Closed Bug 4143 Opened 26 years ago Closed 26 years ago

Page crashing all platforms when utilizing word search.

Categories

(Core :: DOM: HTML Parser, defect, P1)

All
Mac System 8.5
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: temple, Assigned: karnaze)

References

()

Details

Using the M3 binary, I have had apprunner and viewer.app die on dictionary.com. It has both shown the first two graphics twice, and died when the text box is clicked in and just died when trying to load the page. It is probably some weird malformed html, but the ns (and others) handle it fine.
Severity: normal → major
Hardware: Macintosh → All
Summary: Page crashing all platforms when utilizing word search.
Target Milestone: M4
This happens on Win32 also with Mar 22 build. My Mac also failed. Don, I got a Win32 Talkback for ya...Tracking ID CVT41EZM....results: Trigger Reason: Access violation Trigger Type: Not Available Call Stack (Signature = RAPTORHTML.DLL + 0x6919a (0x0156919a) 749c040f): RAPTORHTML.DLL + 0x6919a (0x0156919a) RAPTORHTML.DLL + 0x940c9 (0x015940c9) RAPTORHTML.DLL + 0x93ef9 (0x01593ef9) RAPTORHTML.DLL + 0x1cb69 (0x0151cb69) RAPTORVIEW.DLL + 0x1d07 (0x01771d07) RAPTORVIEW.DLL + 0x1cbd (0x01771cbd) RAPTORVIEW.DLL + 0x1cbd (0x01771cbd) RAPTORVIEW.DLL + 0x1cbd (0x01771cbd) RAPTORVIEW.DLL + 0x359e (0x0177359e) RAPTORVIEW.DLL + 0x1cbd (0x01771cbd) RAPTORVIEW.DLL + 0x546d (0x0177546d) RAPTORVIEW.DLL + 0x23a8 (0x017723a8) RAPTORWIDGET.DLL + 0x4ea7 (0x01294ea7) RAPTORWIDGET.DLL + 0x4ede (0x01294ede) RAPTORWIDGET.DLL + 0x6e3d (0x01296e3d) RAPTORWIDGET.DLL + 0x706d (0x0129706d) RAPTORWIDGET.DLL + 0x6a2d (0x01296a2d) RAPTORWIDGET.DLL + 0x4f68 (0x01294f68) KERNEL32.DLL + 0x3663 (0xbff73663) KERNEL32.DLL + 0x22894 (0xbff92894) 0x00768c70 Registers: EAX: 83ec8b55 EBX: 00a198d0 ECX: 01569051 EDX: 0082a078 ESI: 015a5b50 EDI: 00000000 ESP: 0076f688 EBP: 0076f714 EIP: 0156919a cf pf AF zf sf of IF df nt RF vm IOPL: 0 CS: 014f DS: 0157 SS: 0157 ES: 0157 FS: 377f GS: 0000
Target Milestone: M4
Clearing Milestone for don to re-set.
Assignee: don → rickg
Component: Apprunner → Parser
Re-assigned to rickg@netscape.com and changed component to Parser.
Assignee: rickg → pierre
Pierre -- Can you please try this on the mac? I can't reproduce it on windows, and it may be fixed. If you get the crash, please forward the stack trace.
Assignee: pierre → rickg
I can't make it crash on the Mac but it does display the top graphics and textbox twice, exactly as on Win32 with today's build. It looks like it is a parser problem. Reassigned to rickg.
I have been able to crash it still (with the 4/5 build), although it takes a bit more effort - here's how: go to dictionary.com, and enter a word. This has the graphics/text box displayed twice... after you see the definition, press the back arrow. You may have to search for words a couple of times, but eventually the text box and graphic will only be displayed once (like it should). Look up a word and the mac apprunner crashes.
Assignee: rickg → kipp
Kipp: I've proven that this is a problem in frames, since the parser log shows a document that is virtually identical to the input document. There is a double image problem at the top. Once you fix that, please forward this to Pierre to fix the crash on the mac.
Severity: major → normal
Status: NEW → ASSIGNED
Target Milestone: M5
Assignee: kipp → karnaze
Status: ASSIGNED → NEW
Priority: P3 → P1
Target Milestone: M5
I've adjusted the priority to P1 since its a crasher. TO cause the crash type into the search box and click on the OK button. Boom. Here is where I die, on linux: #0 0x403be106 in nsImageControlFrame::MouseClicked (this=0x821bb80, aPresContext=0x82327e0) at nsImageControlFrame.cpp:356 #1 0x403bdca9 in nsImageControlFrame::HandleEvent (this=0x821bb80, aPresContext=@0x82327e0, aEvent=0xbffff26c, aEventStatus=@0xbffff1ec) at nsImageControlFrame.cpp:243 #2 0x402f974e in PresShell::HandleEvent (this=0x82a9830, aView=0x82f4740, aEvent=0xbffff26c, aEventStatus=@0xbffff1ec) at nsPresShell.cpp:2099 #3 0x40585838 in nsView::HandleEvent (this=0x82f4740, event=0xbffff26c, aEventFlags=8, aStatus=@0xbffff1ec) at nsView.cpp:826 #4 0x405857b1 in nsView::HandleEvent (this=0x82ce8a8, event=0xbffff26c, aEventFlags=8, aStatus=@0xbffff1ec) at nsView.cpp:808 #5 0x405857b1 in nsView::HandleEvent (this=0x82cd7f0, event=0xbffff26c, aEventFlags=8, aStatus=@0xbffff1ec) at nsView.cpp:808 #6 0x405857b1 in nsView::HandleEvent (this=0x82cd720, event=0xbffff26c, aEventFlags=8, aStatus=@0xbffff1ec) at nsView.cpp:808 #7 0x405883e6 in nsScrollingView::HandleEvent (this=0x82cd720, aEvent=0xbffff26c, aEventFlags=8, aStatus=@0xbffff1ec) at nsScrollingView.cpp:864 #8 0x405857b1 in nsView::HandleEvent (this=0x82a80c8, event=0xbffff26c, aEventFlags=28, aStatus=@0xbffff1ec) at nsView.cpp:808 #9 0x4058e910 in nsViewManager::DispatchEvent (this=0x82a7d48, aEvent=0xbffff26c, aStatus=@0xbffff1ec) at nsViewManager.cpp:1716 #10 0x40583938 in HandleEvent (aEvent=0xbffff26c) at nsView.cpp:66 #11 0x40058c3a in nsWidget::DispatchEvent (this=0x82cd878, event=0xbffff26c, aStatus=@0xbffff228) at nsWidget.cpp:942 #12 0x40058b44 in nsWidget::DispatchWindowEvent (this=0x82cd878, event=0xbffff26c) at nsWidget.cpp:904 #13 0x40058cf0 in nsWidget::DispatchMouseEvent (this=0x82cd878, aEvent=@0xbffff26c) at nsWidget.cpp:969 #14 0x40059494 in nsWidget::OnButtonReleaseSignal (this=0x82cd878, aGdkButtonEvent=0x81eb530) at nsWidget.cpp:1266 #15 0x40059c56 in nsWidget::ButtonReleaseSignal (aWidget=0x82cd9a0, aGdkButtonEvent=0x81eb530, aData=0x82cd878) at nsWidget.cpp:1497 And here is the neighboring source code: 346 347 348 void 349 nsImageControlFrame::MouseClicked(nsIPresContext* aPresContext) 350 { 351 PRInt32 type; 352 GetType(&type); 353 354 if ((nsnull != mFormFrame) && !nsFormFrame::GetDisabled(this)) { 355 nsIContent *formContent = nsnull; 356 mFormFrame->GetContent(&formContent); 357 358 nsEventStatus status; 359 nsEvent event; 360 event.eventStructType = NS_EVENT; 361 event.message = NS_FORM_SUBMIT; 362 if (nsnull != formContent) { 363 formContent->HandleDOMEvent(*aPresContext, &event, nsnull, NS_EVENT_FLAG_INIT, status); 364 NS_RELEASE(formContent); 365 } mFormFrame points to free memory, but is not null.
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Should be fixed with latest checkin.
QA Contact: 3853 → 3847
janc, can you Verify please?
Target Milestone: M6
janc, could you verify please?
QA Contact: janc → elig
[Also QA Assigning to self for verification; janc has something like 80 bugs to verify.]
Status: RESOLVED → VERIFIED
Using 6.1.99 build on Mac OS and 6.2.99 builds on Win32/Linux, I can't reproduce this problem, and am marking as 'Verified'. temple@colorado.edu, would you be open to giving this a quick check with a recent build to confirm that --- as the originator --- it's also fixed to your satisfaction? [If you can reproduce it, please do re-open with your comments.] Thanks!
I was not able to recreate the error now. This may be because they have changed their page. Unfortunately, I did not save a copy of that page. Cest la vis.
You need to log in before you can comment on or make changes to this bug.