Closed Bug 5411 Opened 25 years ago Closed 25 years ago

Repeated re-display causes crash

Categories

(Core :: Layout, defect, P3)

x86
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: morse, Assigned: waterson)

Details

Refer to content shown in bug report 5409. Display the content (i.e., enter URL for it in location field and press return). Repeat redisplaying it six times. On the sixth try, it crashes with the following stack trace: FindDataSource::~FindDataSource() line 158 + 3 bytes FindDataSource::`scalar deleting destructor'(unsigned int 1) + 15 bytes FindDataSource::Release(FindDataSource * const 0x01249890) line 183 + 99 bytes CompositeDataSourceImpl::~CompositeDataSourceImpl() line 575 + 18 bytes CompositeDataSourceImpl::`scalar deleting destructor'(unsigned int 1) + 15 bytes CompositeDataSourceImpl::Release(CompositeDataSourceImpl * const 0x012495b0) line 584 + 99 bytes InMemoryDataSource::~InMemoryDataSource() line 899 + 12 bytes InMemoryDataSource::`scalar deleting destructor'(unsigned int 1) + 15 bytes InMemoryDataSource::Release(InMemoryDataSource * const 0x011a8520) line 829 + 99 bytes RelatedLinksDataSource::SetRelatedLinksURL(RelatedLinksDataSource * const 0x0124b520, char * 0x025c3500) line 958 + 18 bytes nsBrowserAppCore::OnEndDocumentLoad(nsBrowserAppCore * const 0x011cce78, nsIURL * 0x025c3220, int 0) line 839 + 39 bytes nsWebShell::OnEndDocumentLoad(nsWebShell * const 0x01191130, nsIURL * 0x025c3220, int 0) line 2369 nsDocLoaderImpl::FireOnEndDocumentLoad(int 0) line 1287 nsDocLoaderImpl::FireOnEndDocumentLoad(int 0) line 1295 nsDocLoaderImpl::LoadURLComplete(nsIURL * 0x02529820, nsISupports * 0x02529700, int 0) line 1447 nsDocumentBindInfo::OnStopBinding(nsDocumentBindInfo * const 0x02529700, nsIURL * 0x02529820, unsigned int 0, unsigned short * 0x0012c498) line 2007 nsStreamListenerProxy::OnStopBinding(nsStreamListenerProxy * const 0x011aa5d0, nsIURL * 0x02529820, unsigned int 0, unsigned short * 0x0012c498) line 768 + 30 bytes stub_complete(_NET_StreamClass * 0x011ab380) line 766 net_output_about_url(_ActiveEntry * 0x011aaae0) line 687 + 10 bytes net_AboutLoad(_ActiveEntry * 0x011aaae0) line 910 + 9 bytes NET_GetURL(URL_Struct_ * 0x011aacc0, int 102, MWContext_ * 0x011aa240, void (URL_Struct_ *, int, MWContext_ *)* 0x002d2f2c bam_exit_routine(URL_Struct_ *, int, MWContext_ *)) line 2979 + 12 bytes nsNetlibService::OpenStream(nsNetlibService * const 0x00ec4a40, nsIURL * 0x02529820, nsIStreamListener * 0x02529700) line 476 + 20 bytes nsDocumentBindInfo::Bind(nsIURL * 0x02529820, nsIStreamListener * 0x00000000) line 1732 + 23 bytes nsDocumentBindInfo::Bind(const nsString & {...}, nsIPostData * 0x00000000, nsIStreamListener * 0x00000000) line 1696 + 16 bytes nsDocLoaderImpl::LoadDocument(nsDocLoaderImpl * const 0x02528250, const nsString & {...}, char * 0x01c19af0, nsIContentViewerContainer * 0x025c3ad0, nsIPostData * 0x00000000, nsISupports * 0x00000000, nsIStreamObserver * 0x025c2a50, nsURLReloadType nsURLReload, const unsigned int 0) line 971 + 21 bytes nsWebShell::DoLoadURL(const nsString & {...}, char * 0x01c19af0, nsIPostData * 0x00000000, nsURLReloadType nsURLReload, const unsigned int 0) line 1559 nsWebShell::LoadURL(nsWebShell * const 0x025c3ad0, unsigned short * 0x02529c00, char * 0x01c19af0, nsIPostData * 0x00000000, int 1, nsURLReloadType nsURLReload, const unsigned int 0) line 1650 + 28 bytes nsWebShell::LoadURL(nsWebShell * const 0x025c3ad0, unsigned short * 0x02529c00, nsIPostData * 0x00000000, int 1, nsURLReloadType nsURLReload, const unsigned int 0) line 1477 nsHTMLFrameInnerFrame::Reflow(nsHTMLFrameInnerFrame * const 0x025c2974, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 828 + 39 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x025c2970, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 389 + 28 bytes nsHTMLFrameOuterFrame::Reflow(nsHTMLFrameOuterFrame * const 0x025b8294, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 348 nsContainerFrame::ReflowChild(nsIFrame * 0x025b8290, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 389 + 28 bytes nsHTMLFramesetFrame::ReflowPlaceChild(nsIFrame * 0x025b8290, nsIPresContext & {...}, const nsHTMLReflowState & {...}, nsPoint & {...}, nsSize & {...}, nsPoint * 0x0012d254) line 755 nsHTMLFramesetFrame::Reflow(nsHTMLFramesetFrame * const 0x025b8cd4, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 1234188) line 1147 nsLineLayout::ReflowFrame(nsIFrame * 0x025b8cd0, nsIFrame * * 0x0012f3a8, unsigned int & 1234188) line 837 nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineBox * 0x025b8e00, nsIFrame * 0x025b8cd0, unsigned char * 0x0012d4e0) line 2781 + 23 bytes nsBlockFrame::ReflowInlineFrames(nsBlockReflowState & {...}, nsLineBox * 0x025b8e00, int * 0x0012d570) line 2664 + 24 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x025b8e00, int * 0x0012d570) line 1941 + 20 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 1752 + 20 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x025b7934, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1173 + 18 bytes nsAreaFrame::Reflow(nsAreaFrame * const 0x025b7934, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 261 + 25 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x025b7930, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 389 + 28 bytes RootFrame::Reflow(RootFrame * const 0x025b7284, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 237 nsContainerFrame::ReflowChild(nsIFrame * 0x025b7280, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 389 + 28 bytes ViewportFrame::Reflow(ViewportFrame * const 0x025b7f74, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 434 PresShell::InitialReflow(PresShell * const 0x025b1240, int 8745, int 4785) line 895 HTMLContentSink::StartLayout() line 2050 HTMLContentSink::CloseFrameset(HTMLContentSink * const 0x025c3dc0, const nsIParserNode & {...}) line 1900 CNavDTD::CloseFrameset(const nsIParserNode & {...}) line 2431 + 31 bytes CNavDTD::CloseContainer(const nsIParserNode & {...}, nsHTMLTag eHTMLTag_frameset, int 1) line 2566 + 12 bytes CNavDTD::CloseContainersTo(int 1, nsHTMLTag eHTMLTag_frameset, int 1) line 2602 + 26 bytes CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_frameset, int 1) line 2623 + 20 bytes CNavDTD::HandleEndToken(CToken * 0x01073390) line 1409 + 14 bytes NavDispatchTokenHandler(CToken * 0x01073390, nsIDTD * 0x025b27c0) line 250 + 12 bytes CTokenHandler::operator()(CToken * 0x01073390, nsIDTD * 0x025b27c0) line 80 + 14 bytes CNavDTD::HandleToken(CNavDTD * const 0x025b27c0, CToken * 0x01073390, nsIParser * 0x025c2340) line 635 + 18 bytes CNavDTD::BuildModel(CNavDTD * const 0x025b27c0, nsIParser * 0x025c2340, nsITokenizer * 0x025b3a00, nsITokenObserver * 0x00000000, nsIContentSink * 0x025c3dc0) line 509 + 20 bytes nsParser::BuildModel() line 869 + 34 bytes nsParser::ResumeParse(nsIDTD * 0x00000000) line 821 + 11 bytes nsParser::OnDataAvailable(nsParser * const 0x025c2344, nsIURL * 0x025c3220, nsIInputStream * 0x025c0720, unsigned int 953) line 1033 + 17 bytes nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x025c3120, nsIURL * 0x025c3220, nsIInputStream * 0x025c0720, unsigned int 953) line 1968 + 24 bytes OnDataAvailableProxyEvent::HandleEvent(OnDataAvailableProxyEvent * const 0x02532280) line 632 StreamListenerProxyEvent::HandlePLEvent(PLEvent * 0x02532284) line 471 + 12 bytes PL_HandleEvent(PLEvent * 0x02532284) line 476 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00ec0b50) line 437 + 9 bytes _md_EventReceiverProc(void * 0x0325038e, unsigned int 49314, unsigned int 0, long 15469392) line 799 + 9 bytes USER3
See also bug report 5410
This doesn't sound like a parser bug to me. Anyway, I'll take a look at it. Eric could you also look into the problem. Adding rickg to CC List.
Assignee: harishd → waterson
Reassigning the bug to waterson.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Off-by-one error in the destructor. Happened in a couple other data sources, too.
Status: RESOLVED → VERIFIED
Fixed in the June 3rd Build.
You need to log in before you can comment on or make changes to this bug.