IE6 crash - again

  • Thread starter Thread starter Danny
  • Start date Start date
D

Danny

I am having this MSHTML crash in IE.
Following is the information I got using WinDbg
Note that it happens with IE6 6.0.2900.2180 on XPSP2
I already posted a note about it in the past but I can't reply there
from some reason.

Output view:
------------
(efc.584): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0000001c ebx=02e6bb4c ecx=00000000 edx=00000027 esi=00000000
edi=02db7ff0
eip=7d551268 esp=0013a178 ebp=0013a17c iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00010202
mshtml!CTableRow::RowLayoutCache+0x8:
7d551268 8b4618 mov eax,[esi+0x18]
ds:0023:00000018=????????


Call stack:
-------------
# ChildEBP RetAddr Args to Child
00 0013a17c 7d552a10 00000000 0013a514 02d714d0
mshtml!CTableRow::RowLayoutCache+0x8 (FPO: [Non-Fpo])
01 0013a214 7d55396d 0013a484 00000001 00000000
mshtml!CTableLayout::CalculateMinMax+0x5bc (FPO: [Non-Fpo])
02 0013a3f0 7d554190 00000001 0000031a 0000031a
mshtml!CTableLayout::CalculateLayout+0x24e (FPO: [Non-Fpo])
03 0013a540 7d51b03d 0013bb30 0013a6f4 00000000
mshtml!CTableLayout::CalcSizeVirtual+0x665 (FPO: [Non-Fpo])
04 0013a654 7d5489fb 00000000 0013a6f4 00000000
mshtml!CLayout::CalcSize+0x224 (FPO: [Non-Fpo])
05 0013a6c8 7d549595 02d714d0 00000000 0000031b
mshtml!CFlowLayout::MeasureSite+0x1e5 (FPO: [Non-Fpo])
06 0013a70c 7d5494cc 02d714d0 0013bb30 00000001
mshtml!CFlowLayout::GetSiteWidth+0x12b (FPO: [Non-Fpo])
07 0013a738 7d553613 02d5db80 02d714d0 0013bb30
mshtml!CLSMeasurer::GetSiteWidth+0x80 (FPO: [9,0,0])
08 0013a7c4 02cb4131 02e74850 0013a7e4 0013a8a8
mshtml!CEmbeddedILSObj::Fmt+0x149 (FPO: [Non-Fpo])
09 0013a854 02cb438f 02e743ec 00000000 04671848
msls31!ProcessOneRun+0x3ea (FPO: [Non-Fpo])
0a 0013a8b0 02cb4249 02e74408 00000333 00000000
msls31!FetchAppendEscCore+0x18c (FPO: [Non-Fpo])
0b 0013a904 02cb3ba1 00000000 00000000 00000014
msls31!LsDestroyLine+0x452 (FPO: [Non-Fpo])
0c 0013a98c 02cb1734 000003c3 00002e95 00000000
msls31!LsDestroyLine+0xab8 (FPO: [Non-Fpo])
0d 0013a9c8 7d52624e 00000001 000003c3 00002e95
msls31!LsCreateLine+0xc9 (FPO: [Non-Fpo])
0e 0013ab14 7d5262f2 000003c3 02d5db90 0013afb0
mshtml!CLSMeasurer::LSDoCreateLine+0x13e (FPO: [Uses EBP] [7,68,0])
0f 0013aba8 7d525e08 0013afb0 0000031b 00000000
mshtml!CLSMeasurer::LSMeasure+0x3b (FPO: [Uses EBP] [3,25,0])
10 0013abec 7d529cb8 0000031b ffffffff 00000083
mshtml!CLSMeasurer::Measure+0x172 (FPO: [Uses EBP] [5,9,4])
11 0013ac0c 7d527bfc 0000031b ffffffff 00000083
mshtml!CLSMeasurer::MeasureLine+0x29 (FPO: [5,0,0])
12 0013b8dc 00000000 00000836 02d5db90 00000000
mshtml!CRecalcLinePtr::MeasureLine+0x404 (FPO: [Non-Fpo])

Disassembly:
-------------
7d551253 83c40c add esp,0xc
7d551256 e93f06fcff jmp
mshtml!_MemRealloc+0x137 (7d51189a)
7d55125b 90 nop
7d55125c 90 nop
7d55125d 90 nop
7d55125e 90 nop
7d55125f 90 nop
mshtml!CTableRow::RowLayoutCache:
7d551260 8bff mov edi,edi
7d551262 55 push ebp
7d551263 8bec mov ebp,esp
7d551265 56 push esi
7d551266 8bf1 mov esi,ecx
7d551268 8b4618 mov
eax,[esi+0x18] ds:0023:00000018=????????
7d55126b f6c401 test ah,0x1
7d55126e 0f8535060500 jne
mshtml!CTableRow::RowLayoutCache+0x10 (7d5a18a9)
7d551274 84c0 test al,al
7d551276 0f894b430000 jns
mshtml!CTableRow::RowLayoutCache+0x19 (7d5555c7)
7d55127c ff7508 push dword ptr
[ebp+0x8]
7d55127f 8bce mov ecx,esi
7d551281 e866e2fcff call
mshtml!CElement::GetUpdatedLayout (7d51f4ec)
7d551286 5e pop esi
7d551287 5d pop ebp
7d551288 c20400 ret 0x4
7d55128b 90 nop
7d55128c 90 nop
7d55128d 90 nop
7d55128e 90 nop
7d55128f 90 nop
 
Hi Danny :-)

You don't give any details about what you were doing at the time (i.e.
trying to open a webpage, trying to download, trying to log on to a site,
etc.), or what error messages you are getting when this happens, if any,
which would be a big help.

Thus, I can only take a guess at some suggestions. Try the following and
see if it helps:

Open an ms-dos prompt window (Start>Run>) and type the following (one entry
at a time), and press enter after each line. A message will appear stating
that these have been registered successfully.

regsvr32 Shdocvw.dll
regsvr32 Shell32.dll (this command only for Win2000 and XP)
regsvr32 Oleaut32.dll
regsvr32 Actxprxy.dll
regsvr32 Mshtml.dll
regsvr32 Urlmon.dll

Error Message: Internet Explorer Has Encountered a Problem and Needs to
Close (Mshtml.dll)
http://support.microsoft.com/default.aspx?scid=kb;en-us;810887&Product=winxp

Internet Explorer or Outlook Express quits unexpectedly with an error in
Mshtml.dll
http://support.microsoft.com/default.aspx?scid=kb;en-us;816506

The file may have become damaged or corrupted. To replace the file, just run
Windows Update and get all the available security patches, and
you'll get the latest version of that file. You can also use the patch
under the Resolution section to update the file:
http://support.microsoft.com/kb/813489/EN-US/
then again from here, in this order:
http://support.microsoft.com/default.aspx?scid=kb;en-us;816506

Hope this helps.

Jan :)
MS MVP - Windows/Internet Explorer
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

I am having this MSHTML crash in IE.
Following is the information I got using WinDbg
Note that it happens with IE6 6.0.2900.2180 on XPSP2
I already posted a note about it in the past but I can't reply there
from some reason.

Output view:
------------
(efc.584): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0000001c ebx=02e6bb4c ecx=00000000 edx=00000027 esi=00000000
edi=02db7ff0
eip=7d551268 esp=0013a178 ebp=0013a17c iopl=0 nv up ei pl nz na
pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00010202
mshtml!CTableRow::RowLayoutCache+0x8:
7d551268 8b4618 mov eax,[esi+0x18]
ds:0023:00000018=????????


Call stack:
-------------
# ChildEBP RetAddr Args to Child
00 0013a17c 7d552a10 00000000 0013a514 02d714d0
mshtml!CTableRow::RowLayoutCache+0x8 (FPO: [Non-Fpo])
01 0013a214 7d55396d 0013a484 00000001 00000000
mshtml!CTableLayout::CalculateMinMax+0x5bc (FPO: [Non-Fpo])
02 0013a3f0 7d554190 00000001 0000031a 0000031a
mshtml!CTableLayout::CalculateLayout+0x24e (FPO: [Non-Fpo])
03 0013a540 7d51b03d 0013bb30 0013a6f4 00000000
mshtml!CTableLayout::CalcSizeVirtual+0x665 (FPO: [Non-Fpo])
04 0013a654 7d5489fb 00000000 0013a6f4 00000000
mshtml!CLayout::CalcSize+0x224 (FPO: [Non-Fpo])
05 0013a6c8 7d549595 02d714d0 00000000 0000031b
mshtml!CFlowLayout::MeasureSite+0x1e5 (FPO: [Non-Fpo])
06 0013a70c 7d5494cc 02d714d0 0013bb30 00000001
mshtml!CFlowLayout::GetSiteWidth+0x12b (FPO: [Non-Fpo])
07 0013a738 7d553613 02d5db80 02d714d0 0013bb30
mshtml!CLSMeasurer::GetSiteWidth+0x80 (FPO: [9,0,0])
08 0013a7c4 02cb4131 02e74850 0013a7e4 0013a8a8
mshtml!CEmbeddedILSObj::Fmt+0x149 (FPO: [Non-Fpo])
09 0013a854 02cb438f 02e743ec 00000000 04671848
msls31!ProcessOneRun+0x3ea (FPO: [Non-Fpo])
0a 0013a8b0 02cb4249 02e74408 00000333 00000000
msls31!FetchAppendEscCore+0x18c (FPO: [Non-Fpo])
0b 0013a904 02cb3ba1 00000000 00000000 00000014
msls31!LsDestroyLine+0x452 (FPO: [Non-Fpo])
0c 0013a98c 02cb1734 000003c3 00002e95 00000000
msls31!LsDestroyLine+0xab8 (FPO: [Non-Fpo])
0d 0013a9c8 7d52624e 00000001 000003c3 00002e95
msls31!LsCreateLine+0xc9 (FPO: [Non-Fpo])
0e 0013ab14 7d5262f2 000003c3 02d5db90 0013afb0
mshtml!CLSMeasurer::LSDoCreateLine+0x13e (FPO: [Uses EBP] [7,68,0])
0f 0013aba8 7d525e08 0013afb0 0000031b 00000000
mshtml!CLSMeasurer::LSMeasure+0x3b (FPO: [Uses EBP] [3,25,0])
10 0013abec 7d529cb8 0000031b ffffffff 00000083
mshtml!CLSMeasurer::Measure+0x172 (FPO: [Uses EBP] [5,9,4])
11 0013ac0c 7d527bfc 0000031b ffffffff 00000083
mshtml!CLSMeasurer::MeasureLine+0x29 (FPO: [5,0,0])
12 0013b8dc 00000000 00000836 02d5db90 00000000
mshtml!CRecalcLinePtr::MeasureLine+0x404 (FPO: [Non-Fpo])

Disassembly:
-------------
7d551253 83c40c add esp,0xc
7d551256 e93f06fcff jmp
mshtml!_MemRealloc+0x137 (7d51189a)
7d55125b 90 nop
7d55125c 90 nop
7d55125d 90 nop
7d55125e 90 nop
7d55125f 90 nop
mshtml!CTableRow::RowLayoutCache:
7d551260 8bff mov edi,edi
7d551262 55 push ebp
7d551263 8bec mov ebp,esp
7d551265 56 push esi
7d551266 8bf1 mov esi,ecx
7d551268 8b4618 mov
eax,[esi+0x18] ds:0023:00000018=????????
7d55126b f6c401 test ah,0x1
7d55126e 0f8535060500 jne
mshtml!CTableRow::RowLayoutCache+0x10 (7d5a18a9)
7d551274 84c0 test al,al
7d551276 0f894b430000 jns
mshtml!CTableRow::RowLayoutCache+0x19 (7d5555c7)
7d55127c ff7508 push dword ptr
[ebp+0x8]
7d55127f 8bce mov ecx,esi
7d551281 e866e2fcff call
mshtml!CElement::GetUpdatedLayout (7d51f4ec)
7d551286 5e pop esi
7d551287 5d pop ebp
7d551288 c20400 ret 0x4
7d55128b 90 nop
7d55128c 90 nop
7d55128d 90 nop
7d55128e 90 nop
7d55128f 90 nop
Click to expand...
 
Open an ms-dos prompt window...

In WinXP? Do you mean a Command prompt window (Start > Run > cmd)?
--
~PA Bear


Jan said:
Hi Danny :-)

You don't give any details about what you were doing at the time (i.e.
trying to open a webpage, trying to download, trying to log on to a site,
etc.), or what error messages you are getting when this happens, if any,
which would be a big help.

Thus, I can only take a guess at some suggestions. Try the following and
see if it helps:

Open an ms-dos prompt window (Start>Run>) and type the following (one
entry at a time), and press enter after each line. A message will appear
stating that these have been registered successfully.

regsvr32 Shdocvw.dll
regsvr32 Shell32.dll (this command only for Win2000 and XP)
regsvr32 Oleaut32.dll
regsvr32 Actxprxy.dll
regsvr32 Mshtml.dll
regsvr32 Urlmon.dll

Error Message: Internet Explorer Has Encountered a Problem and Needs to
Close (Mshtml.dll)
http://support.microsoft.com/default.aspx?scid=kb;en-us;810887&Product=winxp

Internet Explorer or Outlook Express quits unexpectedly with an error in
Mshtml.dll
http://support.microsoft.com/default.aspx?scid=kb;en-us;816506

The file may have become damaged or corrupted. To replace the file, just
run Windows Update and get all the available security patches, and
you'll get the latest version of that file. You can also use the patch
under the Resolution section to update the file:
http://support.microsoft.com/kb/813489/EN-US/
then again from here, in this order:
http://support.microsoft.com/default.aspx?scid=kb;en-us;816506
Click to expand...
<snip>
 
Your original thread from early September: http://snipurl.com/jneu

Is the machine fully up-to-date at Windows Update?

Have you ruled out hijackware?

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP
I am having this MSHTML crash in IE.
Following is the information I got using WinDbg
Note that it happens with IE6 6.0.2900.2180 on XPSP2
I already posted a note about it in the past but I can't reply there
from some reason.
Click to expand...
<snip>
 
PA Bear said:
In WinXP? Do you mean a Command prompt window (Start > Run > cmd)?
Click to expand...

Yes...that is correct. My apologies to the OP for the confusion.

Thank you for catching that. <s>

Jan :)
MS MVP - Windows/Internet Explorer
Smiles are meant to be shared,
that's why they're so contagious.
 
Sorry for not being clear. This post was supposed to be connected to
another thread but I can't find it now.
So I will add some more details to the scenario:
I have an HTML table that is binded to an XML island. The XML is
defined without any URL, i.e.
<XML id='myXML'></XML>

I then have a function which is activated in the BODY onload event, and
this function actually assigns a URL to the XML:
document.all.myXML.src = <some url>

Everything works fine, but if I click refresh several times, I get the
above crash. There is no certain number of refreshes that reproduce the
problem and sometimes it is reproduced at the first time the page is
rendered.
Now, yesterday I changed the flow a bit, and moved the URL assignment
to be in a script which is just before the BODY end tag, i.e. not in
the onload event. Mysteriously, this seems to solve the problem ( I
added a timeout script that refreshes the page every second and it
worked hours without crashing).
It still worries me, as I have no clue why it happens and why it is
seemed to be solved.

Thanks,
Danny
 
Hi Danny :-)
Sorry for not being clear. This post was supposed to be connected to
another thread but I can't find it now.
So I will add some more details to the scenario:
I have an HTML table that is binded to an XML island. The XML is
defined without any URL, i.e.
<XML id='myXML'></XML>

I then have a function which is activated in the BODY onload event, and
this function actually assigns a URL to the XML:
document.all.myXML.src = <some url>

Everything works fine, but if I click refresh several times, I get the
above crash. There is no certain number of refreshes that reproduce the
problem and sometimes it is reproduced at the first time the page is
rendered.
Now, yesterday I changed the flow a bit, and moved the URL assignment
to be in a script which is just before the BODY end tag, i.e. not in
the onload event. Mysteriously, this seems to solve the problem ( I
added a timeout script that refreshes the page every second and it
worked hours without crashing).
It still worries me, as I have no clue why it happens and why it is
seemed to be solved.

Thanks,
Danny
Click to expand...

You're very welcome! Glad to hear you were able to resolve your problem.
Good job!

Thank you very much for posting back and letting us know what worked for
you, and for the benefit of other readers who might have a similar problem.

I'm sorry that I am not that familiar with problem area, but, perhaps
someone else here is and can offer you more information on a
possible/probable cause.

Jan :)
MS MVP - Windows/Internet Explorer
Smiles are meant to be shared,
that's why they're so contagious.
 
I will be glad to hear from someone as the probelm did not totally
vanish, my change just made the crash less frequent.
 
....
Your original thread from early September: http://snipurl.com/jneu
Click to expand...


He never did answer my question about the version of msls31.dll
(one of the callers in the Stack Back Trace) or where it came from.

He waited about 1 day too long to be able to reply using OE on msnews.
(Sept 7 to Nov 8) but he should still be able to reply using the web interface:

http://www.microsoft.com/communitie...8399&mid=f7077666-64c0-4644-8633-786cd6978399


Others who have had trouble posting from the web interface usually have it
with New subjects (due to some popup blocking issues apparently) and thus
have to resort to finding a thread to reply "Me too!" in. Curious claim...


Robert
---
 
Danny said:
Ooops
Sorry for any inconvenience....:-)

Anyway, my msls31.dll version is 3.10.349.0.
Click to expand...


So same as mine. And where is it being loaded?

E.g. my next question was:
<quote>
So is 028E0000 where msls31.dll is being loaded on your system?
</quote>

However, notice that in your latest dump the mysterious return address
range suggests that a module is loaded at 02CB0000 which is still
not where we might expect it to be.

So my other questions still seem relevant and potentially useful too.


BTW what exactly is the problem with replying to that old post
using the web interface? (E.g. starting from the link I supplied
in the post you are replying to.)


Robert
---
 
So same is mine...

msls1.dll is loaded at 02cd0000

BTW what exactly is the problem with replying...
Click to expand...

Well, the link you gave me is OK, but before that I couldn't (using
Google Groups site).

Danny
 
....
msls1.dll is loaded at 02cd0000
Click to expand...


Mine is still loading where DependencyWalker says it should prefer to go:
0x746C0000

I wonder what else you have loaded which would be causing such
a discrepancy?


I suggest you follow PA Bear's tips for identifying and eliminating
sources of third-party interference.


Good luck

Robert
---
 
Back
Top