Closed Bug 36280 Opened 25 years ago Closed 25 years ago

Crash on loading this webpage

Categories

(Core :: DOM: HTML Parser, defect, P3)

x86
All
defect

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: bugzilla2, Assigned: harishd)

References

()

Details

(Keywords: crash)

Attachments

(1 file)

Reproducable crash on win98 with build 2000041808 (nightly build). Also crashed on a linux build from April 17 around midday (says sarnold). Dunno if this stuff is any use: MOZILLA caused an invalid page fault in module XPCOM.DLL at 017f:60ce7700. Registers: EAX=02cf8341 CS=017f EIP=60ce7700 EFLGS=00010283 EBX=0167b024 SS=0187 ESP=0068f488 EBP=0068f4a8 ECX=00000001 DS=0187 ESI=016513cc FS=19f7 EDX=00000001 ES=0187 EDI=00000001 GS=0000 Bytes at CS:EIP: ff 14 85 d0 6a d2 60 01 3e 8b 06 8b 4e 10 83 c4 Stack dump: 01651320 00000000 00000000 00000000 00000001 0167b024 016513cc 016513c8 0068f4cc 60ce769e 016513cc 0167b024 00000000 00000001 016513cc 00000000
****.. sorry guys must have bumped the component off.
Component: Y2k → Browser-General
shrir, who should get general bugs?
Indeed, crashes my linux build made from CVS on April 17th. I will rebuild and retest overnight. A very minimal attempt at a testcase didn't work -- I inlcuded nothing but a skeleton of html, and the dtd line at the top (which mentions some Hotdog pro extensions to html...) -- so it requires a bit more work to figure out where the bug is coming from.
Status: UNCONFIRMED → NEW
Ever confirmed: true
correcting owners
Assignee: valeski → asadotzler
QA Contact: shrir → jelwell
I spent some time on this problem. The crash happen in function "nsresult CNavDTD::CollectAttributes(nsCParserNode& aNode,eHTMLTags aTag,PRInt32 aCount)". When a whitespace token is converted to attribute token, the crash happens. The real problem seems exist in HTMLTokenizer. I logged all the popped token in sequence, the problem area is: " </FONT> <FONT> SIZE="-1" FACE="arial, helvetica, courier, *"> <A> HREF="http://www.thedigitalbits.com/dvdmenu.html"> <B>U2: Joshua Tree (Classic Albums) </B> &a <B>Blood Feast: SE </B> </A> </FONT> WIDTH="455"> VALIGN="MIDDLE"> ALIGN="CENTER" HEIGHT="5"> WIDTH="5" SRC= "gfx/spacer.gif" VALIGN="MIDDLE"> ALIGN="CENTER" HREF="advertising/advertisers.map"> ALT="Visit our sponsors!"> BORDER="0" ISMAP="ISMAP" USEMAP="#map1" HEIGHT="46" WIDTH="452" SRC="advertising/advertisers.jpg" NAME= "map1"> TARGET="window"> ALT="Go to IGN.com" HREF="http://www.ign.com/" COORDS="366,-2,454,49" SHAPE= "RECT" TARGET="window"> ALT=" Clearly, start from "WIDTH="455">", all token seems corrupted. If the page is downloaded and accessed locally, the problem does not happen or happens differently. The problem seems related with javascript and network (synchronization?). I hope my finding may help someone else in attaching this bug. I personally do not believe this is a good testcase.
updating component and owner
Assignee: asadotzler → rickg
Component: Browser-General → Parser
QA Contact: jelwell → janc
Are you still seeing the crash? A similer bug got fixed recently ( yesterday 04/25/00 ). Please verify.
I still see it in nightly build 2000042512. I'll keep trying it with nightlies.
Adding crash keyword.
Keywords: crash
Harish wants this one.
Assignee: rickg → harishd
Nope...I don't see the crash ( Apr. 28th build ).
Please verify this once again. I'm inclined to mark this WORKSFORME..
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
I don't see this crash now on nightly build 2000042708. Thanks guys!
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: