Closed
Bug 59674
Opened 24 years ago
Closed 24 years ago
crash at stack: nsFrameImageLoader::NotifyFrames
Categories
(Core :: Layout, defect, P3)
Tracking
()
VERIFIED
FIXED
mozilla0.9
People
(Reporter: bzbarsky, Assigned: pavlov)
References
()
Details
(Keywords: crash)
I got to that URL and crash. I see this on Linux trunk build 2000110908 and it
also appears in the Oct 27 build according to jens-uwe@idealo.de
Stack:
#0 nsFrameImageLoader::NotifyFrames (this=0x8675e40, aIsSizeUpdate=0)
at nsFrameImageLoader.cpp:570
#1 0x414ce276 in nsFrameImageLoader::Notify (this=0x8675e40,
aImageRequest=0x85dc2c8,
aImage=0x867a7d8, aNotificationType=nsImageNotification_kImageComplete,
aParam1=0,
aParam2=0, aParam3=0x0) at nsFrameImageLoader.cpp:540
#2 0x40032f98 in ns_observer_proc (aSource=0x8676420, aMsg=7,
aMsgData=0xbffff2e8, aClosure=0x85dc2c8) at nsImageRequest.cpp:134
#3 0x400406e5 in XP_NotifyObservers (inObserverList=0x8678878, inMessage=7,
ioData=0xbffff2e8) at obs.c:259
#4 0x4003989e in il_image_complete_notify (ic=0x8674f40) at if.cpp:327
#5 0x4003b37a in il_image_complete (ic=0x8674f40) at if.cpp:1644
#6 0x400395a1 in ImgDCallbk::ImgDCBHaveImageAll (this=0x8651850) at if.cpp:189
#7 0x41e78b79 in il_jpeg_complete (ic=0x8674f40) at jpeg.cpp:1001
#8 0x41e78ee9 in JPGDecoder::ImgDComplete (this=0x8675c98) at nsJPGDecoder.cpp:117
#9 0x4003ae37 in IL_StreamComplete (ic=0x8674f40, is_multipart=0) at if.cpp:1347
#10 0x400376ef in NetReaderImpl::StreamComplete (this=0x8674ad0, is_multipart=0)
at ilNetReader.cpp:131
#11 0x4002d4b4 in ImageConsumer::OnStopRequest (this=0x8674a30, channel=0x8683ff8,
aContext=0x0, status=0, aMsg=0x401392a8) at nsImageNetContextAsync.cpp:545
#12 0x40e4bb2f in nsDocumentOpenInfo::OnStopRequest (this=0x8674d38,
aChannel=0x8683ff8,
aCtxt=0x0, aStatus=0, errorMsg=0x401392a8) at nsURILoader.cpp:274
#13 0x40cb6849 in nsHTTPFinalListener::OnStopRequest (this=0x8674d78,
aChannel=0x8683ff8, aContext=0x0, aStatus=0, aStatusArg=0x401392a8)
at nsHTTPResponseListener.cpp:1159
#14 0x40c7c065 in InterceptStreamListener::OnStopRequest (this=0x8675458,
channel=0x8683ff8, ctxt=0x0, aStatus=0, aStatusArg=0x401392a8)
at nsCachedNetData.cpp:1211
#15 0x40ca8d19 in nsHTTPChannel::ResponseCompleted (this=0x8683ff8,
aListener=0x8675458,
aStatus=0, aStatusArg=0x401392a8) at nsHTTPChannel.cpp:1923
#16 0x40cb58da in nsHTTPServerListener::OnStopRequest (this=0x8684208,
channel=0x8533be4, i_pContext=0x8683ff8, i_Status=0, aStatusArg=0x401392a8)
at nsHTTPResponseListener.cpp:729
#17 0x40c3c62d in nsOnStopRequestEvent::HandleEvent (this=0x867cd38)
at nsAsyncStreamListener.cpp:301#18 0x40c3ba86 in
nsStreamListenerEvent::HandlePLEvent (aEvent=0x8674c28)
at nsAsyncStreamListener.cpp:97
#19 0x400f0f5e in PL_HandleEvent (self=0x8674c28) at plevent.c:576
#20 0x400f0df9 in PL_ProcessPendingEvents (self=0x80a5878) at plevent.c:509
#21 0x400f2a50 in nsEventQueueImpl::ProcessPendingEvents (this=0x80a5850)
at nsEventQueue.cpp:356
#22 0x406b4daf in event_processor_callback (data=0x80a5850, source=8,
condition=GDK_INPUT_READ) at nsAppShell.cpp:158
#23 0x406b4a6d in our_gdk_io_invoke (source=0x81c4e08, condition=G_IO_IN,
data=0x81f0668)
at nsAppShell.cpp:58
#24 0x4086eaca in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0
#25 0x40870186 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
#26 0x40870751 in g_main_iterate () from /usr/lib/libglib-1.2.so.0
#27 0x408708f1 in g_main_run () from /usr/lib/libglib-1.2.so.0
#28 0x40798c69 in gtk_main () from /usr/lib/libgtk-1.2.so.0
#29 0x406b5984 in nsAppShell::Run (this=0x80aeef0) at nsAppShell.cpp:335
#30 0x405d4fb5 in nsAppShellService::Run (this=0x80ac3f8) at
nsAppShellService.cpp:407
#31 0x80523fb in main1 (argc=1, argv=0xbffff8c4, nativeApp=0x0) at
nsAppRunner.cpp:1015
#32 0x8052d26 in main (argc=1, argv=0xbffff8c4) at nsAppRunner.cpp:1255
#33 0x403009cb in __libc_start_main (main=0x8052ba0 <main>, argc=1,
argv=0xbffff8c4,
init=0x804c244 <_init>, fini=0x805edcc <_fini>, rtld_fini=0x4000ae60
<_dl_fini>,
stack_end=0xbffff8bc) at ../sysdeps/generic/libc-start.c:92
Reporter | ||
Comment 1•24 years ago
|
||
Ugh. Adding url. sorry for the spam...
layout?
Assignee: asa → clayton
Status: UNCONFIRMED → NEW
Component: Browser-General → Layout
Ever confirmed: true
Keywords: crash
QA Contact: doronr → petersen
Confirmed! I'm using:
ftp://ftp.mozilla.org/pub/mozilla/nightly/2000-11-06-08-Mtrunk/mozilla-i686-pc-linux-gnu-sea.tar.gz
Netscape 4.76 (Linux) seems to have no problems with the above URL.
/richard
Please triage.
Assignee: clayton → jst
Comment 5•24 years ago
|
||
The crash happens because a frame image loader is destroyed while it's notifying
its frames and after it's destroyed and the code rolls back to
nsFrameImageLoader::NotifyFrames() we crash trying to dereference
mCurNotifiedFrame (or rather we crash when we access members of it but it's
value is 0xdddddddd).
To fix this problem I added a kungFuDeathGrip in nsFrameImageLoader::Notify()
and that fixes that crash, here's the patch:
But even with this fix we still crash deep down in image lib while again trying
to access a 0xdddddddd pointer. Here's the stack for that crash:
il_image_complete_notify(il_container_struct * 0x04bd0640) line 327 + 9 bytes
il_image_complete(il_container_struct * 0x04bd0640) line 1644 + 9 bytes
ImgDCallbk::ImgDCBHaveImageAll(ImgDCallbk * const 0x04bd0030) line 189 + 12 bytes
il_jpeg_complete(il_container_struct * 0x04bd0640) line 1002
JPGDecoder::ImgDComplete(JPGDecoder * const 0x04bf0650) line 117 + 12 bytes
IL_StreamComplete(il_container_struct * 0x04bd0640, int 0) line 1348
NetReaderImpl::StreamComplete(NetReaderImpl * const 0x04b79de0, int 0) line 129
+ 16 bytes
ImageConsumer::OnStopRequest(ImageConsumer * const 0x04b79bd0, nsIChannel *
0x04bc1080, nsISupports * 0x00000000, unsigned int 0, const unsigned short *
0x100a9bc0 gCommonEmptyBuffer) line 547
nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x04b64c40,
nsIChannel * 0x04bc1080, nsISupports * 0x00000000, unsigned int 0, const
unsigned short * 0x100a9bc0 gCommonEmptyBuffer) line 277
nsHTTPFinalListener::OnStopRequest(nsHTTPFinalListener * const 0x04b64be0,
nsIChannel * 0x04bc1080, nsISupports * 0x00000000, unsigned int 0, const
unsigned short * 0x100a9bc0 gCommonEmptyBuffer) line 1159 + 42 bytes
InterceptStreamListener::OnStopRequest(InterceptStreamListener * const
0x04bf0690, nsIChannel * 0x04bc1080, nsISupports * 0x00000000, unsigned int 0,
const unsigned short * 0x100a9bc0 gCommonEmptyBuffer) line 1212
nsHTTPChannel::ResponseCompleted(nsIStreamListener * 0x04bf0690, unsigned int 0,
const unsigned short * 0x100a9bc0 gCommonEmptyBuffer) line 1923 + 42 bytes
nsHTTPServerListener::OnStopRequest(nsHTTPServerListener * const 0x04bf4310,
nsIChannel * 0x04b8d1f4, nsISupports * 0x04bc1080, unsigned int 0, const
unsigned short * 0x100a9bc0 gCommonEmptyBuffer) line 730
...
We crash when trying to execute:
XP_NotifyObservers(image_req->obs_list, IL_IMAGE_COMPLETE,
&message_data);
inside the for loop and image_req is the 0xdddddddd pointer.
Reassigning to pnunn.
Assignee: jst → pnunn
Summary: crash at http://acw.activate.net/streetfusion/amd/slides/preloader.htm → crash at stack: nsFrameImageLoader::NotifyFrames
I can not reproduce this bug anymore with recent builds (2001030121, Linux).
Everything works fine now, so I guess this can be marked as fixed?
All pnunn bugs reassigned to Pav, who is taking over
the imglib.
Assignee: pnunn → pavlov
Status: ASSIGNED → NEW
Assignee | ||
Comment 8•24 years ago
|
||
the code in question isn't used anymore. marking fixed by the new imagelib.
tested in todays build.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•