Closed Bug 5606 Opened 25 years ago Closed 25 years ago

Crash in nsDTDContext::GetStyles

Categories

(Core :: DOM: HTML Parser, defect, P3)

x86
Linux
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: pollmann, Assigned: rickg)

References

()

Details

Attachments

(1 file)

This crash is relatively new (did not crash here on this page last week). I found it while doing work on bug #3585. This new crash is masking bug #3585 so I would bet that you will still crash on that bug even when you get this one fixed. I load up the following document: <HTML> <BODY ONLOAD="document.open(); document.close()"> Foo </BODY> </HTML> And the browser crashes with this stack trace: #0 0x405651bc in nsDTDContext::GetStyles (this=0x83d7048) at nsDTDUtils.cpp:269 #1 0x4056f78f in CNavDTD::UpdateStyleStackForCloseTag (this=0x8318740, aTag=eHTMLTag_html, anActualTag=eHTMLTag_html) at CNavDTD.cpp:2871 #2 0x4056cc09 in CNavDTD::HandleEndToken (this=0x8318740, aToken=0x830e048) at CNavDTD.cpp:1401 #3 0x4056a725 in NavDispatchTokenHandler (aToken=0x830e048, aDTD=0x8318740) at CNavDTD.cpp:250 #4 0x4057b394 in CTokenHandler::operator() (this=0x8318910, aToken=0x830e048, aDTD=0x8318740) at nsTokenHandler.cpp:80 #5 0x4056b3cd in CNavDTD::HandleToken (this=0x8318740, aToken=0x830e048, aParser=0x8316ae0) at CNavDTD.cpp:635 #6 0x4056b00a in CNavDTD::BuildModel (this=0x8318740, aParser=0x8316ae0, aTokenizer=0x83d7420, anObserver=0x0, aSink=0x8317b78) at CNavDTD.cpp:509 #7 0x405789c3 in nsParser::BuildModel (this=0x8316ae0) at nsParser.cpp:847 #8 0x405788b4 in nsParser::ResumeParse (this=0x8316ae0, aDefaultDTD=0x0) at nsParser.cpp:799 #9 0x4057871c in nsParser::Parse (this=0x8316ae0, aSourceBuffer=@0xbfffe538, aKey=0x80000001, aContentType=@0xbfffe528, aEnableVerify=0, aLastCall=1) at nsParser.cpp:742 #10 0x403b3d7c in nsHTMLDocument::Close (this=0x8387190) at nsHTMLDocument.cpp:1249 ... (I'll attach a full stack trace, it's 40 levels deep)
Attached file Full stack trace (deleted) —
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Caused by an oversight on my part in the access pathway to the new residual style stack. Sorry for the inconvenience. Fixed by update to DTDUtils.
Durn that was fast. I think you deserve an award for "fastest bugfix in the West". :)
QA Contact: 3847 → 4141
Attempting to steal gem's HTMLParser bugs all at once. Changing QAContact to janc.
Status: RESOLVED → VERIFIED
verified fixed. 199071308
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: