Closed Bug 1487 Opened 26 years ago Closed 26 years ago

ss: Directory listing URLs crash NGLayout

Categories

(Core :: Layout, defect, P1)

x86
Other
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: angus, Assigned: rickg)

References

()

Details

Any URL that is one of those auto-generated-by-the-server directory listings (see http://grok/tests or http://checkmate/raptor/js98, for example) crashes NGLayout. These are frequently encountered on the Web. Here's a stack trace: nsBlockReflowState::nsBlockReflowState(nsIPresContext & {...}, const nsHTMLReflowState & {...}, const nsHTMLReflowMetrics & {...}) line 1108 + 32 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x00f5a794, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1685 nsContainerFrame::ReflowChild(nsIFrame * 0x00f5a790, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 410 + 28 bytes RootFrame::Reflow(RootFrame * const 0x00f58f34, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 217 PresShell::InitialReflow(PresShell * const 0x00f43af0, int 9180, int 4470) line 527 HTMLContentSink::StartLayout() line 1810 HTMLContentSink::OpenBody(HTMLContentSink * const 0x00f478c0, const nsIParserNode & {...}) line 1557 CNavDTD::OpenBody(const nsIParserNode & {...}) line 2668 + 28 bytes CNavDTD::OpenContainer(const nsIParserNode & {...}, int 1) line 2809 + 12 bytes CNavDTD::HandleDefaultStartToken(CToken * 0x006c27e0 theToken, nsHTMLTag eHTMLTag_body, nsIParserNode & {...}) line 800 + 14 bytes CNavDTD::HandleStartToken(CToken * 0x006c27e0 theToken) line 886 + 23 bytes CNavDTD::CreateContextStackFor(nsHTMLTag eHTMLTag_pre) line 3108 CNavDTD::HandleDefaultStartToken(CToken * 0x00f430a0, nsHTMLTag eHTMLTag_pre, nsIParserNode & {...}) line 778 + 12 bytes CNavDTD::HandleStartToken(CToken * 0x00f430a0) line 886 + 23 bytes NavDispatchTokenHandler(CToken * 0x00f430a0, nsIDTD * 0x00f470b0) line 430 + 12 bytes CTokenHandler::operator()(CToken * 0x00f430a0, nsIDTD * 0x00f470b0) line 80 + 14 bytes CNavDTD::HandleToken(CNavDTD * const 0x00f470b0, CToken * 0x00f430a0) line 674 + 18 bytes nsParser::BuildModel() line 708 + 16 bytes nsParser::ResumeParse() line 673 nsParser::OnDataAvailable(nsParser * const 0x00f47984, nsIURL * 0x00fa6db0, nsIInputStream * 0x00f373b0, int 1469) line 907 nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x00fa6e10, nsIURL * 0x00fa6db0, nsIInputStream * 0x00f373b0, int 1469) line 1463 + 24 bytes OnDataAvailableProxyEvent::HandleEvent(OnDataAvailableProxyEvent * const 0x00f43d60) line 607 StreamListenerProxyEvent::HandlePLEvent(PLEvent * 0x00f43d64) line 452 + 12 bytes PL_HandleEvent(PLEvent * 0x00f43d64) line 408 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00ec9f60) line 370 + 9 bytes _md_EventReceiverProc(HWND__ * 0x00ca0a32, unsigned int 49369, unsigned int 0, long 15507296) line 701 + 9 bytes USER32! 77e71250() 00ec9f60()
Assignee: troy → rickg
Could this be related to bug 1492? I notice that http://grok/tests/ does not include a <body> tag. The start of the HTML source is: <TITLE>Index of /tests/</TITLE> <h1>Index of /tests/</h1>
The parser's not being our friend here. The content model looks like: HTML |- HEAD |- H1 Notice there's no BODY element. That means we don't end with a BODY frame and so we don't have a space manager and we crash during reflow. At some point layout should better handle this case, but today we expect a valid HTML document
*** Bug 1492 has been marked as a duplicate of this bug. ***
Assignee: rickg → gagan
I think this is a netlib problem, so I'm reassigning this to you.
Assignee: gagan → kipp
Assigning to owner of Layout
Assignee: kipp → rickg
Troy was right; rick should have read the bug report more carefully :-( the content model is messed up because of a parser bug.
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Sorry for the confusion. I *should* have read the report more carefully. The bug is fixed as a side effect of fixing bug 1513.
*** Bug 1530 has been marked as a duplicate of this bug. ***
Status: RESOLVED → VERIFIED
Doesn't crash under Win 98. Marked verified. Note that the directory listing isn't pretty - there are no carraige returns inserted at the appropriate places.
Inserting Milestone info.
You need to log in before you can comment on or make changes to this bug.