Closed
Bug 7544
Opened 26 years ago
Closed 25 years ago
Crash loading a page of different charset under KO default
Categories
(Core :: Internationalization, defect, P2)
Tracking
()
VERIFIED
FIXED
M7
People
(Reporter: blee, Assigned: ftang)
References
()
Details
One way to reproduce the crash consistently:
1) Launch Apprunner and switch Default Charset to EUC-KR.
2) Try to load page of charset other than KO, but w/o meta-charset
(e.g., URL field above).
==> crash with "error of type 1"
Observed in 6/1 Mac M6 bld.
Assignee | ||
Updated•26 years ago
|
Status: NEW → ASSIGNED
teruko, can you get a Talkback report stack trace on this and paste into bug
please? Thanks!
Jan, Stack trace info didn't make it here as Talk Back was not activated with
this crash in this bld.
Assignee | ||
Updated•25 years ago
|
Priority: P3 → P2
Target Milestone: M7
Assignee | ||
Comment 3•25 years ago
|
||
Mark it P2/M7
Updated•25 years ago
|
QA Contact: teruko → blee
Comment 4•25 years ago
|
||
Changed QA contact to blee@netscape.com
Ignore last comment. It could not be related because #6286 only
affects encoding from Unicode and this bug describes behavior
that would only decode to Unicode.
Assignee | ||
Updated•25 years ago
|
Assignee: ftang → rickg
Status: ASSIGNED → NEW
Assignee | ||
Comment 7•25 years ago
|
||
reassign to rickg and cc peterl
This is a bug surfaced by the wrong converer. Here is the stack trace-
What happened is the wrong converter convert the byte incorrectly make parser
see partial html, the wrong conversion is not the problem because user can
correct it by select another "default charset", but it should not crash the
layout, I am looking at the conversion result and will generate a test cases
which only have ASCII data and produce the same crash this afternoon.
_free_dbg_lk(void * 0x0332c920, int 0x00000001) line 1033 + 60 bytes
_free_dbg(void * 0x0332c920, int 0x00000001) line 970 + 13 bytes
operator delete(void * 0x0332c920) line 49 + 16 bytes
nsTextTransformer::~nsTextTransformer() line 58 + 18 bytes
nsTextFrame::Reflow(nsTextFrame * const 0x033e62d4, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 2679 + 21 bytes
nsLineLayout::ReflowFrame(nsIFrame * 0x033e62d0, nsIFrame * * 0x00127ca4,
unsigned int & 0x00000000) line 846
nsInlineFrame::ReflowInlineFrame(nsIPresContext * 0x038da3b0, const
nsHTMLReflowState & {...}, nsInlineFrame::InlineReflowState & {...}, nsIFrame *
0x033e62d0, unsigned int & 0x00000000) line 1541 + 20 bytes
nsInlineFrame::ReflowInlineFrames(nsIPresContext * 0x038da3b0, const
nsHTMLReflowState & {...}, nsInlineFrame::InlineReflowState & {...},
nsHTMLReflowMetrics & {...}, unsigned int & 0x00000000) line 1371 + 28 bytes
nsInlineFrame::Reflow(nsInlineFrame * const 0x033cb554, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 1287 + 31 bytes
nsLineLayout::ReflowFrame(nsIFrame * 0x033cb550, nsIFrame * * 0x00129d8c,
unsigned int & 0x00000000) line 846
nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineBox *
0x0330f220, nsIFrame * 0x033cb550, unsigned char * 0x00127e6c) line 2833 + 23
bytes
nsBlockFrame::ReflowInlineFrames(nsBlockReflowState & {...}, nsLineBox *
0x0330f220, int * 0x00127efc) line 2711 + 24 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x0330f220, int
* 0x00127efc) line 1986 + 20 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 1793 + 20 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x0330e284, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 1199 + 18 bytes
nsAreaFrame::Reflow(nsAreaFrame * const 0x0330e284, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 265 + 25 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x0330e280, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 392 + 28 bytes
nsTableCellFrame::Reflow(nsTableCellFrame * const 0x0330eea4, nsIPresContext &
{...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned
int & 0x00000000) line 553
nsContainerFrame::ReflowChild(nsIFrame * 0x0330eea0, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 392 + 28 bytes
nsTableRowFrame::InitialReflow(nsTableRowFrame * const 0x0330ee20,
nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, RowReflowState & {...},
unsigned int & 0x00000000, nsTableCellFrame * 0x00000000, int 0x00000001) line
873 + 34 bytes
nsTableRowFrame::Reflow(nsTableRowFrame * const 0x0330ee24, nsIPresContext &
{...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned
int & 0x00000000) line 1483 + 39 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x0330ee20, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 392 + 28 bytes
nsTableRowGroupFrame::ReflowMappedChildren(nsTableRowGroupFrame * const
0x033094a0, nsIPresContext & {...}, nsHTMLReflowMetrics & {...},
RowGroupReflowState & {...}, unsigned int & 0x00000000, nsTableRowFrame *
0x00000000, nsReflowReason eReflowReason_Initial, int 0x00000001) line 450 + 34
bytes
nsTableRowGroupFrame::Reflow(nsTableRowGroupFrame * const 0x033094a4,
nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState &
{...}, unsigned int & 0x00000000) line 1010 + 39 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x033094a0, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 392 + 28 bytes
nsTableFrame::ResizeReflowPass1(nsTableFrame * const 0x03302dd0, nsIPresContext
& {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned
int & 0x00000000, nsTableRowGroupFrame * 0x00000000, nsReflowReason
eReflowReason_Initial, int 0x00000001) line 2684
nsTableFrame::Reflow(nsTableFrame * const 0x03302dd4, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 2533 + 46 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x03302dd0, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 392 + 28 bytes
nsTableOuterFrame::Reflow(nsTableOuterFrame * const 0x0315abd4, nsIPresContext &
{...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned
int & 0x00000000) line 1003 + 37 bytes
nsBlockReflowContext::ReflowBlock(nsIFrame * 0x0315abd0, const nsRect & {...},
int 0x00000001, int 0x00000000, int 0x00000000, nsMargin & {...}, unsigned int &
0x00000000) line 227 + 42 bytes
nsBlockFrame::ReflowFloater(nsBlockReflowState & {...}, nsPlaceholderFrame *
0x0332b6c0, nsRect & {...}, nsMargin & {...}) line 4382 + 47 bytes
nsBlockReflowState::AddFloater(nsPlaceholderFrame * 0x0332b6c0, int 0x00000000)
line 4445
nsLineLayout::AddFloater(nsPlaceholderFrame * 0x0332b6c0) line 423
nsLineLayout::ReflowFrame(nsIFrame * 0x0332b6c0, nsIFrame * * 0x0012d0ac,
unsigned int & 0x00000000) line 863
nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineBox *
0x034736d0, nsIFrame * 0x0332b6c0, unsigned char * 0x0012b18c) line 2833 + 23
bytes
nsBlockFrame::ReflowInlineFrames(nsBlockReflowState & {...}, nsLineBox *
0x034736d0, int * 0x0012b21c) line 2711 + 24 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x034736d0, int
* 0x0012b21c) line 1986 + 20 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 1793 + 20 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x0343d724, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 1199 + 18 bytes
nsBlockReflowContext::ReflowBlock(nsIFrame * 0x0343d720, const nsRect & {...},
int 0x00000001, int 0x00000000, int 0x00000001, nsMargin & {...}, unsigned int &
0x00000000) line 227 + 42 bytes
nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox *
0x0343d7f0, int * 0x0012d538) line 2493 + 56 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x0343d7f0, int
* 0x0012d538) line 1983 + 20 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 1793 + 20 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x0343c524, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 1199 + 18 bytes
nsAreaFrame::Reflow(nsAreaFrame * const 0x0343c524, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 265 + 25 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x0343c520, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 392 + 28 bytes
RootFrame::Reflow(RootFrame * const 0x034387e4, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 229
nsContainerFrame::ReflowChild(nsIFrame * 0x034387e0, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 392 + 28 bytes
nsScrollFrame::Reflow(nsScrollFrame * const 0x03430f84, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 423
nsContainerFrame::ReflowChild(nsIFrame * 0x03430f80, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 392 + 28 bytes
ViewportFrame::Reflow(ViewportFrame * const 0x0342ba54, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 438
nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x0332bb60,
nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsSize & {...},
nsIRenderingContext & {...}) line 169
PresShell::ProcessReflowCommands(PresShell * const 0x033f43e0) line 1236
PresShell::ExitReflowLock(PresShell * const 0x033f43e0) line 655
PresShell::ContentAppended(PresShell * const 0x033f43e8, nsIDocument *
0x0349f190, nsIContent * 0x03423c8c, int 0x0000001a) line 1649
nsDocument::ContentAppended(nsDocument * const 0x0349f190, nsIContent *
0x03423c8c, int 0x0000001a) line 1548
nsHTMLDocument::ContentAppended(nsHTMLDocument * const 0x0349f190, nsIContent *
0x03423c8c, int 0x0000001a) line 676
HTMLContentSink::WillInterrupt(HTMLContentSink * const 0x0310fa20) line 1564
CNavDTD::WillInterruptParse(CNavDTD * const 0x033fd4c0) line 3106 + 27 bytes
nsParser::ResumeParse(nsIDTD * 0x00000000) line 860
nsParser::OnDataAvailable(nsParser * const 0x030fff54, nsIURL * 0x038d8f90,
nsIInputStream * 0x033bfb70, unsigned int 0x00000415) line 1071 + 17 bytes
nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x038d8d40,
nsIURL * 0x038d8f90, nsIInputStream * 0x033bfb70, unsigned int 0x00000415) line
1502 + 24 bytes
OnDataAvailableProxyEvent::HandleEvent(OnDataAvailableProxyEvent * const
0x033f4540) line 634
StreamListenerProxyEvent::HandlePLEvent(PLEvent * 0x033f4544) line 473 + 12
bytes
PL_HandleEvent(PLEvent * 0x033f4544) line 491 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00be5c30) line 452 + 9 bytes
_md_EventReceiverProc(void * 0x006e02b2, unsigned int 0x0000c0f4, unsigned int
0x00000000, long 0x00be5c30) line 868 + 9 bytes
USER32! 77e5111a()
New procedure-
1. launch Apprunner
2. goto http://www.mainichi.co.jp/main.html
(If you do not have Japanese font installed, you will see garbage, don't worry)
3. Select "Korean (EUC-KR)" as the "default charset". Notice the correct
encoding is "Japanese (Shift_JIS)" for that page.
4. It will crash.
Although this is a wrong encoding, layout should not crash.
Looks like the text transformer is the culprit. Let's put it in kipps pile until
we can take a closer look.
Assignee | ||
Updated•25 years ago
|
Assignee: kipp → ftang
Assignee | ||
Comment 9•25 years ago
|
||
Reassign this back to ftang. Althogh this is not a converter problem, it is a
problem inside linebreak integration....
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 10•25 years ago
|
||
I think the problem is the following code in the GetNextWord routin of
nsTextTransformer.cpp -
280 if((bp + numChars ) > bufEnd) {
281 PRInt32 delta = bp - mBuffer;
282 if(!GrowBuffer()) {
283 goto done;
284 }
285 bp = mBuffer + delta;
286 bufEnd = mBuffer + mBufferLength;
287 }
The code assume the success of GrowBuffer() will ensure
((bp + numChars ) > bufEnd) to be false.
However, if we look at the GrowBuffer routine, it only double the size of the
buffer, which does not take any parameter of numChars. I think the fix should
change the if((bp + numChars ) > bufEnd) to while((bp + numChars ) > bufEnd)
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 11•25 years ago
|
||
verify the previouse proposed fix. It did fix the problem. Check in the fix in
1.19 of nsTextTransformer.cpp. Add erik to the cc list.
Comment 12•25 years ago
|
||
This fix can result in needless churning of the buffer. The proper way to fix
this is to augment the GrowBuffer API to accept a necessary number of characters
and put the requisite logic in there to only grow the buffer once.
Text handling code is performance critical, we can't afford to be sloppy here.
Reporter | ||
Comment 13•25 years ago
|
||
Crash problem verified fixed in 6-15-14 Mac bld.
You need to log in
before you can comment on or make changes to this bug.
Description
•