Closed
Bug 5673
Opened 26 years ago
Closed 26 years ago
Crash - Reloading this page causes Apprunner crashes
Categories
(Core :: Internationalization, defect, P1)
Tracking
()
VERIFIED
WORKSFORME
M5
People
(Reporter: teruko, Assigned: rickg)
References
()
Details
(Whiteboard: Talkback ID 7900392 -still investigating - m5 branch?)
Tested 4-28-09 Win32 under Window 95J, Winnt 4.0J and Mac build.
Step of reproduce
1. Go to the above URL
2. Click on Reload button or select enter the URL location to reload the page
Apprunner crashes.
Reporter | ||
Updated•26 years ago
|
Priority: P3 → P1
Whiteboard: Talkback ID 7900392
Target Milestone: M5
URL for talkback report:
http://cyclone/reports/incidenttemplate.CFM?reportID=1568&style=0&tc=2&cp=1&ck1=
SNub+trigger+event+time&bbid=7900392
Call Stack: (Signature = SinkContext::~SinkContext 1f801ddf)
SinkContext::~SinkContext
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp,
line 835]
HTMLContentSink::~HTMLContentSink
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp,
line 1379]
HTMLContentSink::`scalar deleting
destructor'
HTMLContentSink::Release
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsHTMLContentSink.cpp,
line 1390]
nsParser::~nsParser
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 171]
nsParser::`vector deleting destructor'
nsParser::Release
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 191]
nsDocumentBindInfo::OnStopBinding
[d:\builds\seamonkey\mozilla\webshell\src\nsDocLoader.cpp, line 2143]
OnStopBindingProxyEvent::HandleEvent
[d:\builds\seamonkey\mozilla\network\module\nsNetThread.cpp, line 592]
StreamListenerProxyEvent::HandlePLEvent
[d:\builds\seamonkey\mozilla\network\module\nsNetThread.cpp, line 472]
PL_HandleEvent
[plevent.c, line 477]
PL_ProcessPendingEvents
[plevent.c, line 438]
_md_EventReceiverProc
[plevent.c, line 803]
KERNEL32.DLL + 0x3663 (0xbff73663)
KERNEL32.DLL + 0x2297c (0xbff9297c)
0x00778c54
Reporter | ||
Comment 2•26 years ago
|
||
I looked at the page. The page title was written in Shift-JIS.
I created the good UTF-8 page in
http://babel/testdata/double_byte/good_utf-8_code.htm
When I reload the page, Apprunner does not crash.
Updated•26 years ago
|
Status: NEW → ASSIGNED
Comment 3•26 years ago
|
||
What happen is the following, the origional url below have non UTF-8 data there
and the UTF8 converter go into error stage and stop feed parser the rest of the
data. Somehow the content sink have a bug which will crash when receive partial
html.
Origional url - http://babel/testdata/double_byte/utf-8_code.html
reassign this bug to
i have put down a better test page which do not have META tag neither need to
switch converter and still crash the apprunner. the new url is
in http://peoplestage.netscape.com/ftang/test/bug5673.html This html is a
partial html. The Content sink should not crash.
it crash on SinkContext::~SinkContext. I will attach the stack trace later.
Updated•26 years ago
|
Assignee: ftang → kipp
Status: ASSIGNED → NEW
Comment 4•26 years ago
|
||
Change summary to "Partial html crash apprunner" from "Crash - Reloading this
page causes Apprunner crashes" .
Here is the stack trace:
SinkContext::~SinkContext() line 833 + 12 bytes
SinkContext::`scalar deleting destructor'(unsigned int 0x00000001) + 15 bytes
HTMLContentSink::~HTMLContentSink() line 1377 + 31 bytes
HTMLContentSink::`scalar deleting destructor'(unsigned int 0x00000001) + 15
bytes
HTMLContentSink::Release(HTMLContentSink * const 0x0360f4f0) line 1390 + 99
bytes
nsParser::~nsParser() line 167 + 27 bytes
nsParser::`vector deleting destructor'(unsigned int 0x00000001) + 65 bytes
nsParser::Release(nsParser * const 0x0360e6f0) line 176 + 99 bytes
nsDocumentBindInfo::OnStopBinding(nsDocumentBindInfo * const 0x036095e0, nsIURL
* 0x03609660, unsigned int 0x00000000, unsigned short * 0x00f506e0) line 2141 +
27 bytes
OnStopBindingProxyEvent::HandleEvent(OnStopBindingProxyEvent * const 0x00f50690)
line 591 + 45 bytes
StreamListenerProxyEvent::HandlePLEvent(PLEvent * 0x00f50694) line 471 + 12
bytes
PL_HandleEvent(PLEvent * 0x00f50694) line 476 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00c209a0) line 437 + 9 bytes
_md_EventReceiverProc(void * 0x00840338, unsigned int 0x0000c117, unsigned int
0x00000000, long 0x00c209a0) line 799 + 9 bytes
USER32! 77e5111a()
set a break point at HTMLContentSink::CloseHTML. You will see it set 0xdddddddd
to all the fields of mCurrentContextk when it hit the delete mHeadContext line.
This cause the crash later when try SinkContext::~SinkContext try to delete
mStack.
Reassign to kipp since kipp is the last one touch the function
HTMLContentSink::CloseHTML
Comment 5•26 years ago
|
||
is anyone held up on this one for M5? kipp, had a chance to look at this one
yet?
Updated•26 years ago
|
Whiteboard: Talkback ID 7900392 → Talkback ID 7900392 -need status update
I can't make either test url crash; the one with utf8 data acts oddly however
(the second load leads to an empty document). ftang's page shows up empty, as it
should, without crashing anything.
Maybe somebody on windows could run this test under purify and see if anything
shows up? I'm going to ask rickg to look at it since he can use purify and see
if anything shows up...If there is a problem with the sink, then reassign it
back to harishd with the purify information. Thanks
The correct original bad URL (note .htm not .html) is:
http://babel/testdata/double_byte/utf-8_code.htm
A corrected version is at
http://babel/testdata/double_byte/good_utf-8_code.htm
Using 1999-05-03-08 build on US NT4 this works for me. The bad URL
gives a blank window and the good URL appears to work. We need to
work on the UE for bad pages, but that's separate from this bug.
Updated•26 years ago
|
Whiteboard: Talkback ID 7900392 -need status update → Talkback ID 7900392 -still investigating - m5 branch?
Reporter | ||
Updated•26 years ago
|
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 8•26 years ago
|
||
I verified this in 5-03-08 Win32 and MAC build.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•