Closed
Bug 5411
Opened 25 years ago
Closed 25 years ago
Repeated re-display causes crash
Categories
(Core :: Layout, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: morse, Assigned: waterson)
Details
Refer to content shown in bug report 5409.
Display the content (i.e., enter URL for it in location field and press return).
Repeat redisplaying it six times. On the sixth try, it crashes with the
following stack trace:
FindDataSource::~FindDataSource() line 158 + 3 bytes
FindDataSource::`scalar deleting destructor'(unsigned int 1) + 15 bytes
FindDataSource::Release(FindDataSource * const 0x01249890) line 183 + 99 bytes
CompositeDataSourceImpl::~CompositeDataSourceImpl() line 575 + 18 bytes
CompositeDataSourceImpl::`scalar deleting destructor'(unsigned int 1) + 15 bytes
CompositeDataSourceImpl::Release(CompositeDataSourceImpl * const 0x012495b0)
line 584 + 99 bytes
InMemoryDataSource::~InMemoryDataSource() line 899 + 12 bytes
InMemoryDataSource::`scalar deleting destructor'(unsigned int 1) + 15 bytes
InMemoryDataSource::Release(InMemoryDataSource * const 0x011a8520) line 829 + 99
bytes
RelatedLinksDataSource::SetRelatedLinksURL(RelatedLinksDataSource * const
0x0124b520, char * 0x025c3500) line 958 + 18 bytes
nsBrowserAppCore::OnEndDocumentLoad(nsBrowserAppCore * const 0x011cce78, nsIURL
* 0x025c3220, int 0) line 839 + 39 bytes
nsWebShell::OnEndDocumentLoad(nsWebShell * const 0x01191130, nsIURL *
0x025c3220, int 0) line 2369
nsDocLoaderImpl::FireOnEndDocumentLoad(int 0) line 1287
nsDocLoaderImpl::FireOnEndDocumentLoad(int 0) line 1295
nsDocLoaderImpl::LoadURLComplete(nsIURL * 0x02529820, nsISupports * 0x02529700,
int 0) line 1447
nsDocumentBindInfo::OnStopBinding(nsDocumentBindInfo * const 0x02529700, nsIURL
* 0x02529820, unsigned int 0, unsigned short * 0x0012c498) line 2007
nsStreamListenerProxy::OnStopBinding(nsStreamListenerProxy * const 0x011aa5d0,
nsIURL * 0x02529820, unsigned int 0, unsigned short * 0x0012c498) line 768 + 30
bytes
stub_complete(_NET_StreamClass * 0x011ab380) line 766
net_output_about_url(_ActiveEntry * 0x011aaae0) line 687 + 10 bytes
net_AboutLoad(_ActiveEntry * 0x011aaae0) line 910 + 9 bytes
NET_GetURL(URL_Struct_ * 0x011aacc0, int 102, MWContext_ * 0x011aa240, void
(URL_Struct_ *, int, MWContext_ *)* 0x002d2f2c bam_exit_routine(URL_Struct_ *,
int, MWContext_ *)) line 2979 + 12 bytes
nsNetlibService::OpenStream(nsNetlibService * const 0x00ec4a40, nsIURL *
0x02529820, nsIStreamListener * 0x02529700) line 476 + 20 bytes
nsDocumentBindInfo::Bind(nsIURL * 0x02529820, nsIStreamListener * 0x00000000)
line 1732 + 23 bytes
nsDocumentBindInfo::Bind(const nsString & {...}, nsIPostData * 0x00000000,
nsIStreamListener * 0x00000000) line 1696 + 16 bytes
nsDocLoaderImpl::LoadDocument(nsDocLoaderImpl * const 0x02528250, const nsString
& {...}, char * 0x01c19af0, nsIContentViewerContainer * 0x025c3ad0, nsIPostData
* 0x00000000, nsISupports * 0x00000000, nsIStreamObserver * 0x025c2a50,
nsURLReloadType nsURLReload, const unsigned int 0) line 971 + 21 bytes
nsWebShell::DoLoadURL(const nsString & {...}, char * 0x01c19af0, nsIPostData *
0x00000000, nsURLReloadType nsURLReload, const unsigned int 0) line 1559
nsWebShell::LoadURL(nsWebShell * const 0x025c3ad0, unsigned short * 0x02529c00,
char * 0x01c19af0, nsIPostData * 0x00000000, int 1, nsURLReloadType nsURLReload,
const unsigned int 0) line 1650 + 28 bytes
nsWebShell::LoadURL(nsWebShell * const 0x025c3ad0, unsigned short * 0x02529c00,
nsIPostData * 0x00000000, int 1, nsURLReloadType nsURLReload, const unsigned int
0) line 1477
nsHTMLFrameInnerFrame::Reflow(nsHTMLFrameInnerFrame * const 0x025c2974,
nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState &
{...}, unsigned int & 0) line 828 + 39 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x025c2970, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 389 + 28 bytes
nsHTMLFrameOuterFrame::Reflow(nsHTMLFrameOuterFrame * const 0x025b8294,
nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState &
{...}, unsigned int & 0) line 348
nsContainerFrame::ReflowChild(nsIFrame * 0x025b8290, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 389 + 28 bytes
nsHTMLFramesetFrame::ReflowPlaceChild(nsIFrame * 0x025b8290, nsIPresContext &
{...}, const nsHTMLReflowState & {...}, nsPoint & {...}, nsSize & {...}, nsPoint
* 0x0012d254) line 755
nsHTMLFramesetFrame::Reflow(nsHTMLFramesetFrame * const 0x025b8cd4,
nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState &
{...}, unsigned int & 1234188) line 1147
nsLineLayout::ReflowFrame(nsIFrame * 0x025b8cd0, nsIFrame * * 0x0012f3a8,
unsigned int & 1234188) line 837
nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineBox *
0x025b8e00, nsIFrame * 0x025b8cd0, unsigned char * 0x0012d4e0) line 2781 + 23
bytes
nsBlockFrame::ReflowInlineFrames(nsBlockReflowState & {...}, nsLineBox *
0x025b8e00, int * 0x0012d570) line 2664 + 24 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x025b8e00, int
* 0x0012d570) line 1941 + 20 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 1752 + 20 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x025b7934, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 1173 + 18 bytes
nsAreaFrame::Reflow(nsAreaFrame * const 0x025b7934, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 261 + 25 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x025b7930, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 389 + 28 bytes
RootFrame::Reflow(RootFrame * const 0x025b7284, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 237
nsContainerFrame::ReflowChild(nsIFrame * 0x025b7280, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 389 + 28 bytes
ViewportFrame::Reflow(ViewportFrame * const 0x025b7f74, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 434
PresShell::InitialReflow(PresShell * const 0x025b1240, int 8745, int 4785) line
895
HTMLContentSink::StartLayout() line 2050
HTMLContentSink::CloseFrameset(HTMLContentSink * const 0x025c3dc0, const
nsIParserNode & {...}) line 1900
CNavDTD::CloseFrameset(const nsIParserNode & {...}) line 2431 + 31 bytes
CNavDTD::CloseContainer(const nsIParserNode & {...}, nsHTMLTag
eHTMLTag_frameset, int 1) line 2566 + 12 bytes
CNavDTD::CloseContainersTo(int 1, nsHTMLTag eHTMLTag_frameset, int 1) line 2602
+ 26 bytes
CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_frameset, int 1) line 2623 + 20
bytes
CNavDTD::HandleEndToken(CToken * 0x01073390) line 1409 + 14 bytes
NavDispatchTokenHandler(CToken * 0x01073390, nsIDTD * 0x025b27c0) line 250 + 12
bytes
CTokenHandler::operator()(CToken * 0x01073390, nsIDTD * 0x025b27c0) line 80 + 14
bytes
CNavDTD::HandleToken(CNavDTD * const 0x025b27c0, CToken * 0x01073390, nsIParser
* 0x025c2340) line 635 + 18 bytes
CNavDTD::BuildModel(CNavDTD * const 0x025b27c0, nsIParser * 0x025c2340,
nsITokenizer * 0x025b3a00, nsITokenObserver * 0x00000000, nsIContentSink *
0x025c3dc0) line 509 + 20 bytes
nsParser::BuildModel() line 869 + 34 bytes
nsParser::ResumeParse(nsIDTD * 0x00000000) line 821 + 11 bytes
nsParser::OnDataAvailable(nsParser * const 0x025c2344, nsIURL * 0x025c3220,
nsIInputStream * 0x025c0720, unsigned int 953) line 1033 + 17 bytes
nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x025c3120,
nsIURL * 0x025c3220, nsIInputStream * 0x025c0720, unsigned int 953) line 1968 +
24 bytes
OnDataAvailableProxyEvent::HandleEvent(OnDataAvailableProxyEvent * const
0x02532280) line 632
StreamListenerProxyEvent::HandlePLEvent(PLEvent * 0x02532284) line 471 + 12
bytes
PL_HandleEvent(PLEvent * 0x02532284) line 476 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00ec0b50) line 437 + 9 bytes
_md_EventReceiverProc(void * 0x0325038e, unsigned int 49314, unsigned int 0,
long 15469392) line 799 + 9 bytes
USER3
Reporter | ||
Comment 1•25 years ago
|
||
See also bug report 5410
This doesn't sound like a parser bug to me. Anyway, I'll take a look at it.
Eric could you also look into the problem.
Adding rickg to CC List.
Assignee | ||
Updated•25 years ago
|
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 4•25 years ago
|
||
Off-by-one error in the destructor. Happened in a couple other data sources,
too.
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
Comment 5•25 years ago
|
||
Fixed in the June 3rd Build.
You need to log in
before you can comment on or make changes to this bug.
Description
•