Closed Bug 4712 Opened 26 years ago Closed 26 years ago

Categories

(Core :: DOM: HTML Parser, defect, P3)

PowerPC
Mac System 8.5
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: sfraser_bugs, Assigned: rickg)

Details

Load http://bugzilla.mozilla.org/query.cgi in apprunner. You hit a crash in CNavDTD::HandleToken(CToken*, nsIParser*). Log follows: PowerPC access exception at 16A264CC CNavDTD::HandleToken(CToken*, nsIParser*)+ 00038 7-Apr-1999 3:49:05 PM (since boot = 55 minutes) Current application is “apprunnerDebug” Machine = 406 (??), System $0860, sysu = $01008000 ROM version $077D, $44B5, $0001 (ROMBase $FFC00000) VM is on; paging is currently safe NIL^ = $FFC10000 Stack space used = +120803938 Address 16A264CC is in VM file-mapped logical memory space It is in the CFM fragment “PARSER_DLL” at 16A22000 It is 000044CC bytes from the start of the fragment and 0000155C bytes into a non-writeable code section at 16A24F70 PowerPC 740/750 Registers CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7 PC = 16A264CC CR 0100 1010 0000 0000 0000 1000 0100 0100 LR = 16A26134 <>=O XEVO CTR = 16A26494 MSR = 00000000 SOC Compare Count Int = 0 XER 000 00 00 MQ = 00000000 R0 = 16A26134 R8 = 06F43D28 R16 = 00000000 R24 = 065A7218 SP = 06F44180 R9 = 067B08C8 R17 = 00000000 R25 = 00000000 TOC = 06B79C50 R10 = 0695A5C0 R18 = 00000000 R26 = DBDBDBDB R3 = DBDBDBDB R11 = 0690DD44 R19 = DBDBDBDB R27 = 065EFED0 R4 = DBDBDBDB R12 = FFFFFFFF R20 = 00000000 R28 = 06B7568C R5 = 069CFA2C R13 = 00000000 R21 = 00000000 R29 = 065EFED0 R6 = DB000000 R14 = 00000000 R22 = 065A6C48 R30 = DBDBDBDB R7 = 0000DB00 R15 = 00000000 R23 = 065A6B9C R31 = 00000000 Disassembling PowerPC code from 16A264A4 CNavDTD::HandleToken(CToken*, nsIParser*) +00010 16A264A4 mr r27,r3 | 7C7B1B78 +00014 16A264A8 mr r19,r4 | 7C932378 +00018 16A264AC stw r5,0x0090(SP) | 90A10090 +0001C 16A264B0 subi r28,RTOC,0x45C4 | 3B82BA3C +00020 16A264B4 li r25,0x0000 | 3B200000 +00024 16A264B8 cmplwi r19,0x0000 | 28130000 +00028 16A264BC beq CNavDTD::HandleToken(CToken*, nsIParser*)+0018C ; 0x16A2662 0 | 41820164 +0002C 16A264C0 mr r26,r19 | 7E7A9B78 +00030 16A264C4 mr r3,r26 | 7F43D378 +00034 16A264C8 lwz r12,0x0000(r3) | 81830000 +00038 16A264CC *lwz r12,0x0038(r12) | 818C0038 +0003C 16A264D0 bl $+0x47D88 ; 0x16A6E258 | 48047D89 +00040 16A264D4 lwz RTOC,0x0014(SP) | 80410014 +00044 16A264D8 mr r23,r3 | 7C771B78 +00048 16A264DC mr r3,r26 | 7F43D378 +0004C 16A264E0 lwz r12,0x0000(r3) | 81830000 +00050 16A264E4 lwz r12,0x0020(r12) | 818C0020 +00054 16A264E8 bl $+0x47D70 ; 0x16A6E258 | 48047D71 +00058 16A264EC lwz RTOC,0x0014(SP) | 80410014 +0005C 16A264F0 mr r29,r3 | 7C7D1B78 Heap zones #1 Mod 10448K 00002800 to 00A368BF SysZone^ #2 Mod 5K 00017720 to 00018ECF ROM read-only zone #3 Mod 118979K 00A368C0 to 07E6781F Process Manager zone #4 Mod 9801K 06566B50 to 06EF924F “apprunnerDebug” ApplZone^ TheZone^ Target Zone #5 Mod 12217K 06F45360 to 07B33A5F “Netscape Communicator™” #6 Mod 185K 07B47B70 to 07B7626F “ObiWan” #7 Mod 942K 07BD07B0 to 07CBC2AF “Finder” #8 Mod 83K 07CD0B40 to 07CE5A3F “Time Synchronizer” #9 Mod 361K 07CF42D0 to 07D4E9CF “Folder Actions” #10 Mod 89K 07D9F580 to 07DB5C7F “Control Strip Extension” #11 Mod 497K 07DC8510 to 07E44C0F “CD Lookup” #12 Mod 2047K 08400000 to 085FFFDF #13 Mod 288K 08461370 to 084A936F #14 Mod 94K 0850D450 to 0852502F Calling chain using A6/R1 links Back chain ISA Caller 00000000 PPC 17184D60 06F45080 PPC 17183C3C main+005D4 06F44FA0 PPC 16EDECB4 nsAppShellService::Run()+00020 06F44F60 PPC 16A0C2BC nsAppShell::Run()+00050 06F44EE0 PPC 16A0CDDC nsMacMessagePump::DoMessagePump()+00044 06F44E90 PPC 16A0D098 nsMacMessagePump::DispatchEvent(int, EventRecord*)+ 00174 06F44E40 PPC 170D2528 Repeater::DoRepeaters(const EventRecord&)+00034 06F44E00 PPC 170C9924 TimerPeriodical::RepeatAction(const EventRecord&)+ 00074 06F44DB0 PPC 170C93A8 TimerImpl::Fire()+00058 06F44D70 PPC 17032C40 nsNetlibService::NetPollSocketsCallback(nsITimer*, void*)+0004C 06F44D30 PPC 1700A39C NET_PollSockets+000BC 06F44CE0 PPC 17005244 NET_ProcessNet+00520 06F44940 PPC 1702966C net_ProcessHTTP+002A4 06F444C0 PPC 1702B540 net_ChunkedComplete+00028 06F44480 PPC 16FF9114 net_MemCacheComplete+000F8 06F44440 PPC 17036C5C stub_complete(_NET_StreamClass*)+000A8 06F443A0 PPC 16984D44 nsDocumentBindInfo::OnStopBinding(nsIURL*, unsigned int, const u nsigned short*)+0008C 06F44340 PPC 16A39730 nsParser::OnStopBinding(nsIURL*, unsigned int, const unsigned sh ort*)+00048 06F442F0 PPC 16A38F3C nsParser::ResumeParse(nsIDTD*)+000E8 06F442A0 PPC 16A390A0 nsParser::BuildModel()+00074 06F44250 PPC 16A26130 CNavDTD::BuildModel(nsIParser*, nsITokenizer*, nsITokenObserver* , nsIContentSink*)+00090
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Looks like this got fixed by an improvement to nsDeque, which caused recycled tokens to get deleted twice in one odd case.
QA Contact: 3847 → 4141
Attempting to steal gem's HTMLParser bugs all at once. Changing QAContact to janc.
Status: RESOLVED → VERIFIED
appears to be fixed. verified 6/10/99
You need to log in before you can comment on or make changes to this bug.