Closed
Bug 6197
Opened 25 years ago
Closed 25 years ago
{compat} Compatibility issue on a malformed document.
Categories
(Core :: DOM: Core & HTML, defect, P4)
Tracking
()
CLOSED
WONTFIX
M13
People
(Reporter: sean, Assigned: harishd)
References
()
Details
My Mozilla built from cvs 9 May 1999 dumps core when clicking on the "search" link in the left hand frame of http://www.autotrader.co.uk
The final message printed out in the xterm is:
JavaScript error: parent.right has no properties
URL: http://www.autotrader.co.uk/_sidebar.html?bchannel=1&cat=1&feature=01 LineNo: 139
System: Linux Alpha (RedHat 6.0 kernel 2.2.7)
The gdb stacktrace from the core looks like this:
Reading symbols from /usr/lib/libjpeg.so.62...done.
#0 0x200053a05ac in nsCSSFrameConstructor::ConstructFrame (this=0x12093eed0,
aPresContext=0x1208e3ef0, aState=@0x11fffebd8, aContent=0x0,
aParentFrame=0x1206b2fe0, aHaveFirstLetterStyle=0,
aFrameItems=@0x11fffebc8) at nsCSSFrameConstructor.cpp:3430
3430 aContent->GetTag(*getter_AddRefs(tag));
(gdb) where
#0 0x200053a05ac in nsCSSFrameConstructor::ConstructFrame (this=0x12093eed0,
aPresContext=0x1208e3ef0, aState=@0x11fffebd8, aContent=0x0,
aParentFrame=0x1206b2fe0, aHaveFirstLetterStyle=0,
aFrameItems=@0x11fffebc8) at nsCSSFrameConstructor.cpp:3430
#1 0x200053a199c in nsCSSFrameConstructor::ContentAppended (this=0x12093eed0,
aPresContext=0x1208e3ef0, aContainer=0x1206d02d8, aNewIndexInContainer=-1)
at nsCSSFrameConstructor.cpp:3744
#2 0x200054e553c in StyleSetImpl::ContentAppended (this=0x12093ee40,
aPresContext=0x1208e3ef0, aContainer=0x1206d02d8, aNewIndexInContainer=-1)
at nsStyleSet.cpp:785
#3 0x200051a9674 in PresShell::ContentAppended (this=0x12093ef60,
aDocument=0x12094c6b0, aContainer=0x1206d02d8, aNewIndexInContainer=-1)
at nsPresShell.cpp:1643
#4 0x20005484dec in nsDocument::ContentAppended (this=0x12094c6b0,
aContainer=0x1206d02d8, aNewIndexInContainer=-1) at nsDocument.cpp:1483
#5 0x20005325c1c in nsHTMLDocument::ContentAppended (this=0x12094c6b0,
aContainer=0x1206d02d8, aNewIndexInContainer=-1) at nsHTMLDocument.cpp:655
#6 0x2000531a274 in HTMLContentSink::DidBuildModel (this=0x1208bf050,
aQualityLevel=0) at nsHTMLContentSink.cpp:1536
#7 0x20001c5e5ac in CNavDTD::DidBuildModel (this=0x120735fc0, anErrorCode=0,
aNotifySink=1, aParser=0x1208d14e0, aSink=0x1208bf050) at CNavDTD.cpp:574
#8 0x20001c75bc0 in nsParser::DidBuildModel (this=0x1208d14e0, anErrorCode=0)
at nsParser.cpp:501
#9 0x20001c76cf0 in nsParser::ResumeParse (this=0x1208d14e0, aDefaultDTD=0x0)
at nsParser.cpp:841
#10 0x20001c77620 in nsParser::OnStopBinding (this=0x1208d14e0,
aURL=0x12092ec00, status=0, aMsg=0x11ffff020) at nsParser.cpp:1065
#11 0x20001b115d4 in nsDocumentBindInfo::OnStopBinding (this=0x1208e5410,
aURL=0x12092ec00, aStatus=0, aMsg=0x11ffff020) at nsDocLoader.cpp:1523
#12 0x200019eb7f4 in stub_complete (stream=0x1207261b0)
at nsStubContext.cpp:765
#13 0x2000155e4c4 in net_MemCacheComplete (stream=0x120782d80)
at mkmemcac.c:720
#14 0x20000d89fa0 in net_ProcessHTTP (ce=0x120917340) at mkhttp.c:3604
#15 0x200018a0484 in NET_ProcessNet (ready_fd=0x12018aad0, fd_type=2)
at mkgeturl.c:3355
#16 0x200018ad058 in NET_PollSockets () at mkselect.c:298
#17 0x200019df340 in nsNetlibService::NetPollSocketsCallback (
aTimer=0x1208bfce0, aClosure=0x12017f960) at nsNetService.cpp:1270
#18 0x20000a5d89c in TimerImpl::FireTimeout (this=0x1208bfce0)
at nsTimer.cpp:73
#19 0x20000a5e0d0 in nsTimerExpired (aCallData=0x1208bfce0) at nsTimer.cpp:189
#20 0x200034aeb0c in g_timeout_dispatch ()
#21 0x200034ad930 in g_main_dispatch ()
#22 0x200034ae028 in g_main_iterate ()
#23 0x200034ae23c in g_main_run ()
#24 0x20003072dd0 in gtk_main ()
#25 0x2000053a710 in nsAppShell::Run (this=0x12015fdf0) at nsAppShell.cpp:208
#26 0x2000013697c in nsAppShellService::Run (this=0x12014b090)
at nsAppShellService.cpp:203
#27 0x120003958 in main (argc=1, argv=0x11ffffb38) at nsAppRunner.cpp:462
#28 0x20003fd3fb0 in __libc_start_main (main=0x120002d20 <main>, argc=1,
argv=0x11ffffb38, init=0x120002b60 <_init>, fini=0x120004dc0 <_fini>,
rtld_fini=0x11fffeae8, stack_end=0x11ffffb20)
at ../sysdeps/generic/libc-start.c:78
(gdb)
The line that its choking on is (I think)
parent.right.location="/"+chandir[bchannel]+"/search/search.html";
When I try to slim the page down to a simple test case, I get the
error, but no core dump, so its possible that this error message isn't
the ultimate cause of the core dump.
When I load that frame using Netscape 4, it doesn't have all the
javascript, it just has normal links and graphics, so perhaps they are
using some sort of redirecter which is fooled by Mozilla, and thinks
its talking to MSIE.
DISCLAIMER: I don't know what the status of the DOM is supposed to be,
so I'm not sure if this is a real bug or just an uncompleted feature.
I apologise if I'm wasting your time.
I've only just started using mozilla, so the bug may not be a new one.
Sean Hunter
Updated•25 years ago
|
Assignee: norris → vidur
Component: JavaScript → DOM Level 0
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M7
Comment 1•25 years ago
|
||
vidur, what are your thoughts about getting this into m6?
waterson has a fix for 6895 that depends on the fix for this one...
Updated•25 years ago
|
Assignee: vidur → harishd
Status: ASSIGNED → NEW
Target Milestone: M7
Comment 3•25 years ago
|
||
We definitely don't dump core anymore and things seem reasonable hunky-dory on
http://www.autotrader.co.uk/.
Loading just the sidebar page reveals a parsing compatibility issue, possibly
one that is solved when residual style propogation is enabled. The reduced case
is pasted below:
<html>
<body>
<h1>Reduced case for bug 6197</h1>
<center><form><select name="foo"></center>
<option>Option 1</option>
<option>Option 2</option>
<option>Option 3</option>
<option>Option 4</option>
</select>
</body>
</html>
The problem is caused by the incorrectly nested CENTER tag. In Navigator 4.x, we
seem to deal with it.
This bug could be fixed only after the content sink is reshaped ( Peterl and
vidur will be working on it ). I don't think this bug is a beta blocker.
Moving to M14.
Priority: P3 → P4
Summary: Clicking "search" causes Mozilla to dump core → Compatibility issue on a malformed document.
Updated summary to reflect the current behavior. Setting priority to P4.
Updated•25 years ago
|
Summary: Compatibility issue on a malformed document. → {compat} Compatibility issue on a malformed document.
Hmm -- this is definitely not a residual style bug. The problem is that this
document is not well formed. The first <select> inside the <center> has no
options -- and on Nav and IE nothing is displayed. The second set of options
(option1..4) are displayed correctly. I think this may need to go to pollman or
Rods to deal with <selects> that contain no options. Harish?
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → WONTFIX
Assignee | ||
Comment 10•25 years ago
|
||
Unfortunately I got to mark this bug WONTFIX. CCing pollmann ( who will be
posting a documentation for this bug ).
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
Comment 11•25 years ago
|
||
Marking verified. WONTFIX.
Reporter | ||
Comment 12•25 years ago
|
||
Bug seems to have gone away. I tried to make a test case, but it doesn't bite
anymore.
Status: VERIFIED → CLOSED
You need to log in
before you can comment on or make changes to this bug.
Description
•