Closed
Bug 33245
Opened 25 years ago
Closed 25 years ago
crash in reference counting History layout Object
Categories
(Core :: Layout, defect, P3)
Tracking
()
VERIFIED
WORKSFORME
M16
People
(Reporter: sitsofe, Assigned: radha)
References
()
Details
(Keywords: crash)
Attachments
(1 file)
(deleted),
text/plain
|
Details |
Steps to reproduce:
1. Visit http://www.wired.com/news/
2. Select a link
3. Click back
4. Select another link
Expected:
Page to load
Result:
Crash. This may be related to bug 32201...
Build: 032409 Linux
Comment 1•25 years ago
|
||
Crash on Win32:
MOZILLA caused an invalid page fault in
module <unknown> at 0000:00a700fd.
Registers:
EAX=00a70050 CS=014f EIP=00a700fd EFLGS=00010206
EBX=00000000 SS=0157 ESP=0068f528 EBP=0068f55c
ECX=00a7007c DS=0157 ESI=00a5ee10 FS=0e9f
EDX=0068f610 ES=0157 EDI=80000000 GS=0000
Bytes at CS:EIP:
00 a7 00 c4 26 a7 00 0c e3 b5 00 31 00 00 00 21
Stack dump:
80000000 00a5ee10 0068f55c 0068f548 00000000 0068f610 00a7007c 00a70050 6019c253
00a70050 00a5a8ac 00000000 00000000 0068f5dc 601d8e5a 00a5ee10
Changing OS to All, adding crash keyword, upgrading to Critical (because it's a
crash). This isn't bug 32201. :-)
Gerv
Comment 2•25 years ago
|
||
This also shows up in my Solaris 2.6 build of M14.
Can someone change platform to All?
(stacktrace coming..)
Comment 3•25 years ago
|
||
Comment 4•25 years ago
|
||
hi troy
ns_if_addref(nsILayoutHistoryState * 0x03e30030) line 1090 + 15 bytes
PresShell::CaptureHistoryState(PresShell * const 0x04491cd0,
nsILayoutHistoryState * * 0x04491f90) line 2485 + 21 bytes
nsCSSFrameConstructor::ConstructDocElementFrame(nsIPresShell * 0x04491cd0,
nsIPresContext * 0x044b8950, nsFrameConstructorState & {...}, nsIContent *
0x044b7a68, nsIFrame * 0x03a20ff4, nsIStyleContext * 0x044a9490, nsIFrame * &
0x038d3ee0) line 2552 + 48 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x04491f60,
nsIPresContext * 0x044b8950, nsIContent * 0x00000000, nsIContent * 0x044b7a68,
int 0, nsILayoutHistoryState * 0x00000000) line 7060
StyleSetImpl::ContentInserted(StyleSetImpl * const 0x04495060, nsIPresContext *
0x044b8950, nsIContent * 0x00000000, nsIContent * 0x044b7a68, int 0) line 966
PresShell::InitialReflow(PresShell * const 0x04491cd0, int 10425, int 12045)
line 1242
HTMLContentSink::StartLayout() line 3217
HTMLContentSink::OpenBody(HTMLContentSink * const 0x044b7c60, const
nsIParserNode & {...}) line 2701
CNavDTD::OpenBody(const nsIParserNode * 0x04492a30) line 2678 + 31 bytes
CNavDTD::OpenContainer(const nsIParserNode * 0x04492a30, nsHTMLTag
eHTMLTag_body, int 1, nsEntryStack * 0x00000000) line 2931 + 12 bytes
CNavDTD::HandleDefaultStartToken(CToken * 0x02e09980, nsHTMLTag eHTMLTag_body,
nsIParserNode * 0x04492a30) line 1091 + 20 bytes
CNavDTD::HandleStartToken(CToken * 0x02e09980) line 1429 + 22 bytes
CNavDTD::HandleToken(CNavDTD * const 0x04492d80, CToken * 0x02e09980, nsIParser
* 0x044b61c0) line 776 + 12 bytes
CNavDTD::BuildModel(CNavDTD * const 0x04492d80, nsIParser * 0x044b61c0,
nsITokenizer * 0x04491410, nsITokenObserver * 0x00000000, nsIContentSink *
0x044b7c60) line 514 + 20 bytes
nsParser::BuildModel() line 1297 + 34 bytes
nsParser::ResumeParse(int 1, int 1) line 1181 + 11 bytes
nsParser::OnStopRequest(nsParser * const 0x044b61c4, nsIChannel * 0x044b1b40,
nsISupports * 0x00000000, unsigned int 2152398850, const unsigned short *
0x00000000) line 1643 + 19 bytes
nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x044b1a80,
nsIChannel * 0x044b1b40, nsISupports * 0x00000000, unsigned int 2152398850,
const unsigned short * 0x00000000) line 278
InterceptStreamListener::OnStopRequest(InterceptStreamListener * const
0x044b4bf0, nsIChannel * 0x044b1b40, nsISupports * 0x00000000, unsigned int
2152398850, const unsigned short * 0x00000000) line 1120
nsHTTPChunkConv::OnStopRequest(nsHTTPChunkConv * const 0x04491330, nsIChannel *
0x044b1b40, nsISupports * 0x00000000, unsigned int 2152398850, const unsigned
short * 0x00000000) line 97
nsHTTPChannel::ResponseCompleted(nsIStreamListener * 0x04491330, unsigned int
2152398850, const unsigned short * 0x00000000) line 1448 + 36 bytes
nsHTTPServerListener::OnStopRequest(nsHTTPServerListener * const 0x044b4150,
nsIChannel * 0x044b4854, nsISupports * 0x044b1b40, unsigned int 2152398850,
const unsigned short * 0x00000000) line 497
nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x03f16510) line 286
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x03f16150) line 97 + 12 bytes
PL_HandleEvent(PLEvent * 0x03f16150) line 563 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x0100a700) line 508 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x05e30144, unsigned int 49317, unsigned int 0,
long 16819968) line 1018 + 9 bytes
USER32! 77e71268()
0100a700()
Assignee: cbegle → troy
Component: Browser-General → Layout
QA Contact: asadotzler → petersen
Nisheeth, I think the CaptureHistoryState() code is you
Assignee: troy → nisheeth
Comment 6•25 years ago
|
||
Radha, this is a problem with reference counting on the history state, so
passing over to you.
Assignee: nisheeth → radha
Assignee | ||
Comment 7•25 years ago
|
||
Not sure. I'm crashing right when I get out of wired.com to load another page.
Status: NEW → ASSIGNED
Target Milestone: --- → M16
Assignee | ||
Comment 8•25 years ago
|
||
re-summarised.
Summary: Select link, go back, select another link causes crash → crash in reference counting History layout Object
Comment 9•25 years ago
|
||
Going forward and back reading Wired news, using links and the [Back] button,
using the 2000-04-13-08-M16 build, everything seems stable... no crashes
after roughly 2 dozen forward-and-back navigations.
Comment 10•25 years ago
|
||
Back is currently broken a bit, but there's no crash. Marking WORKSFORME.
Gerv
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•