Closed Bug 6197 Opened 25 years ago Closed 25 years ago

{compat} Compatibility issue on a malformed document.

Categories

(Core :: DOM: Core & HTML, defect, P4)

DEC
Linux
defect

Tracking

()

CLOSED WONTFIX

People

(Reporter: sean, Assigned: harishd)

References

()

Details

My Mozilla built from cvs 9 May 1999 dumps core when clicking on the "search" link in the left hand frame of http://www.autotrader.co.uk The final message printed out in the xterm is: JavaScript error: parent.right has no properties URL: http://www.autotrader.co.uk/_sidebar.html?bchannel=1&cat=1&feature=01 LineNo: 139 System: Linux Alpha (RedHat 6.0 kernel 2.2.7) The gdb stacktrace from the core looks like this: Reading symbols from /usr/lib/libjpeg.so.62...done. #0 0x200053a05ac in nsCSSFrameConstructor::ConstructFrame (this=0x12093eed0, aPresContext=0x1208e3ef0, aState=@0x11fffebd8, aContent=0x0, aParentFrame=0x1206b2fe0, aHaveFirstLetterStyle=0, aFrameItems=@0x11fffebc8) at nsCSSFrameConstructor.cpp:3430 3430 aContent->GetTag(*getter_AddRefs(tag)); (gdb) where #0 0x200053a05ac in nsCSSFrameConstructor::ConstructFrame (this=0x12093eed0, aPresContext=0x1208e3ef0, aState=@0x11fffebd8, aContent=0x0, aParentFrame=0x1206b2fe0, aHaveFirstLetterStyle=0, aFrameItems=@0x11fffebc8) at nsCSSFrameConstructor.cpp:3430 #1 0x200053a199c in nsCSSFrameConstructor::ContentAppended (this=0x12093eed0, aPresContext=0x1208e3ef0, aContainer=0x1206d02d8, aNewIndexInContainer=-1) at nsCSSFrameConstructor.cpp:3744 #2 0x200054e553c in StyleSetImpl::ContentAppended (this=0x12093ee40, aPresContext=0x1208e3ef0, aContainer=0x1206d02d8, aNewIndexInContainer=-1) at nsStyleSet.cpp:785 #3 0x200051a9674 in PresShell::ContentAppended (this=0x12093ef60, aDocument=0x12094c6b0, aContainer=0x1206d02d8, aNewIndexInContainer=-1) at nsPresShell.cpp:1643 #4 0x20005484dec in nsDocument::ContentAppended (this=0x12094c6b0, aContainer=0x1206d02d8, aNewIndexInContainer=-1) at nsDocument.cpp:1483 #5 0x20005325c1c in nsHTMLDocument::ContentAppended (this=0x12094c6b0, aContainer=0x1206d02d8, aNewIndexInContainer=-1) at nsHTMLDocument.cpp:655 #6 0x2000531a274 in HTMLContentSink::DidBuildModel (this=0x1208bf050, aQualityLevel=0) at nsHTMLContentSink.cpp:1536 #7 0x20001c5e5ac in CNavDTD::DidBuildModel (this=0x120735fc0, anErrorCode=0, aNotifySink=1, aParser=0x1208d14e0, aSink=0x1208bf050) at CNavDTD.cpp:574 #8 0x20001c75bc0 in nsParser::DidBuildModel (this=0x1208d14e0, anErrorCode=0) at nsParser.cpp:501 #9 0x20001c76cf0 in nsParser::ResumeParse (this=0x1208d14e0, aDefaultDTD=0x0) at nsParser.cpp:841 #10 0x20001c77620 in nsParser::OnStopBinding (this=0x1208d14e0, aURL=0x12092ec00, status=0, aMsg=0x11ffff020) at nsParser.cpp:1065 #11 0x20001b115d4 in nsDocumentBindInfo::OnStopBinding (this=0x1208e5410, aURL=0x12092ec00, aStatus=0, aMsg=0x11ffff020) at nsDocLoader.cpp:1523 #12 0x200019eb7f4 in stub_complete (stream=0x1207261b0) at nsStubContext.cpp:765 #13 0x2000155e4c4 in net_MemCacheComplete (stream=0x120782d80) at mkmemcac.c:720 #14 0x20000d89fa0 in net_ProcessHTTP (ce=0x120917340) at mkhttp.c:3604 #15 0x200018a0484 in NET_ProcessNet (ready_fd=0x12018aad0, fd_type=2) at mkgeturl.c:3355 #16 0x200018ad058 in NET_PollSockets () at mkselect.c:298 #17 0x200019df340 in nsNetlibService::NetPollSocketsCallback ( aTimer=0x1208bfce0, aClosure=0x12017f960) at nsNetService.cpp:1270 #18 0x20000a5d89c in TimerImpl::FireTimeout (this=0x1208bfce0) at nsTimer.cpp:73 #19 0x20000a5e0d0 in nsTimerExpired (aCallData=0x1208bfce0) at nsTimer.cpp:189 #20 0x200034aeb0c in g_timeout_dispatch () #21 0x200034ad930 in g_main_dispatch () #22 0x200034ae028 in g_main_iterate () #23 0x200034ae23c in g_main_run () #24 0x20003072dd0 in gtk_main () #25 0x2000053a710 in nsAppShell::Run (this=0x12015fdf0) at nsAppShell.cpp:208 #26 0x2000013697c in nsAppShellService::Run (this=0x12014b090) at nsAppShellService.cpp:203 #27 0x120003958 in main (argc=1, argv=0x11ffffb38) at nsAppRunner.cpp:462 #28 0x20003fd3fb0 in __libc_start_main (main=0x120002d20 <main>, argc=1, argv=0x11ffffb38, init=0x120002b60 <_init>, fini=0x120004dc0 <_fini>, rtld_fini=0x11fffeae8, stack_end=0x11ffffb20) at ../sysdeps/generic/libc-start.c:78 (gdb) The line that its choking on is (I think) parent.right.location="/"+chandir[bchannel]+"/search/search.html"; When I try to slim the page down to a simple test case, I get the error, but no core dump, so its possible that this error message isn't the ultimate cause of the core dump. When I load that frame using Netscape 4, it doesn't have all the javascript, it just has normal links and graphics, so perhaps they are using some sort of redirecter which is fooled by Mozilla, and thinks its talking to MSIE. DISCLAIMER: I don't know what the status of the DOM is supposed to be, so I'm not sure if this is a real bug or just an uncompleted feature. I apologise if I'm wasting your time. I've only just started using mozilla, so the bug may not be a new one. Sean Hunter
QA Contact: 4590 → 4015
Assignee: norris → vidur
Component: JavaScript → DOM Level 0
Status: NEW → ASSIGNED
Target Milestone: M7
vidur, what are your thoughts about getting this into m6? waterson has a fix for 6895 that depends on the fix for this one...
No no, it's bug 6917 that I have a dependecy on.
QA Contact: 4015 → 4616
Assignee: vidur → harishd
Status: ASSIGNED → NEW
Target Milestone: M7
We definitely don't dump core anymore and things seem reasonable hunky-dory on http://www.autotrader.co.uk/. Loading just the sidebar page reveals a parsing compatibility issue, possibly one that is solved when residual style propogation is enabled. The reduced case is pasted below: <html> <body> <h1>Reduced case for bug 6197</h1> <center><form><select name="foo"></center> <option>Option 1</option> <option>Option 2</option> <option>Option 3</option> <option>Option 4</option> </select> </body> </html> The problem is caused by the incorrectly nested CENTER tag. In Navigator 4.x, we seem to deal with it.
Target Milestone: M8
Priority: P3 → P2
Target Milestone: M8 → M9
Need more time to work on the subtleties. Moving to M9.
Target Milestone: M9 → M10
Priority: P2 → P3
setting priority to P3.
Target Milestone: M10 → M11
Target Milestone: M11 → M14
This bug could be fixed only after the content sink is reshaped ( Peterl and vidur will be working on it ). I don't think this bug is a beta blocker. Moving to M14.
Priority: P3 → P4
Summary: Clicking "search" causes Mozilla to dump core → Compatibility issue on a malformed document.
Updated summary to reflect the current behavior. Setting priority to P4.
Summary: Compatibility issue on a malformed document. → {compat} Compatibility issue on a malformed document.
Hmm -- this is definitely not a residual style bug. The problem is that this document is not well formed. The first <select> inside the <center> has no options -- and on Nav and IE nothing is displayed. The second set of options (option1..4) are displayed correctly. I think this may need to go to pollman or Rods to deal with <selects> that contain no options. Harish?
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → WONTFIX
Unfortunately I got to mark this bug WONTFIX. CCing pollmann ( who will be posting a documentation for this bug ).
Status: RESOLVED → VERIFIED
Marking verified. WONTFIX.
Bug seems to have gone away. I tried to make a test case, but it doesn't bite anymore.
Status: VERIFIED → CLOSED
You need to log in before you can comment on or make changes to this bug.