Closed
Bug 1257
Opened 26 years ago
Closed 26 years ago
crash
Categories
(Core :: Layout, defect, P1)
Tracking
()
VERIFIED
FIXED
People
(Reporter: buster, Assigned: buster)
References
()
Details
I load the page, and while the page is loading I clicked on the "Click for PART
11 of the Browser Tests" link. Here is the call stack:
_free_dbg_lk() line 1033 + 63 bytes
_free_dbg() line 970 + 13 bytes
operator delete() line 49 + 16 bytes
nsTextTransformer::~nsTextTransformer() line 59 + 24 bytes
TextFrame::Reflow() line 1894 + 21 bytes
nsInlineReflow::ReflowFrame() line 489
nsInlineReflow::ReflowFrame() line 269 + 16 bytes
nsInlineFrame::ReflowFrame() line 969 + 12 bytes
nsInlineFrame::ReflowMapped() line 912 + 24 bytes
nsInlineFrame::InitialReflow() line 792 + 20 bytes
nsInlineFrame::Reflow() line 558 + 25 bytes
nsInlineReflow::ReflowFrame() line 489
nsInlineReflow::ReflowFrame() line 269 + 16 bytes
nsBlockFrame::ReflowInlineFrame() line 3264 + 18 bytes
nsBlockFrame::ReflowLine() line 2713 + 24 bytes
nsBlockFrame::ReflowLinesAt() line 2578 + 20 bytes
nsBlockFrame::ResizeReflow() line 2566 + 19 bytes
nsBlockFrame::InitialReflow() line 2209 + 12 bytes
nsBlockFrame::Reflow() line 1751 + 18 bytes
nsInlineReflow::ReflowFrame() line 489
nsInlineReflow::ReflowFrame() line 269 + 16 bytes
nsInlineFrame::ReflowFrame() line 969 + 12 bytes
nsInlineFrame::ReflowMapped() line 912 + 24 bytes
nsInlineFrame::InitialReflow() line 792 + 20 bytes
nsInlineFrame::Reflow() line 558 + 25 bytes
nsInlineReflow::ReflowFrame() line 489
nsInlineReflow::ReflowFrame() line 269 + 16 bytes
nsBlockFrame::ReflowInlineFrame() line 3264 + 18 bytes
nsBlockFrame::ReflowLine() line 2713 + 24 bytes
nsBlockFrame::ReflowLinesAt() line 2578 + 20 bytes
nsBlockFrame::FrameAppendedReflow() line 2317 + 16 bytes
nsBlockFrame::Reflow() line 1772 + 18 bytes
nsBodyFrame::Reflow() line 388
nsContainerFrame::ReflowChild() line 382 + 28 bytes
nsScrollFrame::Reflow() line 356
nsContainerFrame::ReflowChild() line 382 + 28 bytes
RootFrame::Reflow() line 186
nsHTMLReflowCommand::Dispatch() line 174
PresShell::ProcessReflowCommands() line 666
PresShell::ExitReflowLock() line 416
PresShell::ContentAppended() line 784
nsDocument::ContentAppended() line 544
HTMLContentSink::WillInterrupt() line 1360
CNavDTD::WillInterruptParse() line 3496 + 18 bytes
nsParser::ResumeParse() line 587
nsParser::OnDataAvailable() line 794 + 15 bytes
nsDocumentBindInfo::OnDataAvailable() line 1390 + 30 bytes
OnDataAvailableProxyEvent::HandleEvent() line 575 + 45 bytes
StreamListenerProxyEvent::HandlePLEvent() line 421 + 12 bytes
PL_HandleEvent() line 395 + 10 bytes
PL_ProcessPendingEvents() line 357 + 9 bytes
_md_EventReceiverProc() line 675 + 9 bytes
To reproduce the bug (I just did again first try with newly-built code) it is
critical to click on the link to part 11 as part10 is still loading. You may
have failed to reproduce it due to a timing problem. I have now reproduced it
on both my home and office PCs.
Status: REOPENED → RESOLVED
Closed: 26 years ago → 26 years ago
Resolution: WORKSFORME → FIXED
I fixed a buffer overrun problem in nsTextTransformer.cpp. The problem had
nothing to do with clicking: it was bt11.htm that triggered the bug!
You need to log in
before you can comment on or make changes to this bug.
Description
•