Closed
Bug 4712
Opened 26 years ago
Closed 26 years ago
Parser crash at http://bugzilla.mozilla.org/query.cgi
Categories
(Core :: DOM: HTML Parser, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: sfraser_bugs, Assigned: rickg)
Details
Load http://bugzilla.mozilla.org/query.cgi in apprunner. You hit a crash in
CNavDTD::HandleToken(CToken*, nsIParser*). Log follows:
PowerPC access exception at 16A264CC CNavDTD::HandleToken(CToken*, nsIParser*)+
00038
7-Apr-1999 3:49:05 PM (since boot = 55 minutes)
Current application is “apprunnerDebug”
Machine = 406 (??), System $0860, sysu = $01008000
ROM version $077D, $44B5, $0001 (ROMBase $FFC00000)
VM is on; paging is currently safe
NIL^ = $FFC10000
Stack space used = +120803938
Address 16A264CC is in VM file-mapped logical memory space
It is in the CFM fragment “PARSER_DLL” at 16A22000
It is 000044CC bytes from the start of the fragment
and 0000155C bytes into a non-writeable code section at 16A24F70
PowerPC 740/750 Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 16A264CC CR 0100 1010 0000 0000 0000 1000 0100 0100
LR = 16A26134 <>=O XEVO
CTR = 16A26494
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 00 00 MQ = 00000000
R0 = 16A26134 R8 = 06F43D28 R16 = 00000000 R24 = 065A7218
SP = 06F44180 R9 = 067B08C8 R17 = 00000000 R25 = 00000000
TOC = 06B79C50 R10 = 0695A5C0 R18 = 00000000 R26 = DBDBDBDB
R3 = DBDBDBDB R11 = 0690DD44 R19 = DBDBDBDB R27 = 065EFED0
R4 = DBDBDBDB R12 = FFFFFFFF R20 = 00000000 R28 = 06B7568C
R5 = 069CFA2C R13 = 00000000 R21 = 00000000 R29 = 065EFED0
R6 = DB000000 R14 = 00000000 R22 = 065A6C48 R30 = DBDBDBDB
R7 = 0000DB00 R15 = 00000000 R23 = 065A6B9C R31 = 00000000
Disassembling PowerPC code from 16A264A4
CNavDTD::HandleToken(CToken*, nsIParser*)
+00010 16A264A4 mr r27,r3 |
7C7B1B78
+00014 16A264A8 mr r19,r4 |
7C932378
+00018 16A264AC stw r5,0x0090(SP) |
90A10090
+0001C 16A264B0 subi r28,RTOC,0x45C4 |
3B82BA3C
+00020 16A264B4 li r25,0x0000 |
3B200000
+00024 16A264B8 cmplwi r19,0x0000 |
28130000
+00028 16A264BC beq CNavDTD::HandleToken(CToken*, nsIParser*)+0018C
; 0x16A2662
0 |
41820164
+0002C 16A264C0 mr r26,r19 |
7E7A9B78
+00030 16A264C4 mr r3,r26 |
7F43D378
+00034 16A264C8 lwz r12,0x0000(r3) |
81830000
+00038 16A264CC *lwz r12,0x0038(r12) |
818C0038
+0003C 16A264D0 bl $+0x47D88 ; 0x16A6E258 |
48047D89
+00040 16A264D4 lwz RTOC,0x0014(SP) |
80410014
+00044 16A264D8 mr r23,r3 |
7C771B78
+00048 16A264DC mr r3,r26 |
7F43D378
+0004C 16A264E0 lwz r12,0x0000(r3) |
81830000
+00050 16A264E4 lwz r12,0x0020(r12) |
818C0020
+00054 16A264E8 bl $+0x47D70 ; 0x16A6E258 |
48047D71
+00058 16A264EC lwz RTOC,0x0014(SP) |
80410014
+0005C 16A264F0 mr r29,r3 |
7C7D1B78
Heap zones
#1 Mod 10448K 00002800 to 00A368BF SysZone^
#2 Mod 5K 00017720 to 00018ECF ROM read-only zone
#3 Mod 118979K 00A368C0 to 07E6781F Process Manager zone
#4 Mod 9801K 06566B50 to 06EF924F “apprunnerDebug” ApplZone^
TheZone^ Target
Zone
#5 Mod 12217K 06F45360 to 07B33A5F “Netscape Communicator™”
#6 Mod 185K 07B47B70 to 07B7626F “ObiWan”
#7 Mod 942K 07BD07B0 to 07CBC2AF “Finder”
#8 Mod 83K 07CD0B40 to 07CE5A3F “Time Synchronizer”
#9 Mod 361K 07CF42D0 to 07D4E9CF “Folder Actions”
#10 Mod 89K 07D9F580 to 07DB5C7F “Control Strip Extension”
#11 Mod 497K 07DC8510 to 07E44C0F “CD Lookup”
#12 Mod 2047K 08400000 to 085FFFDF
#13 Mod 288K 08461370 to 084A936F
#14 Mod 94K 0850D450 to 0852502F
Calling chain using A6/R1 links
Back chain ISA Caller
00000000 PPC 17184D60
06F45080 PPC 17183C3C main+005D4
06F44FA0 PPC 16EDECB4 nsAppShellService::Run()+00020
06F44F60 PPC 16A0C2BC nsAppShell::Run()+00050
06F44EE0 PPC 16A0CDDC nsMacMessagePump::DoMessagePump()+00044
06F44E90 PPC 16A0D098 nsMacMessagePump::DispatchEvent(int, EventRecord*)+
00174
06F44E40 PPC 170D2528 Repeater::DoRepeaters(const EventRecord&)+00034
06F44E00 PPC 170C9924 TimerPeriodical::RepeatAction(const EventRecord&)+
00074
06F44DB0 PPC 170C93A8 TimerImpl::Fire()+00058
06F44D70 PPC 17032C40 nsNetlibService::NetPollSocketsCallback(nsITimer*,
void*)+0004C
06F44D30 PPC 1700A39C NET_PollSockets+000BC
06F44CE0 PPC 17005244 NET_ProcessNet+00520
06F44940 PPC 1702966C net_ProcessHTTP+002A4
06F444C0 PPC 1702B540 net_ChunkedComplete+00028
06F44480 PPC 16FF9114 net_MemCacheComplete+000F8
06F44440 PPC 17036C5C stub_complete(_NET_StreamClass*)+000A8
06F443A0 PPC 16984D44 nsDocumentBindInfo::OnStopBinding(nsIURL*, unsigned
int, const u
nsigned short*)+0008C
06F44340 PPC 16A39730 nsParser::OnStopBinding(nsIURL*, unsigned int, const
unsigned sh
ort*)+00048
06F442F0 PPC 16A38F3C nsParser::ResumeParse(nsIDTD*)+000E8
06F442A0 PPC 16A390A0 nsParser::BuildModel()+00074
06F44250 PPC 16A26130 CNavDTD::BuildModel(nsIParser*, nsITokenizer*,
nsITokenObserver*
, nsIContentSink*)+00090
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Looks like this got fixed by an improvement to nsDeque, which caused recycled
tokens to get deleted twice in one odd case.
Updated•26 years ago
|
QA Contact: 3847 → 4141
Comment 2•26 years ago
|
||
Attempting to steal gem's HTMLParser bugs all at once. Changing QAContact to
janc.
Updated•26 years ago
|
Status: RESOLVED → VERIFIED
Comment 3•26 years ago
|
||
appears to be fixed.
verified 6/10/99
You need to log in
before you can comment on or make changes to this bug.
Description
•