Closed Bug 5643 Opened 26 years ago Closed 26 years ago

Crash in initial layout of empty framesets

Categories

(Core :: Layout, defect, P3)

x86
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: morse, Assigned: chofmann)

References

()

Details

Bringing up the browswer on a page containing the html shown below results in a gp-trap. Note this looks very similar to bug 1252 but the stack trace at time of crash is completely different. And the only difference between the html in this report and the one in 1252 is the addition of the "SRC=about:blank" in the frame statements. This bug is currently causing crashes when any of the viewers (cookie viewer, single-signon viewer, and safe-formfill) are selected from the menu. For this reason I would consider this to be an M5 showstopper. Here's the html: <HTML> <HEAD> <SCRIPT> function loadCookies(){ top.frames[0].document.open(); top.frames[0].document.close(); } </SCRIPT> </HEAD> <FRAMESET onLoad=loadCookies()> <FRAME SRC=about:blank> <FRAME SRC=about:blank> </FRAMESET> </HTML> and here's the stack trace: nsDTDContext::GetStyles() line 269 + 11 bytes CNavDTD::UpdateStyleStackForCloseTag(nsHTMLTag eHTMLTag_html, nsHTMLTag eHTMLTag_html) line 2871 + 11 bytes CNavDTD::HandleEndToken(CToken * 0x0117f120) line 1403 NavDispatchTokenHandler(CToken * 0x0117f120, nsIDTD * 0x0270af30) line 250 + 12 bytes CTokenHandler::operator()(CToken * 0x0117f120, nsIDTD * 0x0270af30) line 80 + 14 bytes CNavDTD::HandleToken(CNavDTD * const 0x0270af30, CToken * 0x0117f120, nsIParser * 0x02711770) line 635 + 18 bytes CNavDTD::BuildModel(CNavDTD * const 0x0270af30, nsIParser * 0x02711770, nsITokenizer * 0x027127e0, nsITokenObserver * 0x00000000, nsIContentSink * 0x02711b40) line 509 + 20 bytes nsParser::BuildModel() line 847 + 34 bytes nsParser::ResumeParse(nsIDTD * 0x00000000) line 799 + 11 bytes nsParser::Parse(nsString & {...}, void * 0x80000001, const nsString & {...}, int 0, int 1) line 742 + 13 bytes nsHTMLDocument::Close(nsHTMLDocument * const 0x012afbcc) line 1249 + 76 bytes HTMLDocumentClose(JSContext * 0x012976e0, JSObject * 0x01b10860, unsigned int 0, long * 0x01a63f5c, long * 0x0012b0d0) line 681 + 15 bytes js_Invoke(JSContext * 0x012976e0, unsigned int 0, int 0) line 650 + 26 bytes js_Interpret(JSContext * 0x012976e0, long * 0x0012b8d4) line 2199 + 15 bytes js_Invoke(JSContext * 0x012976e0, unsigned int 0, int 0) line 666 + 13 bytes js_Interpret(JSContext * 0x012976e0, long * 0x0012c094) line 2199 + 15 bytes js_Invoke(JSContext * 0x012976e0, unsigned int 1, int 0) line 666 + 13 bytes js_CallFunctionValue(JSContext * 0x012976e0, JSObject * 0x01a891a8, long 28234048, unsigned int 1, long * 0x0012c1c0, long * 0x0012c1c8) line 735 + 15 bytes JS_CallFunctionValue(JSContext * 0x012976e0, JSObject * 0x01a891a8, long 28234048, unsigned int 1, long * 0x0012c1c0, long * 0x0012c1c8) line 2437 + 29 bytes nsJSEventListener::HandleEvent(nsIDOMEvent * 0x02706750) line 97 + 34 bytes nsEventListenerManager::HandleEvent(nsIPresContext & {...}, nsEvent * 0x0012c36c, nsIDOMEvent * * 0x0012c2f0, unsigned int 3, nsEventStatus & nsEventStatus_eIgnore) line 870 + 21 bytes GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x01297624, nsIPresContext & {...}, nsEvent * 0x0012c36c, nsIDOMEvent * * 0x0012c2f0, unsigned int 1, nsEventStatus & nsEventStatus_eIgnore) line 1896 nsWebShell::OnEndDocumentLoad(nsWebShell * const 0x01294ad0, nsIURL * 0x026d66d0, int 0) line 2285 + 34 bytes nsDocLoaderImpl::FireOnEndDocumentLoad(int 0) line 1420 nsDocLoaderImpl::FireOnEndDocumentLoad(int 0) line 1428 nsDocLoaderImpl::LoadURLComplete(nsIURL * 0x012acd30, nsISupports * 0x012accb0, int 0) line 1580 nsDocumentBindInfo::OnStopBinding(nsDocumentBindInfo * const 0x012accb0, nsIURL * 0x012acd30, unsigned int 0, unsigned short * 0x0012c484) line 2141 nsStreamListenerProxy::OnStopBinding(nsStreamListenerProxy * const 0x012afdb0, nsIURL * 0x012acd30, unsigned int 0, unsigned short * 0x0012c484) line 768 + 30 bytes stub_complete(_NET_StreamClass * 0x012af8b0) line 766 net_output_about_url(_ActiveEntry * 0x012af4f0) line 687 + 10 bytes net_AboutLoad(_ActiveEntry * 0x012af4f0) line 910 + 9 bytes NET_GetURL(URL_Struct_ * 0x012afe30, int 102, MWContext_ * 0x012af2f0, void (URL_Struct_ *, int, MWContext_ *)* 0x00412f2c bam_exit_routine(URL_Struct_ *, int, MWContext_ *)) line 2979 + 12 bytes nsNetlibService::OpenStream(nsNetlibService * const 0x00f94e50, nsIURL * 0x012acd30, nsIStreamListener * 0x012accb0) line 476 + 20 bytes nsDocumentBindInfo::Bind(nsIURL * 0x012acd30, nsIStreamListener * 0x00000000) line 1866 + 23 bytes nsDocumentBindInfo::Bind(const nsString & {...}, nsIPostData * 0x00000000, nsIStreamListener * 0x00000000) line 1830 + 16 bytes nsDocLoaderImpl::LoadDocument(nsDocLoaderImpl * const 0x012ac120, const nsString & {...}, char * 0x01c2aac4, nsIContentViewerContainer * 0x012abe60, nsIPostData * 0x00000000, nsISupports * 0x00000000, nsIStreamObserver * 0x012abd40, nsURLReloadType nsURLReload, const unsigned int 0) line 1104 + 21 bytes nsWebShell::DoLoadURL(const nsString & {...}, char * 0x01c2aac4, nsIPostData * 0x00000000, nsURLReloadType nsURLReload, const unsigned int 0) line 1525 nsWebShell::LoadURL(nsWebShell * const 0x012abe60, unsigned short * 0x012acb30, char * 0x01c2aac4, nsIPostData * 0x00000000, int 1, nsURLReloadType nsURLReload, const unsigned int 0) line 1606 + 28 bytes nsWebShell::LoadURL(nsWebShell * const 0x012abe60, unsigned short * 0x012acb30, nsIPostData * 0x00000000, int 1, nsURLReloadType nsURLReload, const unsigned int 0) line 1453 nsHTMLFrameInnerFrame::Reflow(nsHTMLFrameInnerFrame * const 0x012abce4, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 1233116) line 858 + 39 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x012abce0, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 1233116) line 389 + 28 bytes nsHTMLFrameOuterFrame::Reflow(nsHTMLFrameOuterFrame * const 0x012abc74, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 1233116) line 362 nsContainerFrame::ReflowChild(nsIFrame * 0x012abc70, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 1233116) line 389 + 28 bytes nsHTMLFramesetFrame::ReflowPlaceChild(nsIFrame * 0x012abc70, nsIPresContext & {...}, const nsHTMLReflowState & {...}, nsPoint & {...}, nsSize & {...}, nsPoint * 0x0012d240) line 755 nsHTMLFramesetFrame::Reflow(nsHTMLFramesetFrame * const 0x012ab3b4, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 1234184) line 1147 nsLineLayout::ReflowFrame(nsIFrame * 0x012ab3b0, nsIFrame * * 0x0012f3a8, unsigned int & 1234184) line 844 nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineBox * 0x012ab4d0, nsIFrame * 0x012ab3b0, unsigned char * 0x0012d4dc) line 2818 + 23 bytes nsBlockFrame::ReflowInlineFrames(nsBlockReflowState & {...}, nsLineBox * 0x012ab4d0, int * 0x0012d56c) line 2695 + 24 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x012ab4d0, int * 0x0012d56c) line 1968 + 20 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 1775 + 20 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x012ab124, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1180 + 18 bytes nsAreaFrame::Reflow(nsAreaFrame * const 0x012ab124, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 261 + 25 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x012ab120, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 389 + 28 bytes RootFrame::Reflow(RootFrame * const 0x012aa7e4, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 225 nsContainerFrame::ReflowChild(nsIFrame * 0x012aa7e0, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 389 + 28 bytes ViewportFrame::Reflow(ViewportFrame * const 0x012aa634, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 434 PresShell::InitialReflow(PresShell * const 0x012ad6f0, int 8745, int 4785) line 881 HTMLContentSink::StartLayout() line 1963 HTMLContentSink::CloseFrameset(HTMLContentSink * const 0x026d4bf0, const nsIParserNode & {...}) line 1813 CNavDTD::CloseFrameset(const nsIParserNode & {...}) line 2433 + 31 bytes CNavDTD::CloseContainer(const nsIParserNode & {...}, nsHTMLTag eHTMLTag_frameset, int 1) line 2568 + 12 bytes CNavDTD::CloseContainersTo(int 1, nsHTMLTag eHTMLTag_frameset, int 1) line 2604 + 26 bytes CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_frameset, int 1) line 2625 + 20 bytes CNavDTD::HandleEndToken(CToken * 0x0117e120) line 1409 + 14 bytes NavDispatchTokenHandler(CToken * 0x0117e120, nsIDTD * 0x026d0aa0) line 250 + 12 bytes CTokenHandler::operator()(CToken * 0x0117e120, nsIDTD * 0x026d0aa0) line 80 + 14 bytes CNavDTD::HandleToken(CNavDTD * const 0x026d0aa0, CToken * 0x0117e120, nsIParser * 0x025a16c0) line 635 + 18 bytes CNavDTD::BuildModel(CNavDTD * const 0x026d0aa0, nsIParser * 0x025a16c0, nsITokenizer * 0x012a0b80, nsITokenObserver * 0x00000000, nsIContentSink * 0x026d4bf0) line 509 + 20 bytes nsParser::BuildModel() line 847 + 34 bytes nsParser::ResumeParse(nsIDTD * 0x00000000) line 799 + 11 bytes nsParser::OnDataAvailable(nsParser * const 0x025a16c4, nsIURL * 0x026d66d0, nsIInputStream * 0x0266ba00, unsigned int 276) line 1011 + 17 bytes nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x026d6a70, nsIURL * 0x026d66d0, nsIInputStream * 0x0266ba00, unsigned int 276) line 2102 + 24 bytes OnDataAvailableProxyEvent::HandleEvent(OnDataAvailableProxyEvent * const 0x012ad8a0) line 632 StreamListenerProxyEvent::HandlePLEvent(PLEvent * 0x012ad8a4) line 471 + 12 bytes PL_HandleEvent(PLEvent * 0x012ad8a4) line 476 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00f90470) line 437 + 9 bytes _md_EventReceiverProc(void * 0x005f0136, unsigned int 49305, unsigned int 0, long 16319600) line 799 + 9 bytes USER32! 77e71250()
OK, let me back off a little. The only crash is when selecting the cookie viewer (edit/wallet/display-cookies). This bug does not cause a crash for the signon-viewer or for safe-formfill.
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
This is now fixed with a change that rickg checked in last night at midnight (in nsDTDUtils.cpp). Cookie viewer no longer crashes. Closing out this bug report.
Status: RESOLVED → VERIFIED
Fixed in the April 29th Build.
sorry for spam. updating url to help with bug 1252 regression
You need to log in before you can comment on or make changes to this bug.