Closed Bug 31048 Opened 25 years ago Closed 24 years ago

browser crashes after second javascript error

Categories

(Core :: DOM: UI Events & Focus Handling, defect, P3)

x86
Windows 98
defect

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: rmassie, Assigned: joki)

References

()

Details

(Keywords: crash)

Attachments

(1 file)

BuildID: 2000030516 rpgmaer.com creates javascript errors when you open a link due to the advertisement bar at the top of the page. The javascript error dosen't always show, but when it does, moz crashes. Steps to reproduce: 1. open rpgamer.com 2. click on a link 3. repeat until 2 javascript errors have shown 4. crash Windows 98 dump: MOZILLA caused a stack fault in module XPCOM.DLL at 0167:60c60f3e. Registers: EAX=00000000 CS=0167 EIP=60c60f3e EFLGS=00010293 EBX=00592030 SS=016f ESP=00592000 EBP=0059200c ECX=00000001 DS=016f ESI=00592088 FS=7c27 EDX=00000025 ES=016f EDI=00000025 GS=0000 Bytes at CS:EIP: 57 ff 75 10 8d 04 41 ff 73 10 ff 36 ff 76 10 ff Stack dump: 60c9360c 00000025 00592084 00592044 60c57028 00592088 00592030 00000000 00000025 00592084 00592084 034506e0 00000025 00000000 00000000 00000000 Comment: I'm not sure if this is the right component. Sorry if it isn't.
I used a debug build from 3/7 and was able to navigate most links back and forth for quite a while before finally getting a crash. I finally got this crash when following an image link from one of the many 'screens' links from the 'Legend of Zelda' link on the main page, right hand column. cdcd0000() nsGenericElement::HandleDOMEvent(nsIPresContext * 0x03350990, nsEvent * 0x0012d9e0, nsIDOMEvent * * 0x0012d5c4, unsigned int 0x00000001, nsEventStatus * 0x0012da04) line 997 nsGenericHTMLElement::HandleDOMEventForAnchors(nsIPresContext * 0x03350990, nsEvent * 0x0012d9e0, nsIDOMEvent * * 0x00000000, unsigned int 0x00000001, nsEventStatus * 0x0012da04) line 804 + 31 bytes nsHTMLAnchorElement::HandleDOMEvent(nsHTMLAnchorElement * const 0x032d187c, nsIPresContext * 0x03350990, nsEvent * 0x0012d9e0, nsIDOMEvent * * 0x00000000, unsigned int 0x00000001, nsEventStatus * 0x0012da04) line 342 nsEventStateManager::SendFocusBlur(nsEventStateManager * const 0x03308410, nsIPresContext * 0x03350990, nsIContent * 0x032d187c) line 2380 nsEventStateManager::SetContentState(nsEventStateManager * const 0x03308410, nsIContent * 0x032d187c, int 0x00000002) line 2164 nsHTMLAnchorElement::SetFocus(nsHTMLAnchorElement * const 0x032d1880, nsIPresContext * 0x03350990) line 244 nsEventStateManager::PreHandleEvent(nsEventStateManager * const 0x02cadf70, nsIPresContext * 0x02771350, nsGUIEvent * 0x0012df64, nsIFrame * 0x013610d0, nsEventStatus * 0x0012decc, nsIView * 0x02773940) line 563 PresShell::HandleEvent(PresShell * const 0x02773274, nsIView * 0x02773940, nsGUIEvent * 0x0012df64, nsEventStatus * 0x0012decc) line 3026 + 43 bytes nsView::HandleEvent(nsView * const 0x02773940, nsGUIEvent * 0x0012df64, unsigned int 0x0000001c, nsEventStatus * 0x0012decc, int & 0x00000000) line 799 nsViewManager2::DispatchEvent(nsViewManager2 * const 0x02773c00, nsGUIEvent * 0x0012df64, nsEventStatus * 0x0012decc) line 1216 HandleEvent(nsGUIEvent * 0x0012df64) line 69 nsWindow::DispatchEvent(nsWindow * const 0x02773814, nsGUIEvent * 0x0012df64, nsEventStatus & nsEventStatus_eIgnore) line 493 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012df64) line 514 nsWindow::DispatchFocus(unsigned int 0x0000006a) line 3103 + 15 bytes nsWindow::ProcessMessage(unsigned int 0x00000007, unsigned int 0x035b0126, long 0x00000000, long * 0x0012e1c8) line 2335 + 19 bytes nsWindow::WindowProc(HWND__ * 0x1a9201b2, unsigned int 0x00000007, unsigned int 0x035b0126, long 0x00000000) line 671 + 27 bytes USER32! 77e719d0() USER32! 77e71982() NTDLL! 77f763a3() GlobalWindowImpl::Focus(GlobalWindowImpl * const 0x023ae7c8) line 1222 + 23 bytes nsWebShellWindow::HandleEvent(nsGUIEvent * 0x0012e428) line 519 nsWindow::DispatchEvent(nsWindow * const 0x023ae954, nsGUIEvent * 0x0012e428, nsEventStatus & nsEventStatus_eIgnore) line 493 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012e428) line 514 nsWindow::DispatchFocus(unsigned int 0x00000068) line 3103 + 15 bytes nsWindow::ProcessMessage(unsigned int 0x00000007, unsigned int 0x00000000, long 0x00000000, long * 0x0012e68c) line 2332 + 19 bytes nsWindow::WindowProc(HWND__ * 0x035b0126, unsigned int 0x00000007, unsigned int 0x00000000, long 0x00000000) line 671 + 27 bytes USER32! 77e719d0() USER32! 77e71982() NTDLL! 77f763a3() USER32! 77e718d2() nsWindow::DefaultWindowProc(HWND__ * 0x035b0126, unsigned int 0x00000006, unsigned int 0x00000001, long 0x00000000) line 698 USER32! 77e727fe() USER32! 77e72889() nsWindow::WindowProc(HWND__ * 0x035b0126, unsigned int 0x00000006, unsigned int 0x00000001, long 0x00000000) line 678 + 31 bytes USER32! 77e719d0() USER32! 77e71982() NTDLL! 77f763a3() USER32! 77e89050() USER32! 77e8ad30() USER32! 77e8b044() USER32! 77e8aed8() USER32! 77e8b203() USER32! 77e8a5a6() nsDebug::Assertion(const char * 0x0217e3dc, const char * 0x0217e3b4, const char * 0x0217e374, int 0x00000070) line 172 + 22 bytes ImageListener::AddRef(ImageListener * const 0x03353c20) line 112 + 74 bytes ImageListener::QueryInterface(ImageListener * const 0x03353c20, const nsID & {...}, void * * 0x0012fb68) line 112 + 139 bytes CallQueryInterface(nsISupports * 0x03353c20, nsIStreamListener * * 0x0012fb68) line 1225 nsCOMPtr<nsIStreamListener>::Assert_NoQueryNeeded() line 445 + 15 bytes nsGetterAddRefs<nsIStreamListener>::~nsGetterAddRefs<nsIStreamListener>() line 842 nsDocumentOpenInfo::DispatchContent(nsIChannel * 0x0334d440, nsISupports * 0x00000000) line 392 nsDocumentOpenInfo::OnStartRequest(nsDocumentOpenInfo * const 0x03348920, nsIChannel * 0x0334d440, nsISupports * 0x00000000) line 252 + 16 bytes InterceptStreamListener::OnStartRequest(InterceptStreamListener * const 0x03356da0, nsIChannel * 0x0334d440, nsISupports * 0x00000000) line 1102 nsHTTPServerListener::FinishedResponseHeaders() line 680 + 48 bytes nsHTTPServerListener::OnDataAvailable(nsHTTPServerListener * const 0x03351cc0, nsIChannel * 0x03339454, nsISupports * 0x0334d440, nsIInputStream * 0x03356ccc, unsigned int 0x00000000, unsigned int 0x00000000) line 309 + 8 bytes nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x03356d50) line 388 + 47 bytes nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x03352a40) line 97 + 12 bytes PL_HandleEvent(PLEvent * 0x03352a40) line 556 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x0143b870) line 501 + 9 bytes _md_EventReceiverProc(HWND__ * 0x446d0112, unsigned int 0x0000c0c1, unsigned int 0x00000000, long 0x0143b870) line 1011 + 9 bytes USER32! 77e71820() 0143b87
Assignee: rogerl → joki
Component: Javascript Engine → Event Handling
QA Contact: rginda → janc
Severity: normal → critical
Keywords: crash
*** Bug 27660 has been marked as a duplicate of this bug. ***
Moving to m16 due to severity
Target Milestone: --- → M16
Comments indicate this is not occurring frequently. Moving out of M16 to finish investigating later.
Target Milestone: M16 → M17
I crashed the PC/Linux 2000052109 build somehow, and got a different stack that also ends in nsGenericElement::HandleDOMEvent. I didn't try to reproduce. I found bug 27660 "crash in nsGenericElement::HandleDOMEvent" be a duplicate of this one, and since I do not want to open a new bug without any steps to reproduce, I added the stack trace here. If you want to file a new bug for the new stack trace, feel free to do so.
Bug 40422 describes a freeze, followed by a crash, on http://www.w3c.org/DOM . When trying to reproduce it, I crashed in nsGenericElement::HandleDOMEvent , the stack trace is attached there. It is marked dup of bug 39520, bug I could not find my stack trace there.
Hmm. Well a few fixes went in along these lines in the last month or so. I can't get this thing to crash at the url mentioned here so I'm going to take a shot at WORKSFORME.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WORKSFORME
For the records: The crash on http://www.w3c.org/DOM has gone, too. (PC/Linux, build 2000062220).
Verified worksforme.
Status: RESOLVED → VERIFIED
Component: Event Handling → User events and focus handling
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: