int*)+0009C
07690910 PPC 1962A7D0 nsInlineReflow::ReflowFrame(nsIFrame*, int, unsigned
int&)+00308
07690750 PPC 19613770 nsInlineFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+001E8
076906D0 PPC 196140F0 nsInlineFrame::ReflowInlineFrames(nsIPresContext&,
const nsHTMLReflowState&, nsInlineFrame::InlineReflowState&, nsHTMLReflowMetrics&
, unsigned int&)+00164
0768FE90 PPC 19614470 nsInlineFrame::ReflowInlineFrame(nsIPresContext&,
const nsHTMLReflowState&, nsInlineFrame::InlineReflowState&, nsIFrame*, unsigned
int&)+00098
0768FE20 PPC 1962A7D0 nsInlineReflow::ReflowFrame(nsIFrame*, int, unsigned
int&)+00308
0768FC60 PPC 195FDBCC nsImageFrame::Reflow(nsIPresContext&,
nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00098
0768FC10 PPC 195FDA18 nsImageFrame::GetDesiredSize(nsIPresContext*, const
nsHTMLReflowState&, nsHTMLReflowMetrics&)+0005C
0768FBD0 PPC 195FCE00 nsHTMLImageLoader::GetDesiredSize(nsIPresContext*,
const nsHTMLReflowState&, nsIFrame*, unsigned int (*)(nsIPresContext&, nsIFrame*,
int), nsHTMLReflowMetrics&)+00154
0768FAB0 PPC 195FCB30 nsHTMLImageLoader::StartLoadImage(nsIPresContext*,
nsIFrame*, unsigned int (*)(nsIPresContext&, nsIFrame*, int), int, int&)+00140
0768F9D0 PPC 19454D94 nsPresContext::StartLoadImage(const nsString&, const
unsigned int*, nsIFrame*, const nsSize&, unsigned int (*)(nsIPresContext&,
nsIFrame*, int), int, int, nsIFrameImageLoader**)+001A0
0768F8E0 PPC 19454AC4 nsPresContext::GetImageGroup(nsIImageGroup**)+0006C
0768F890 PPC 198AA8E4 NS_NewImageGroup+00050
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
0768FBD8 PPC 195FDA18
nsImageFrame::GetDesiredSize(nsIPresContext*, const nsHTMLReflowState&,
nsHTMLReflowMetrics&)+0005C
0768FAF8 0768FAF0 PPC 19629A64
nsHTMLReflowState::ComputeMinMaxValues(int, int, const nsHTMLReflowState*)+00110
0768FAB8 0768FAB0 PPC 195FCE00
nsHTMLImageLoader::GetDesiredSize(nsIPresContext*, const nsHTMLReflowState&,
nsIFrame*, unsigned int (*)(nsIPresContext&, nsIFrame*, int),
nsHTMLReflowMetrics&)+00154
0768FA78 0768FA70 PPC 1944D884 nsFrame::GetStyleData(nsStyleStructID,
const nsStyleStruct*&) const+00068
0768FA68 0768FA60 PPC 196267FC
nsHTMLReflowState::HaveFixedContentHeight() const+0002C
0768FA36 PPC 003BFFFC
0768F9D8 0768F9D0 PPC 195FCB30
nsHTMLImageLoader::StartLoadImage(nsIPresContext*, nsIFrame*, unsigned int (*
)(nsIPresContext&, nsIFrame*, int), int, int&)+00140
0768F968 0768F960 PPC 19A20D54 NS_MakeAbsoluteURL(nsIURL*, const
nsString&, const nsString&, nsString&)+00180
0768F908 0768F900 PPC 1A8B97C0 __dla__FPv+0001C
0768F8E8 0768F8E0 PPC 19454D94 nsPresContext::StartLoadImage(const
nsString&, const unsigned int*, nsIFrame*, const nsSize&, unsigned int (*
)(nsIPresContext&, nsIFrame*, int), int, int, nsIFrameImageLoader**)+001A0
0768F8A8 0768F8A0 PPC 1A85F07C nsAutoString::nsAutoString()+00018
0768F898 0768F890 PPC 19454AC4
nsPresContext::GetImageGroup(nsIImageGroup**)+0006C
0768F868 0768F860 PPC 1A8BA808 free+0006C
0768F848 0768F840 PPC 1A8BA808 free+0006C
0768F838 0768F830 PPC 198AA8E4 NS_NewImageGroup+00050
0768F808 0768F800 PPC 1A8B968C operator delete(void*)+0001C
0768F7F8 PPC 1A8BB2B0
nsFixedSizeAllocator::AllocatorFreeBlock(void*)+000DC
0768F7E8 0768F7E0 PPC 1A8B97C0 __dla__FPv+0001C
Displaying memory from 0
00000000 FFC1 0000 FFC1 0000 003D 9FB6 002B 9FB8 *¡••*¡•••=ü*•+ü*
00000010 002B 9FBA 002B 9FBC 0075 31BC 0B35 1150 •+ü*•+üº•u1º•5•P
Closing log
Updated•26 years ago
|
Target Milestone: M3
Comment 2•26 years ago
|
||
The problem isn't limited to this specific ad - try the banner ad below the
search area on home.netscape.com. Another example site is www.sony.com where you
crash trying to select one of the sub sites (such as Electronics)
Comment 3•26 years ago
|
||
Note that this crash happens in appRunner but not viewer
Priority: P3 → P1
QA Contact: 3853 → 4082
Summary: Crash from cgi activation from clickthru ad at this page → [PP]Crash from cgi activation from clickthru ad at this page
i've traced it down to a target of "_top" that is
being used in the HREF in this example. http://zabadubop/adclick.html contains
a version with the various changes i went through to get it to not crash. click
on the "crash" link and *kaboom*, click on "no crash" and all is well. the
only difference between the links is the target. i'm guessing that this needs
to be reassigned to whoever owns link handling in apprunner/viewer.
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → DUPLICATE
well 3803 is a dupe of this bug really...will verify when march 17 build appears
Moving all Apprunner bugs past and present to Other component temporarily whilst
don and I set correct component. Apprunner component will be deleted/retired
shortly.
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•