Closed Bug 3694 Opened 26 years ago Closed 26 years ago

[PP]Crash from cgi activation from clickthru ad at this page

Categories

(Core Graveyard :: Tracking, defect, P1)

PowerPC
Mac System 8.5
defect

Tracking

(Not tracked)

VERIFIED DUPLICATE of bug 3803

People

(Reporter: glynn, Assigned: michaelp)

References

()

Details

Seamonkey March 12 build, apprunner optimized only Mac 8.5.1/G3 1. Launch apprunner 2. Go to: http://schist.mcom.com/search-com.html and click on the ad. CGI attempts redirect to beyond.com, then app crash. • Crash with PPC illegal instruction. Viewer does work properly. On Linux you simply do not go anywhere but you don't crash. Win98 works properly.
Assignee: don → michaelp
gImageManager looks to be bogus in NS_NewImageManager but I'm not sure the Metrowerks debugger isn't lieing to me. Since I can't dump a stack crawl from it here's a partial Macsbug log of crash: PowerPC illegal instruction at 00062C1C 12-Mar-1999 4:23:41 PM (since boot = 3 days, 2 hours, 37 minutes) Current application is “apprunnerDebug” Machine = 67 (PowerMac9500), System $0850, sysu = $01008000 ROM version $077D, $28F2, $0001 (ROMBase $FFC00000) VM is on; paging is currently safe NIL^ = $FFC10000 Stack space used = -26871038 Address 00062C1C is in the System heap at 00002800 It is 0000369C bytes into this heap block: Start Length Tag Mstr Ptr Lock Prg Type ID File Name • 0005F580 000074E8+0C N PowerPC 740/750 Registers CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7 PC = 00062C1C CR 0100 1010 0000 0000 0000 1000 0100 1000 LR = 198AB318 <>=O XEVO CTR = 00062C1C MSR = 00000000 SOC Compare Count Int = 0 XER 000 00 00 MQ = 06CCB140 R0 = 00062C1C R8 = 072F4894 R16 = 40000000 R24 = 00000000 SP = 0768F7E0 R9 = 00000000 R17 = 076914C4 R25 = 06D46470 TOC = 000611A0 R10 = 00000001 R18 = 06E99EE8 R26 = 0768F868 R3 = 06D76DA8 R11 = 00000002 R19 = 072F4894 R27 = 06E99F1C R4 = 072D025C R12 = 00090048 R20 = 076914C4 R28 = 0768F92C R5 = 0768F868 R13 = 00000000 R21 = 0768F92C R29 = 198C4408 R6 = 06E99EE8 R14 = 00000000 R22 = 0768FA28 R30 = 06D4644C R7 = 06E99F2C R15 = 00000000 R23 = 06E99EE8 R31 = 00000000 Disassembling PowerPC code from 00062BF4 No procedure name 00062BF4 dc.l 0x00000000 | 00000000 00062BF8 dc.l 0xFFD50D20 | FFD50D20 00062BFC dc.l 0x00066A18 | 00066A18 00062C00 dc.l 0x00000000 | 00000000 00062C04 dc.l 0xFFD50D5C | FFD50D5C 00062C08 dc.l 0x00066A18 | 00066A18 00062C0C dc.l 0x00000000 | 00000000 00062C10 dc.l 0xFFD50D98 | FFD50D98 00062C14 dc.l 0x00066A18 | 00066A18 00062C18 dc.l 0x00000000 | 00000000 00062C1C *dc.l 0xFFD50DD4 | FFD50DD4 00062C20 dc.l 0x00066A18 | 00066A18 00062C24 dc.l 0x00000000 | 00000000 00062C28 dc.l 0xFFD50E10 | FFD50E10 00062C2C dc.l 0x00066A18 | 00066A18 00062C30 dc.l 0x00000000 | 00000000 00062C34 dc.l 0xFFD50E4C | FFD50E4C 00062C38 dc.l 0x00066A18 | 00066A18 00062C3C dc.l 0x00000000 | 00000000 00062C40 dc.l 0xFFD50E88 | FFD50E88 Totaling the “apprunnerDebug” heap at 06CB9100 Total Blocks Total of Block Sizes Free 007C #124 001942D0 #1655504 Nonrelocatable 008D #141 006A0E0C #6950412 Relocatable 01CE #462 0018D5E0 #1627616 Locked 0002 #2 001870E0 #1601760 Purgeable and not locked 0000 #0 00000000 #0 Heap size 02D7 #727 009C26BC #10233532 The target heap is the System heap at 00002800 Totaling the System heap at 00002800 Total Blocks Total of Block Sizes Free 0064 #100 00095170 #610672 Nonrelocatable 0D1B #3355 007451DC #7623132 Relocatable 0D7F #3455 004EBC30 #5159984 Locked 020D #525 0039CF00 #3788544 Purgeable and not locked 00BA #186 00060E20 #396832 Heap size 1AFE #6910 00CC5F7C #13393788 The target heap is the “apprunnerDebug” heap at 06CB9100 Calling chain using A6/R1 links Back chain ISA Caller 00000000 PPC 1B4F5B2C 07697640 PPC 1B4F4B3C main+005E4 07697560 PPC 1A8011B8 nsAppShellService::Run()+00020 07697520 PPC 198EC0C4 nsAppShell::Run()+00108 07697440 PPC 198ECA70 nsMacMessagePump::DoMessagePump()+001E4 076973D0 PPC 1A86CB3C Repeater::DoRepeaters(const EventRecord&)+00034 07697390 PPC 1A865238 TimerPeriodical::RepeatAction(const EventRecord&)+ 00074 07697340 PPC 1A864CAC TimerImpl::Fire()+0005C 076972F0 PPC 19A211D8 nsNetlibService::NetPollSocketsCallback(nsITimer*, void*)+0004C 076972B0 PPC 199F8EF4 NET_PollSockets+000BC 07697260 PPC 199F3DEC NET_ProcessNet+00520 07696EC0 PPC 19A17EA8 net_ProcessHTTP+0025C 07696A40 PPC 19A19D4C net_ChunkedComplete+00028 07696A00 PPC 199E7EA8 net_MemCacheComplete+000F8 076969C0 PPC 19A25144 stub_complete(_NET_StreamClass*)+000A8 07696920 PPC 1940D7C8 nsDocumentBindInfo::OnStopBinding(nsIURL*, unsigned int, const unsigned short*)+0008C 076968C0 PPC 19913580 nsParser::OnStopBinding(nsIURL*, unsigned int, const unsigned short*)+00048 07696870 PPC 19912DCC nsParser::ResumeParse(nsIDTD*)+000D8 07696820 PPC 19912364 nsParser::DidBuildModel(unsigned int)+0008C 076967D0 PPC 198FFE3C CNavDTD::DidBuildModel(unsigned int, int, nsIParser* , nsIContentSink*)+0020C 07696710 PPC 194765D8 HTMLContentSink::DidBuildModel(int)+00208 07696680 PPC 1947E400 nsHTMLDocument::ContentAppended(nsIContent*, int)+ 000F4 07696630 PPC 194479FC nsDocument::ContentAppended(nsIContent*, int)+00050 076965E0 PPC 1945A2C8 PresShell::ContentAppended(nsIDocument*, nsIContent* , int)+00064 076965A0 PPC 19456AF4 PresShell::ExitReflowLock()+00034 07696560 PPC 19458D5C PresShell::ProcessReflowCommands()+00154 076964D0 PPC 194E595C nsHTMLReflowCommand::Dispatch(nsIPresContext&, nsHTMLReflowMetrics&, const nsSize&, nsIRenderingContext&)+00178 076963B0 PPC 1968CCB4 ViewportFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00320 07696240 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*, nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+ 000E4 07696180 PPC 194E70A0 nsScrollFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+006C4 07695E60 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*, nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+ 000E4 07695DA0 PPC 194F2D20 RootFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00344 07695BF0 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*, nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+ 000E4 07695B30 PPC 19435B98 nsAreaFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00400 07695A00 PPC 19616A44 nsBlockFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00234 07694F30 PPC 19617B88 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&)+ 0006C 07694EB0 PPC 1961823C nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineBox*, int*)+0016C 07694E30 PPC 19619774 nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&, nsLineBox*, int*)+00360 07694C50 PPC 196815AC nsBlockReflowContext::ReflowBlock(nsIFrame*, const nsRect&, int, nsMargin&, unsigned int&)+0023C 07694AD0 PPC 19616A44 nsBlockFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00234 07694000 PPC 19617B88 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&)+ 0006C 07693F80 PPC 196182EC nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineBox*, int*)+0021C 07693F00 PPC 19619D3C nsBlockFrame::ReflowInlineFrame(nsBlockReflowState&, nsLineBox*, nsIFrame*, int*)+0009C 07693E80 PPC 1962A7D0 nsInlineReflow::ReflowFrame(nsIFrame*, int, unsigned int&)+00308 07693CC0 PPC 1961373C nsInlineFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+001B4 07693C40 PPC 19614B04 nsInlineFrame::ReflowBlockFrame(nsIPresContext&, const nsHTMLReflowState&, nsInlineFrame::InlineReflowState&, nsHTMLReflowMetrics& , unsigned int&)+000F8 07693B00 PPC 196815AC nsBlockReflowContext::ReflowBlock(nsIFrame*, const nsRect&, int, nsMargin&, unsigned int&)+0023C 07693980 PPC 19616A44 nsBlockFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00234 07692EB0 PPC 19617B88 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&)+ 0006C 07692E30 PPC 1961823C nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineBox*, int*)+0016C 07692DB0 PPC 19619774 nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&, nsLineBox*, int*)+00360 07692BD0 PPC 196815AC nsBlockReflowContext::ReflowBlock(nsIFrame*, const nsRect&, int, nsMargin&, unsigned int&)+0023C 07692A50 PPC 194DAAE8 nsTableOuterFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+003A4 076926A0 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*, nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+ 000E4 076925E0 PPC 194CF7AC nsTableFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+0027C 076924B0 PPC 194CFF4C nsTableFrame::ResizeReflowPass1(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&, nsTableRowGroupFrame*, nsReflowReason, int)+002E4 076921F0 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*, nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+ 000E4 07692130 PPC 194E1F6C nsTableRowGroupFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+001C0 07692050 PPC 194E0990 nsTableRowGroupFrame::ReflowMappedChildren(nsIPresContext&, nsHTMLReflowMetrics&, RowGroupReflowState&, unsigned int&, nsTableRowFrame*, nsReflowReason, int)+001D4 07691EE0 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*, nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+ 000E4 07691E20 PPC 194DF17C nsTableRowFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00138 07691CD0 PPC 194DD834 nsTableRowFrame::InitialReflow(nsIPresContext&, nsHTMLReflowMetrics&, RowReflowState&, unsigned int&, nsTableCellFrame*, int)+ 00278 07691A60 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*, nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+ 000E4 076919A0 PPC 194C38AC nsTableCellFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00398 07691750 PPC 19442660 nsContainerFrame::ReflowChild(nsIFrame*, nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+ 000E4 07691690 PPC 19435B98 nsAreaFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00400 07691560 PPC 19616A44 nsBlockFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00234 07690A90 PPC 19617B88 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&)+ 0006C 07690A10 PPC 196182EC nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineBox*, int*)+0021C 07690990 PPC 19619D3C nsBlockFrame::ReflowInlineFrame(nsBlockReflowState&, nsLineBox*, nsIFrame*, int*)+0009C 07690910 PPC 1962A7D0 nsInlineReflow::ReflowFrame(nsIFrame*, int, unsigned int&)+00308 07690750 PPC 19613770 nsInlineFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+001E8 076906D0 PPC 196140F0 nsInlineFrame::ReflowInlineFrames(nsIPresContext&, const nsHTMLReflowState&, nsInlineFrame::InlineReflowState&, nsHTMLReflowMetrics& , unsigned int&)+00164 0768FE90 PPC 19614470 nsInlineFrame::ReflowInlineFrame(nsIPresContext&, const nsHTMLReflowState&, nsInlineFrame::InlineReflowState&, nsIFrame*, unsigned int&)+00098 0768FE20 PPC 1962A7D0 nsInlineReflow::ReflowFrame(nsIFrame*, int, unsigned int&)+00308 0768FC60 PPC 195FDBCC nsImageFrame::Reflow(nsIPresContext&, nsHTMLReflowMetrics&, const nsHTMLReflowState&, unsigned int&)+00098 0768FC10 PPC 195FDA18 nsImageFrame::GetDesiredSize(nsIPresContext*, const nsHTMLReflowState&, nsHTMLReflowMetrics&)+0005C 0768FBD0 PPC 195FCE00 nsHTMLImageLoader::GetDesiredSize(nsIPresContext*, const nsHTMLReflowState&, nsIFrame*, unsigned int (*)(nsIPresContext&, nsIFrame*, int), nsHTMLReflowMetrics&)+00154 0768FAB0 PPC 195FCB30 nsHTMLImageLoader::StartLoadImage(nsIPresContext*, nsIFrame*, unsigned int (*)(nsIPresContext&, nsIFrame*, int), int, int&)+00140 0768F9D0 PPC 19454D94 nsPresContext::StartLoadImage(const nsString&, const unsigned int*, nsIFrame*, const nsSize&, unsigned int (*)(nsIPresContext&, nsIFrame*, int), int, int, nsIFrameImageLoader**)+001A0 0768F8E0 PPC 19454AC4 nsPresContext::GetImageGroup(nsIImageGroup**)+0006C 0768F890 PPC 198AA8E4 NS_NewImageGroup+00050 Return addresses on the stack Stack Addr Frame Addr ISA Caller 0768FBD8 PPC 195FDA18 nsImageFrame::GetDesiredSize(nsIPresContext*, const nsHTMLReflowState&, nsHTMLReflowMetrics&)+0005C 0768FAF8 0768FAF0 PPC 19629A64 nsHTMLReflowState::ComputeMinMaxValues(int, int, const nsHTMLReflowState*)+00110 0768FAB8 0768FAB0 PPC 195FCE00 nsHTMLImageLoader::GetDesiredSize(nsIPresContext*, const nsHTMLReflowState&, nsIFrame*, unsigned int (*)(nsIPresContext&, nsIFrame*, int), nsHTMLReflowMetrics&)+00154 0768FA78 0768FA70 PPC 1944D884 nsFrame::GetStyleData(nsStyleStructID, const nsStyleStruct*&) const+00068 0768FA68 0768FA60 PPC 196267FC nsHTMLReflowState::HaveFixedContentHeight() const+0002C 0768FA36 PPC 003BFFFC 0768F9D8 0768F9D0 PPC 195FCB30 nsHTMLImageLoader::StartLoadImage(nsIPresContext*, nsIFrame*, unsigned int (* )(nsIPresContext&, nsIFrame*, int), int, int&)+00140 0768F968 0768F960 PPC 19A20D54 NS_MakeAbsoluteURL(nsIURL*, const nsString&, const nsString&, nsString&)+00180 0768F908 0768F900 PPC 1A8B97C0 __dla__FPv+0001C 0768F8E8 0768F8E0 PPC 19454D94 nsPresContext::StartLoadImage(const nsString&, const unsigned int*, nsIFrame*, const nsSize&, unsigned int (* )(nsIPresContext&, nsIFrame*, int), int, int, nsIFrameImageLoader**)+001A0 0768F8A8 0768F8A0 PPC 1A85F07C nsAutoString::nsAutoString()+00018 0768F898 0768F890 PPC 19454AC4 nsPresContext::GetImageGroup(nsIImageGroup**)+0006C 0768F868 0768F860 PPC 1A8BA808 free+0006C 0768F848 0768F840 PPC 1A8BA808 free+0006C 0768F838 0768F830 PPC 198AA8E4 NS_NewImageGroup+00050 0768F808 0768F800 PPC 1A8B968C operator delete(void*)+0001C 0768F7F8 PPC 1A8BB2B0 nsFixedSizeAllocator::AllocatorFreeBlock(void*)+000DC 0768F7E8 0768F7E0 PPC 1A8B97C0 __dla__FPv+0001C Displaying memory from 0 00000000 FFC1 0000 FFC1 0000 003D 9FB6 002B 9FB8 *¡••*¡•••=ü*•+ü* 00000010 002B 9FBA 002B 9FBC 0075 31BC 0B35 1150 •+ü*•+üº•u1º•5•P Closing log
Target Milestone: M3
The problem isn't limited to this specific ad - try the banner ad below the search area on home.netscape.com. Another example site is www.sony.com where you crash trying to select one of the sub sites (such as Electronics)
Note that this crash happens in appRunner but not viewer
Priority: P3 → P1
QA Contact: 3853 → 4082
Summary: Crash from cgi activation from clickthru ad at this page → [PP]Crash from cgi activation from clickthru ad at this page
Setting to P1, putting on [PP] radar.
i've traced it down to a target of "_top" that is being used in the HREF in this example. http://zabadubop/adclick.html contains a version with the various changes i went through to get it to not crash. click on the "crash" link and *kaboom*, click on "no crash" and all is well. the only difference between the links is the target. i'm guessing that this needs to be reassigned to whoever owns link handling in apprunner/viewer.
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → DUPLICATE
This is a dup of bug #3803, which I fixed earlier today. *** This bug has been marked as a duplicate of 3803 ***
well 3803 is a dupe of this bug really...will verify when march 17 build appears
Status: RESOLVED → VERIFIED
Verified fixed in March 17 builds.
Moving all Apprunner bugs past and present to Other component temporarily whilst don and I set correct component. Apprunner component will be deleted/retired shortly.
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.