Closed
Bug 5606
Opened 25 years ago
Closed 25 years ago
Crash in nsDTDContext::GetStyles
Categories
(Core :: DOM: HTML Parser, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: pollmann, Assigned: rickg)
References
()
Details
Attachments
(1 file)
(deleted),
text/plain
|
Details |
This crash is relatively new (did not crash here on this page last week). I
found it while doing work on bug #3585. This new crash is masking bug #3585 so
I would bet that you will still crash on that bug even when you get this one
fixed.
I load up the following document:
<HTML>
<BODY ONLOAD="document.open(); document.close()">
Foo
</BODY>
</HTML>
And the browser crashes with this stack trace:
#0 0x405651bc in nsDTDContext::GetStyles (this=0x83d7048)
at nsDTDUtils.cpp:269
#1 0x4056f78f in CNavDTD::UpdateStyleStackForCloseTag (this=0x8318740,
aTag=eHTMLTag_html, anActualTag=eHTMLTag_html) at CNavDTD.cpp:2871
#2 0x4056cc09 in CNavDTD::HandleEndToken (this=0x8318740, aToken=0x830e048)
at CNavDTD.cpp:1401
#3 0x4056a725 in NavDispatchTokenHandler (aToken=0x830e048, aDTD=0x8318740)
at CNavDTD.cpp:250
#4 0x4057b394 in CTokenHandler::operator() (this=0x8318910, aToken=0x830e048,
aDTD=0x8318740) at nsTokenHandler.cpp:80
#5 0x4056b3cd in CNavDTD::HandleToken (this=0x8318740, aToken=0x830e048,
aParser=0x8316ae0) at CNavDTD.cpp:635
#6 0x4056b00a in CNavDTD::BuildModel (this=0x8318740, aParser=0x8316ae0,
aTokenizer=0x83d7420, anObserver=0x0, aSink=0x8317b78) at CNavDTD.cpp:509
#7 0x405789c3 in nsParser::BuildModel (this=0x8316ae0) at nsParser.cpp:847
#8 0x405788b4 in nsParser::ResumeParse (this=0x8316ae0, aDefaultDTD=0x0)
at nsParser.cpp:799
#9 0x4057871c in nsParser::Parse (this=0x8316ae0, aSourceBuffer=@0xbfffe538,
aKey=0x80000001, aContentType=@0xbfffe528, aEnableVerify=0, aLastCall=1)
at nsParser.cpp:742
#10 0x403b3d7c in nsHTMLDocument::Close (this=0x8387190)
at nsHTMLDocument.cpp:1249
... (I'll attach a full stack trace, it's 40 levels deep)
Reporter | ||
Comment 1•25 years ago
|
||
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Caused by an oversight on my part in the access pathway to the new residual
style stack. Sorry for the inconvenience. Fixed by update to DTDUtils.
Reporter | ||
Comment 3•25 years ago
|
||
Durn that was fast.
I think you deserve an award for "fastest bugfix in the West". :)
Updated•25 years ago
|
QA Contact: 3847 → 4141
Comment 4•25 years ago
|
||
Attempting to steal gem's HTMLParser bugs all at once. Changing QAContact to
janc.
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
Comment 5•25 years ago
|
||
verified fixed.
199071308
You need to log in
before you can comment on or make changes to this bug.
Description
•