Closed
Bug 4108
Opened 26 years ago
Closed 26 years ago
javascript/framesets crashes in parser
Categories
(Core :: DOM: HTML Parser, defect, P3)
Tracking
()
VERIFIED
FIXED
M6
People
(Reporter: mcafee, Assigned: rickg)
References
()
Details
zillasplat is a simple javascript page that reads your bugsplat cookie
and creates two frame sets, one with your bugsplat bugs and the
other with your bugzilla bugs. This crashes in the parser for me:
#0 0x40ac46a1 in __kill ()
#1 0x40ac44cf in raise (sig=6) at ../sysdeps/posix/raise.c:27
#2 0x40ac56df in abort () at ../sysdeps/generic/abort.c:83
#3 0x407d2fba in PR_Abort () at prlog.c:461
#4 0x4002f286 in nsDebug::Abort (aFile=0x4061bcc6 "CNavDTD.cpp", aLine=2492) at
nsDebug.cpp:93
#5 0x4002f2ea in nsDebug::Break (aFile=0x4061bcc6 "CNavDTD.cpp", aLine=2492) at
nsDebug.cpp:108
#6 0x4002f355 in nsDebug::PreCondition (aStr=0x4061bc9c "Error: invalid tag
stack position",
aExpr=0x4061be36 "mBodyContext->GetCount() > 0", aFile=0x4061bcc6
"CNavDTD.cpp", aLine=2492)
at nsDebug.cpp:120
#7 0x406044b6 in CNavDTD::CloseTopmostContainer (this=0x833cdd8) at
CNavDTD.cpp:2492
#8 0x4060499e in CNavDTD::ReduceContextStackFor (this=0x833cdd8,
aChildTag=eHTMLTag_br)
at CNavDTD.cpp:2654
#9 0x40600d37 in CNavDTD::HandleDefaultStartToken (this=0x833cdd8,
aToken=0x81b9bb0,
aChildTag=eHTMLTag_br, aNode=@0xbfffde70) at CNavDTD.cpp:905
#10 0x4060141d in CNavDTD::HandleStartToken (this=0x833cdd8, aToken=0x81b9bb0)
at CNavDTD.cpp:1066
#11 0x405ff999 in NavDispatchTokenHandler (aToken=0x81b9bb0, aDTD=0x833cdd8) at
CNavDTD.cpp:248
#12 0x406103a0 in CTokenHandler::operator() (this=0x83c4088, aToken=0x81b9bb0,
aDTD=0x833cdd8)
at nsTokenHandler.cpp:80
#13 0x4060055c in CNavDTD::HandleToken (this=0x833cdd8, aToken=0x81b9bb0,
aParser=0x8403360)
at CNavDTD.cpp:609
#14 0x40600262 in CNavDTD::BuildModel (this=0x833cdd8, aParser=0x8403360,
aTokenizer=0x81bd180,
anObserver=0x0, aSink=0x8405de8) at CNavDTD.cpp:507
#15 0x4060da8f in nsParser::BuildModel (this=0x8403360) at nsParser.cpp:804
#16 0x4060d978 in nsParser::ResumeParse (this=0x8403360, aDefaultDTD=0x0) at
nsParser.cpp:756
#17 0x4060d828 in nsParser::Parse (this=0x8403360, aSourceBuffer=@0xbfffe0f8,
aKey=0x1,
aContentType=@0xbfffe0e4, aEnableVerify=0, aLastCall=1) at nsParser.cpp:724
#18 0x404bb6f6 in nsHTMLDocument::WriteCommon (this=0x84057a8, cx=0x827aae0,
argv=0x82e2fc8, argc=2,
aNewlineTerminate=0) at nsHTMLDocument.cpp:1342
#19 0x404bb798 in nsHTMLDocument::Write (this=0x84057a8, cx=0x827aae0,
argv=0x82e2fc8, argc=2)
at nsHTMLDocument.cpp:1355
#20 0x40666d6a in HTMLDocumentWrite (cx=0x827aae0, obj=0x81c9538, argc=2,
argv=0x82e2fc8, rval=0xbfffe23c)
at nsJSHTMLDocument.cpp:714
#21 0x406df76f in js_Invoke (cx=0x827aae0, argc=2, constructing=0) at
jsinterp.c:650
#22 0x406ef346 in js_Interpret (cx=0x827aae0, result=0xbfffe660) at
jsinterp.c:2183
#23 0x406dfc88 in js_Execute (cx=0x827aae0, chain=0x81c8a78, script=0x8284fa8,
fun=0x0, down=0x0,
debugging=0, result=0xbfffe660) at jsinterp.c:815
#24 0x406b91c3 in JS_EvaluateUCScriptForPrincipals (cx=0x827aae0, obj=0x81c8a78,
principals=0x0,
chars=0x83c9bb0, length=1996, filename=0x8320c50
"http://scopus/bugsplat/zillasplat.html", lineno=7,
rval=0xbfffe660) at jsapi.c:2324
#25 0x406411b0 in nsJSContext::EvaluateString (this=0x827aac0,
aScript=@0xbfffe750,
aURL=0x8320c50 "http://scopus/bugsplat/zillasplat.html", aLineNo=7,
aRetValue=@0xbfffe69c,
aIsUndefined=0xbfffe690) at nsJSEnvironment.cpp:115
#26 0x404b6afd in HTMLContentSink::EvaluateScript (this=0x8405de8,
aScript=@0xbfffe750, aLineNo=7)
at nsHTMLContentSink.cpp:2704
#27 0x404b704c in HTMLContentSink::ProcessSCRIPTTag (this=0x8405de8,
aNode=@0xbfffe8a4)
at nsHTMLContentSink.cpp:2811
#28 0x404b3ec0 in HTMLContentSink::AddLeaf (this=0x8405de8, aNode=@0xbfffe8a4)
at nsHTMLContentSink.cpp:1894
#29 0x406045ae in CNavDTD::AddLeaf (this=0x833cdd8, aNode=@0xbfffe8a4) at
CNavDTD.cpp:2511
#30 0x4060469a in CNavDTD::AddHeadLeaf (this=0x833cdd8, aNode=@0xbfffe8a4) at
CNavDTD.cpp:2541
#31 0x406013e5 in CNavDTD::HandleStartToken (this=0x833cdd8, aToken=0x81b9058)
at CNavDTD.cpp:1064
#32 0x405ff999 in NavDispatchTokenHandler (aToken=0x81b9058, aDTD=0x833cdd8) at
CNavDTD.cpp:248
#33 0x406103a0 in CTokenHandler::operator() (this=0x83c4088, aToken=0x81b9058,
aDTD=0x833cdd8)
at nsTokenHandler.cpp:80
#34 0x4060055c in CNavDTD::HandleToken (this=0x833cdd8, aToken=0x81b9058,
aParser=0x8403360)
at CNavDTD.cpp:609
#35 0x40600262 in CNavDTD::BuildModel (this=0x833cdd8, aParser=0x8403360,
aTokenizer=0x83b4e50,
anObserver=0x0, aSink=0x8405de8) at CNavDTD.cpp:507
#36 0x4060da8f in nsParser::BuildModel (this=0x8403360) at nsParser.cpp:804
#37 0x4060d978 in nsParser::ResumeParse (this=0x8403360, aDefaultDTD=0x0) at
nsParser.cpp:756
#38 0x4060dec2 in nsParser::OnDataAvailable (this=0x8403360, aURL=0x83adaf0,
pIStream=0x8274960,
aLength=2158) at nsParser.cpp:968
#39 0x4021450b in nsDocumentBindInfo::OnDataAvailable (this=0x827fcd8,
aURL=0x83adaf0, aStream=0x8274960,
aLength=2158) at nsDocLoader.cpp:1783
#40 0x401f72d3 in stub_put_block (stream=0x8403190,
buffer=0x804f878 "n your bugsplat cookie. \n Sat Oct 17 00:02:29 PDT
1998
<mcafee@netscape.com>\n-->\n\n<HTML>\n<HEAD><TITLE>ZillaSplat</title>\n</HEAD>\n\n<script>\nfunction
getCookieVal (offset) {\n var endstr = document."..., length=2158) at
nsStubContext.cpp:647
#41 0x4019ba7d in net_MemCacheWrite (stream=0x8323e40,
buffer=0x804f878 "n your bugsplat cookie. \n Sat Oct 17 00:02:29 PDT
1998
<mcafee@netscape.com>\n-->\n\n<HTML>\n<HEAD><TITLE>ZillaSplat</title>\n</HEAD>\n\n<script>\nfunction
getCookieVal (offset) {\n var endstr = document."..., len=2158) at
mkmemcac.c:664
#42 0x40102978 in net_pull_http_data (ce=0x8338428) at mkhttp.c:3097
#43 0x401032d5 in net_ProcessHTTP (ce=0x8338428) at mkhttp.c:3489
#44 0x401c7e33 in NET_ProcessNet (ready_fd=0x83c1e40, fd_type=2) at
mkgeturl.c:3371
#45 0x401cfdbd in NET_PollSockets () at mkselect.c:320
#46 0x401f0872 in nsNetlibService::NetPollSocketsCallback (aTimer=0x82dea80,
aClosure=0x804e498)
at nsNetService.cpp:1220
#47 0x400e2de9 in TimerImpl::FireTimeout (this=0x82dea80) at nsTimer.cpp:73
#48 0x400e32d2 in nsTimerExpired (aCallData=0x82dea80) at nsTimer.cpp:189
#49 0x40974a60 in g_timeout_dispatch (source_data=0x83e43f0,
current_time=0xbffff3a0, user_data=0x82dea80)
at gmain.c:1144
#50 0x40973d53 in g_main_dispatch (current_time=0xbffff3a0) at gmain.c:644
#51 0x409742df in g_main_iterate (block=1, dispatch=1) at gmain.c:851
#52 0x40974461 in g_main_run (loop=0x812dc90) at gmain.c:909
#53 0x408a15f7 in gtk_main () at gtkmain.c:501
#54 0x4008234c in nsAppShell::Run (this=0x80eaae8) at nsAppShell.cpp:178
#55 0x40017ed1 in nsAppShellService::Run (this=0x80ea6a0) at
nsAppShellService.cpp:178
#56 0x804a38c in main (argc=1, argv=0xbffff4c4) at nsAppRunner.cpp:337
Reporter | ||
Comment 1•26 years ago
|
||
This crashes both viewer & apprunner on linux.
Chris -- I can't reproduce this. Can you send me your bugsplat cookie?
Alternatively, tell me what other steps I need to follow to reproduce this.
Reporter | ||
Comment 3•26 years ago
|
||
I wiped out my cookies file, then visted:
http://scopus/bugsplat/login.cgi
http://bugzilla.mozilla.org
and then crashed on the zillasplat.html URL above.
Linux & Solaris, today's build.
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
This doesn't crash now, but I can't see the zillasplat data due to a login
failure.
Updated•25 years ago
|
QA Contact: 3847 → 4141
Comment 5•25 years ago
|
||
Attempting to steal gem's HTMLParser bugs all at once. Changing QAContact to
janc.
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•