Closed Bug 5263 Opened 25 years ago Closed 25 years ago

crash in frame code

Categories

(Core :: DOM: Core & HTML, defect, P3)

x86
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: rickg, Assigned: vidur)

References

()

Details

I've been seeing a really odd crash recently, which appears to be a regression. Here's the snippet from the warnerbros.com homepage: <html><body> text <img src="img/newday4.jpg" align=right"> </body></html> Here's the stack trace: nsDebug::PreCondition(const char * 0x007c5cb4, const char * 0x007c5ca0, const char * 0x007c5c70, int 1994) line 120 + 13 bytes PresShell::SetPlaceholderFrameFor(PresShell * const 0x011571a0, nsIFrame * 0x00000000, nsIFrame * 0x036050d0) line 1994 + 32 bytes nsCSSFrameConstructor::CantRenderReplacedElement(nsCSSFrameConstructor * const 0x01156170, nsIPresContext * 0x0112d040, nsIFrame * 0x036051e0) line 4733 StyleSetImpl::CantRenderReplacedElement(StyleSetImpl * const 0x01156570, nsIPresContext * 0x0112d040, nsIFrame * 0x036051e0) line 828 PresShell::HandleCantRenderReplacedElementEvent(nsIFrame * 0x036051e0) line 1363
Assignee: peterl → troy
Component: Style System → Layout
Summary: crash in style/frame code → crash in frame code
Assignee: troy → vidur
I fixed the ConstructAlternateImageFrame() and that fixes the bug Rick reported (using his small example). Vidur, assigning the bug to you, because I'm getting a crash in what looks like DOM code when I try and display http://www.warnerbros.com 00000049() nsJSUtils::nsConvertObjectToJSVal(nsISupports * 0x0012ff40, JSContext * 0x0112c340, long * 0x0012f0e0) line 130 + 20 bytes GetNavigatorProperty(JSContext * 0x0112c340, JSObject * 0x0122f128, long -9, long * 0x0012f0e0) line 124 + 20 bytes js_GetProperty(JSContext * 0x0112c340, JSObject * 0x0122f128, long 18233008, long * 0x0012f0e0) line 1695 + 25 bytes js_Interpret(JSContext * 0x0112c340, long * 0x0012f260) line 2149 + 913 bytes js_Invoke(JSContext * 0x0112c340, unsigned int 3, int 0) line 666 + 13 bytes js_Interpret(JSContext * 0x0112c340, long * 0x0012f9d8) line 2183 + 15 bytes js_Execute(JSContext * 0x0112c340, JSObject * 0x0122d708, JSScript * 0x02539210, JSFunction * 0x00000000, JSStackFrame * 0x00000000, int 0, long * 0x0012f9d8) line 815 + 13 bytes JS_EvaluateUCScriptForPrincipals(JSContext * 0x0112c340, JSObject * 0x0122d708, JSPrincipals * 0x00000000, const unsigned short * 0x01218830, unsigned int 870, const char * 0x010d5cc0, unsigned int 191, long * 0x0012f9d8) line 2322 + 27 bytes nsJSContext::EvaluateString(nsJSContext * const 0x0112c580, const nsString & {...}, const char * 0x010d5cc0, unsigned int 191, nsString & {...}, int * 0x0012fa04) line 122 + 64 bytes HTMLContentSink::EvaluateScript(nsString & {...}, int 191) line 2829 HTMLContentSink::ProcessSCRIPTTag(const nsIParserNode & {...}) line 2943 HTMLContentSink::AddLeaf(HTMLContentSink * const 0x010d17a0, const nsIParserNode & {...}) line 1979 + 12 bytes CNavDTD::AddLeaf(const nsIParserNode & {...}) line 2665 + 31 bytes CNavDTD::HandleScriptToken(nsCParserNode & {...}) line 1593 + 12 bytes CNavDTD::OpenContainer(const nsIParserNode & {...}, int 1) line 2488 + 12 bytes CNavDTD::HandleDefaultStartToken(CToken * 0x01167f90, nsHTMLTag eHTMLTag_script, nsIParserNode & {...}) line 992 + 14 bytes CNavDTD::HandleStartToken(CToken * 0x01167f90) line 1228 + 25 bytes NavDispatchTokenHandler(CToken * 0x01167f90, nsIDTD * 0x0115b950) line 247 + 12 bytes CTokenHandler::operator()(CToken * 0x01167f90, nsIDTD * 0x0115b950) line 80 + 14 bytes CNavDTD::HandleToken(CNavDTD * const 0x0115b950, CToken * 0x01167f90, nsIParser * 0x010d1910) line 634 + 18 bytes CNavDTD::BuildModel(CNavDTD * const 0x0115b950, nsIParser * 0x010d1910, nsITokenizer * 0x0115b040, nsITokenObserver * 0x00000000, nsIContentSink * 0x010d17a0) line 508 + 20 bytes nsParser::BuildModel() line 869 + 34 bytes nsParser::ResumeParse(nsIDTD * 0x00000000) line 821 + 11 bytes nsParser::EnableParser(int 1) line 523 + 19 bytes HTMLContentSink::ResumeParsing() line 2751 nsDoneLoadingScript(nsIUnicharStreamLoader * 0x024b4f80, nsString & {...}, void * 0x010d17a0, unsigned int 0) line 2860 nsUnicharStreamLoader::OnStopBinding(nsUnicharStreamLoader * const 0x024b4f84, nsIURL * 0x024b0500, unsigned int 0, const unsigned short * 0x024b04d0) line 156 + 31 bytes nsDocumentBindInfo::OnStopBinding(nsDocumentBindInfo * const 0x024b4d40, nsIURL * 0x024b0500, unsigned int 0, const unsigned short * 0x024b04d0) line 1994 + 30 bytes OnStopBindingProxyEvent::HandleEvent(OnStopBindingProxyEvent * const 0x024b2780) line 591 + 45 bytes StreamListenerProxyEvent::HandlePLEvent(PLEvent * 0x024b2784) line 471 + 12 bytes PL_HandleEvent(PLEvent * 0x024b2784) line 476 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x0107f680) line 437 + 9 bytes _md_EventReceiverProc(HWND__ * 0x002c032c, unsigned int 49425, unsigned int 0, long 17299072) line 799 + 9 bytes USER32! 77e71250() 0107f680()
QA Contact: 4110 → 4144
Assignee: vidur → beard
Patrick, the problems occurs because navigator.mimeTypes and navigator.plugins now exist, return NS_OK from their stub implementations, but do not set the return out pointer to null.
Target Milestone: M6
-> M6
Assignee: beard → vidur
Component: Layout → DOM Level 0
This doesn't crash on the Mac, as of 4/29/99. I've expanded the Navigator properties implementation. Should be fixed now.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Patrick, feel free to mark the bugs as FIXED when you're done with them, rather than reassigning them.
Status: RESOLVED → VERIFIED
Fixed in 5/17 Build.
You need to log in before you can comment on or make changes to this bug.