Closed Bug 17404 Opened 25 years ago Closed 25 years ago

Crash loading a page with JavaScript content

Categories

(Core :: JavaScript Engine, defect, P3)

defect

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: blee, Assigned: karnaze)

References

()

Details

(Keywords: crash)

To reproduce this, load the page URL above. ==> crash. MacsbugLog >> http://babel/macsbuglogs/stdlog_102799 Win StackTrace not available (TalkBack didn't load) Windows error message: "Access Violation (oxcoooooo5), Address: ox60193260" OS/blds: Win NT J/10-27-09-M11, MacOS 8.6/10-27-08-M11, Linux6.0 10-27-08-M11
Assignee: mccabe → kipp
Kipp code shows up in the trace - Reassigning there, in the hopes he has more of a clue.
Assignee: kipp → vidur
I suspect this is a side effect of the event queue work done by vidur... Here are the warnings from the run: Assertion: "over allocated" (totalAllocated <= maxWidth) at file BasicTableLayoutStrategy.cpp, line 275 Break: at file BasicTableLayoutStrategy.cpp, line 275 Block(p)(0)@0x83e4d78: WARNING: max-element-size:677,244 desired:1887,216 maxSize:1073741824,1073741824 Block(td)(0)@0x83e4950: WARNING: max-element-size:705,244 desired:1901,216 maxSize:1073741824,1073741824 Warning - table cell content max element height 244 greater than desired height 216 Block(p)(0)@0x83e4d78: WARNING: max-element-size:677,244 desired:1887,216 maxSize:1073741824,1073741824 Block(td)(0)@0x83e4950: WARNING: max-element-size:705,244 desired:1901,216 maxSize:1073741824,1073741824 Warning - table cell content max element height 244 greater than desired height 216 Block(p)(0)@0x83e4d78: WARNING: max-element-size:677,244 desired:1887,216 maxSize:1073741824,1073741824 Block(td)(0)@0x83e4950: WARNING: max-element-size:705,244 desired:1901,216 maxSize:1073741824,1073741824 Warning - table cell content max element height 244 greater than desired height 216 Block(p)(0)@0x83e4d78: WARNING: max-element-size:677,244 desired:1887,216 maxSize:1073741824,1073741824 Block(td)(0)@0x83e4950: WARNING: max-element-size:705,244 desired:1901,216 maxSize:1073741824,1073741824 Warning - table cell content max element height 244 greater than desired height 216 Block(p)(0)@0x83e4d78: WARNING: max-element-size:677,244 desired:1887,216 maxSize:1073741824,1073741824 Block(td)(0)@0x83e4950: WARNING: max-element-size:705,244 desired:1901,216 maxSize:1073741824,1073741824 Warning - table cell content max element height 244 greater than desired height 216 Block(p)(0)@0x83e4d78: WARNING: max-element-size:677,244 desired:1887,216 maxSize:1073741824,1073741824 Block(td)(0)@0x83e4950: WARNING: max-element-size:705,244 desired:1901,216 maxSize:1073741824,1073741824 Warning - table cell content max element height 244 greater than desired height 216 Block(p)(0)@0x83e4d78: WARNING: max-element-size:677,244 desired:1887,216 maxSize:1073741824,1073741824 Block(td)(0)@0x83e4950: WARNING: max-element-size:705,244 desired:1901,216 maxSize:1073741824,1073741824 Warning - table cell content max element height 244 greater than desired height 216 Block(p)(0)@0x83e4d78: WARNING: max-element-size:677,244 desired:1887,216 maxSize:1073741824,1073741824 Block(td)(0)@0x83e4950: WARNING: max-element-size:705,244 desired:1901,216 maxSize:1073741824,1073741824 Warning - table cell content max element height 244 greater than desired height 216 And here is the nonsense stack crawl - this leads me to believe we have a malformed content model: (gdb) bt #0 0x40c82647 in nsBlockFrame::ComputeFinalSize (this=0x8402810, aReflowState=@0x40fa3804, aState=@0x83f29c8, aMetrics=@0x40e3d098) at nsBlockFrame.cpp:1730 #1 0x40e3d0c9 in nsTableRowGroupFrame::DidAppendRow (this=0x83f29c8, aRowFrame=0x8402810) at nsTableRowGroupFrame.cpp:1347 #2 0x40e3cc68 in nsTableRowGroupFrame::AppendFrames (this=0x83f29c8, aPresContext=@0x827ead0, aPresShell=@0x8241f00, aListName=0x0, aFrameList=0x8401318) at nsTableRowGroupFrame.cpp:1170 #3 0x40c9a855 in FrameManager::AppendFrames (this=0x8174a80, aPresContext=@0x827ead0, aPresShell=@0x8241f00, aParentFrame=0x83f29c8, aListName=0x0, aFrameList=0x8401318) at nsFrameManager.cpp:602 #4 0x40dd7de2 in nsCSSFrameConstructor::AppendFrames (this=0x8241eb8, aPresContext=0x827ead0, aPresShell=0x8241f00, aFrameManager=0x8174a80, aContainer=0x83ec9e4, aParentFrame=0x83f29c8, aFrameList=0x8401318) at nsCSSFrameConstructor.cpp:5583 #5 0x40dd8973 in nsCSSFrameConstructor::ContentAppended (this=0x8241eb8, aPresContext=0x827ead0, aContainer=0x83ec9e4, aNewIndexInContainer=2) at nsCSSFrameConstructor.cpp:5870 #6 0x40ec8585 in StyleSetImpl::ContentAppended (this=0x8241e68, aPresContext=0x827ead0, aContainer=0x83ec9e4, aNewIndexInContainer=2) at nsStyleSet.cpp:934 #7 0x40cc3f80 in PresShell::ContentAppended (this=0x8241f00, aDocument=0x81c22b0, aContainer=0x83ec9e4, aNewIndexInContainer=2) at nsPresShell.cpp:1854 #8 0x40e8c2f7 in nsDocument::ContentAppended (this=0x81c22b0, aContainer=0x83ec9e4, aNewIndexInContainer=2) at nsDocument.cpp:1523 #9 0x40d7753e in nsHTMLDocument::ContentAppended (this=0x81c22b0, aContainer=0x83ec9e4, aNewIndexInContainer=2) at nsHTMLDocument.cpp:1040 #10 0x40d70f8f in HTMLContentSink::NotifyAppend (this=0x81c27a8, aContainer=0x83ec9e4, aStartIndex=2) at nsHTMLContentSink.cpp:3457 #11 0x40d6b6c3 in SinkContext::FlushTags (this=0x81b6a40) at nsHTMLContentSink.cpp:1718 #12 0x40d6cb48 in HTMLContentSink::BeginContext (this=0x81c27a8, aPosition=13) at nsHTMLContentSink.cpp:2083 #13 0x40fef412 in CNavDTD::HandleSavedTokensAbove (this=0x82a0460, aTag=eHTMLTag_table) at CNavDTD.cpp:1530 #14 0x40fef2d1 in CNavDTD::HandleEndToken (this=0x82a0460, aToken=0x83b9ae0) at CNavDTD.cpp:1485 #15 0x40fed811 in CNavDTD::HandleToken (this=0x82a0460, aToken=0x83b9ae0, aParser=0x81b5be8) at CNavDTD.cpp:656 #16 0x40fed1e8 in CNavDTD::BuildModel (this=0x82a0460, aParser=0x81b5be8, aTokenizer=0x8198a50, anObserver=0x0, aSink=0x81c27a8) at CNavDTD.cpp:458 #17 0x40ffbd5c in nsParser::BuildModel (this=0x81b5be8) at nsParser.cpp:1059 So vidur, you can push this over to chris/harish as appropriate...
Assignee: vidur → karnaze
This looks like my problem now (probably exposed by the new content sink).
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
I'm not seeing the crash. Maybe it got fixed after the bug was submitted.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
It still crashes in these blds: Win 10-29-09-M11, Linux 10-29-10-M11, Mac 10-29-08-M11. Wait until the page finishes loading. Crash occurs after that.
I pulled from the tip of the tree this morning around 10am and I can't see this problem in my WinNT debug build running Viewer in the debugger. I really don't know if the builds you mention are after this or not. If so, what can account for me not seeing it. Are you running Viewer? Are you using a debug build? Are you in the debugger?
I'm running Apprunner, not Viewer. I used today's (10/29) official blds, not debug blds.
Status: REOPENED → RESOLVED
Closed: 25 years ago25 years ago
Resolution: --- → WORKSFORME
I used an optimized WinNT build from mozilla.org (m11 I think) on 11/3 and cannot see the crash. I don't see it on a current WinNT build either.
Adding crash keyword
Keywords: crash
Verified worksforme.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.