IE crashes when opening developer tools when stylesheet is loaded twice

Not reproducible Issue #7115476

Details

Created
Apr 5, 2016
Privacy
This issue is public.
Reports
Reported by 7 people

Sign in to watch or report this issue.

Steps to reproduce

IE crashes when opening developer tools (F12) when a stylesheet is loaded twice.
demo at: http://bug.pluscare.nl/20160405/
after much trimming down code it boils down to:
page.htm

<!DOCTYPE html>
<HTML>
<head>
    <title>bug</title>
    <meta http-equiv="X-UA-Compatible" content="IE=EDGE">
    <link rel="stylesheet" href="stylesheet.css">
    <link rel="stylesheet" href="stylesheet.css">
</head>
<body>
        crash when you press F12
</body>
</html>

Stylesheet.css:

@keyframes fa-spin {
  0% {
    transform: rotate(0deg);
  }
}

The same thing happens when you have the stylesheet in main page and in a sub frame:
main.htm:

<!DOCTYPE html>
<HTML>
<head>
    <title>bug</title>
    <meta http-equiv="X-UA-Compatible" content="IE=EDGE">
    <link rel="stylesheet" href="stylesheet.css">
</head>
<body>
        <iframe src="subframe.htm">
</body>
</html>

frame.htm:

<!DOCTYPE html>
<HTML>
    <HEAD>
        <TITLE>bug, subFrame</TITLE>
        <link rel="stylesheet" href="stylesheet.css">
    </HEAD>
    <BODY scroll="no">
        this is a subframe<BR>
        crash when you press F12
    </BODY>
</HTML>

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Leo L.”

      Changed Status to “Not reproducible”

    • Hello,

      Thank you for the feedback. This appears to be fixed in Edge as I am not able to repro this. Please note that we are not working on IE feature bugs any longer unless they are security related. As a result this item will be closed out as not repro to reflect the testing results from Edge.

      All the best,
      The MS Edge Team

    • Hello,
      I also notice this bug: when a css file with a @keyframes is loaded twice, F12 crashes IE11 on Windows 10 (v.1511) (but not on Windows 8.1).
      Very annoying for developers: we can’t test our development on IE11 on Windows 10, unless keeping an old computer with Windows 8 or 7 !
      Please, solve this issue!
      All the best,
      Ruben

    • We have this same issue (10 developers running Windows 10 IE 11) - It appears to do a stack overflow getting CSS keyframe information. We really need a resolution, even though I know you consider this a feature bug. It was working fine until we upgraded our PCs from Windows 8.1 to 10.

      MSHTML!MEMORY::SMALLHEAPBLOCKALLOCATOR >::INLINEDALLOCIMPL+2In IEXPLORE__PID__15868__Date__10_25_2016__Time_03_52_01PM__862__Second_Chance_Exception_C00000FD.dmp the assembly instruction at mshtml!Memory::SmallHeapBlockAllocator >::InlinedAllocImpl+2 in C:\Windows\System32\mshtml.dll from Microsoft Corporation has caused a stack overflow exception (0xC00000FD) when trying to write to memory location 0x06e82ffc on thread 2

      Thread 2 - System ID 6712
      Entry point   iertutil!TFlatIsoAPIMessage::Post+71 
      Create time   10/25/2016 3:28:13 PM 
      Time spent in user mode   0 Days 0:1:51.562 
      Time spent in kernel mode   0 Days 0:0:10.984 
      
      
      
      
      
      
      Full Call Stack
      
      
      
      Function     Arg 1     Arg 2     Arg 3     Arg 4   Source 
      mshtml!Memory::SmallHeapBlockAllocator<Memory::SmallNormalHeapBlockT >::InlinedAllocImpl+2     06630158     00000030     00000008     06671478    
      mshtml!Memory::HeapInfo::RealAlloc+2b     06630158     00000030     d521cbdb     04680000    
      mshtml!MemProtectHeapRootAlloc+9c     06e830b0     60f4c250     04680000     610c847f    
      mshtml!MemoryProtection::HeapAllocClear+29     06e830d0     22119ca0     0695e060     16dd83f0    
      mshtml!`TextInput::TextInputLogging::Instance'::`2'::`dynamic atexit destructor for 'wrapper''+16a01f     22119ca0     00000000     16dd83f0     22119ca0    
      mshtml!CCSSRuleCacheEntry::GetRuleOM+6c     16dd83f0     22119ca0     22119ca0     22119c80    
      mshtml!CStyleSheet::GetCSSRule+54     22119ca0     00000002     00000018     06e83130    
      mshtml!CMSCSSKeyframeRule::CMSCSSKeyframeRule+3a     16dd83f0     22579290     06e83150     22119c70    
      mshtml!`TextInput::TextInputLogging::Instance'::`2'::`dynamic atexit destructor for 'wrapper''+16a034     22119c70     00000000     16dd83f0     22119c70    
      mshtml!CCSSRuleCacheEntry::GetRuleOM+6c     16dd83f0     22119c70     22119c70     22119c50    
      mshtml!CStyleSheet::GetCSSRule+54     22119c70     00000002     00000018     06e831b0    
      mshtml!CMSCSSKeyframeRule::CMSCSSKeyframeRule+3a     16dd83f0     22579290     06e831d0     22119c40    
      
      ... part of stack cut ...
      
      mshtml!`TextInput::TextInputLogging::Instance'::`2'::`dynamic atexit destructor for 'wrapper''+16a034     0707a6c4     00000000     16dd83f0     0707a6c4    
      mshtml!CCSSRuleCacheEntry::GetRuleOM+6c     16dd83f0     0707a6c4     0707a6c4     00000000    
      mshtml!CStyleSheet::GetCSSRule+54     0707a6c4     00000002     00000018     21ea52f0    
      mshtml!CMSCSSKeyframesRule::GetChildRule+34     00000000     0707a6c4     21ea52c0     0707a734    
      mshtml!`TextInput::TextInputLogging::Instance'::`2'::`dynamic atexit destructor for 'wrapper''+169ccb     21ea52c0     00000000     0707a6ec     21ea52c0    
      mshtml!CStyleSheetRuleArray::GetItem+5a     00000000     0707a734     60e03110     00000000    
      mshtml!CCollectionBase::GetItemHelper+9b     00000000     00000000     0707a734     00000003    
      mshtml!CCollectionBaseTypeOperations::GetOwnItem+2ec     14a5d960     1044bf38     18f684b0     00000001    
      jscript9!Js::CustomExternalObject::GetItem+17d     18f684b0     00000000     0707a84c     169db478    
      jscript9!Js::JavascriptOperators::OP_GetElementI+775     18f684b0     00000001     169db478     00000000    
      jscript9!Js::JavascriptOperators::OP_GetElementI_Int32+44     1a6469c0     02000003     1a646220     18f67ba0    
      jscript9!Js::InterpreterStackFrame::Process+1f50     eb3ab8b3     23e473f0     1e0c6570     0707adb0    
      jscript9!Js::InterpreterStackFrame::OP_TryCatch+49     0707ada0     23e473ec     0666eb48     272df480    
      jscript9!Js::InterpreterStackFrame::Process+3c6d     23e4745e     272df480     23e473a0     1f646380    
      jscript9!Js::InterpreterStackFrame::InterpreterThunk+1fe     0707aef8     0707b0e8     5f8b313e     1a6469e0    
      0x0d0306b1     1a6469e0     02000003     1a646220     1e0c6570    
      jscript9!Js::InterpreterStackFrame::Process+abe     1aee7450     12c48900     1aee7410     1f645bb8    
      jscript9!Js::InterpreterStackFrame::InterpreterThunk+1fe     0707b218     0707b250     0d2ca2ab     1a646f60    
      0x0d0306b9     102ef320     02000003     2d7a21b0     1bd5ddb0    
      jscript9!Js::InterpreterStackFrame::Process+1f50     eb3aa7f3     2a08ee74     2a08ee68     0707b670    
      jscript9!Js::InterpreterStackFrame::OP_TryCatch+49     0707b660     2a08ee70     0666eb48     2115b5a0    
      jscript9!Js::InterpreterStackFrame::Process+3c6d     2a08efac     2115b5a0     2a08ee00     1f84c1a8    
      jscript9!Js::InterpreterStackFrame::InterpreterThunk+1fe     0707b7d0     0707b818     5f8f4378     13b111c0    
      0x0d0306c9     13b111c0     02000004     17c75d70     1bd5ddb0    
      jscript9!Js::JavascriptArray::EntryForEach+1e8     0c6c65e0     10000002     1519be00     13b111c0    
      jscript9!Js::InterpreterStackFrame::Process+1cde     11e4580e     2115b480     11e45750     1f84bf50    
      jscript9!Js::InterpreterStackFrame::InterpreterThunk+1fe     0707bb40     0707bb88     5f8f4378     13b115e0    
      0x0d0306d1     13b115e0     02000004     17c75d70     1b67f6f0    
      jscript9!Js::JavascriptArray::EntryForEach+1e8     0c6c65e0     02000002     1519be70     13b115e0    
      jscript9!Js::InterpreterStackFrame::Process+abe     1b66330c     2681d260     1b663220     1f84bfb0    
      jscript9!Js::InterpreterStackFrame::InterpreterThunk+1fe     0707bec0     0707c0a8     5f8b313e     1da4ae60    
      0x0d0306e1     1da4ae60     02000001     2d7a2390     00000004    
      jscript9!Js::InterpreterStackFrame::Process+abe     21590930     2115b120     21590900     1f84c0e8    
      jscript9!Js::InterpreterStackFrame::InterpreterThunk+1fe     0707c1f0     0707c3d8     5f8b313e     102ef080    
      0x0d0306e9     102ef080     02000002     2d7a2390     1b67f6f0    
      jscript9!Js::InterpreterStackFrame::Process+abe     0d7afec4     29741ea0     0d7afe00     1f84be60    
      jscript9!Js::InterpreterStackFrame::InterpreterThunk+1fe     0707c508     0707c590     5f80f370     0faf0aa0    
      0x0d0306f1     0faf0aa0     02000002     2d7aaf00     1906dee0    
      jscript9!Js::JavascriptFunction::EntryApply+2b0     175dfa00     02000003     0faf0aa0     2d7aaf00    
      jscript9!Js::InterpreterStackFrame::Process+1f50     11dff240     272d7ea0     11dff000     1f646398    
      jscript9!Js::InterpreterStackFrame::InterpreterThunk+1fe     0707c900     0707cae8     5f8b313e     1a646a40    
      0x0d030981     1a646a40     02000002     17c75d70     190c2860    
      jscript9!Js::InterpreterStackFrame::Process+abe     1290d19a     12bf1480     1290d0e0     0ce0ce00    
      jscript9!Js::InterpreterStackFrame::InterpreterThunk+1fe     0707cc30     0707cc70     5f90f47d     19928c80    
      0x0d030991     19928c80     10000002     19be7b10     190c2860    
      jscript9!Js::JavascriptFunction::CallFunction+91     10000002     0707ccb8     0707cea0     0707cf48    
      jscript9!Js::BoundFunction::NewInstance+76     19be7ab0     10000002     19be7b10     190c2860    
      jscript9!Js::InterpreterStackFrame::Process+1cde     12a7965e     21147360     12a795b0     16a47c38    
      jscript9!Js::InterpreterStackFrame::InterpreterThunk+1fe     0707cfd0     0707d000     113b42ad     175dff20    
      0x0d030999     175dfce0     00000002     196d6000     12537200    
      jscript9!Js::JavascriptFunction::CallFunction+91     00000002     0707d204     eb3ac3b3     00000002    
      jscript9!Js::JavascriptFunction::CallRootFunction+c4     169db478     00000002     0707d204     eb3ac27b    
      jscript9!ScriptSite::CallRootFunction+42     0707d134     00000002     0707d204     eb3ac23f    
      jscript9!ScriptSite::Execute+bf     175dfce0     0707d17c     00000000     0707d178    
      jscript9!ScriptEngineBase::Execute+c8     0707d1e4     6181e211     1044bf38     175dfce0    
      mshtml!CJScript9Holder::ExtensionRefFromVar+31     1e3fc800     0707d278     0707d284     00000003    
      DiagnosticsTap_65290000!EngineSite::OnMessage+77     165cef50     189adc74     1397a524     ab2688df    
      DiagnosticsTap_65290000!IPCChannel::PipeHelper::OnIPCMessage+a9     1061c348     ab2688f3     00000000     1f653228    
      DiagnosticsTap_65290000!IPCChannel::PipeMultiplexor::ProcessPackets+f9     1f653228     ab268937     0707d36c     169ec3f8    
      DiagnosticsTap_65290000!IPCChannel::PipeMultiplexor::ProcessPackets+5e     0707d36c     65292960     169ec400     652a7040    
      DiagnosticsTap_65290000!IPCChannel::PipeMultiplexor::ThreadCallHandler+2c     169ec3f8     00000542     00000000     00000000    
      DiagnosticsTap_65290000!IPCChannel::PipeMultiplexor::ProcessWindowMessage+8d     00030688     00000542     00000000     00000000    
      DiagnosticsTap_65290000!ATL::CWindowImplBaseT<ATL::CWindow,ATL::CWinTraits >::WindowProc+69     169ec400     00000542     00000000     00000000    
      atlthunk!__safe_se_handler_table+5ac     00030688     00000542     00000000     00000000    
      user32!_InternalCallWinProc+2b     5e211a90     00030688     00000542     00000000    
      user32!UserCallWinProcCheckWow+1f0     5e211a90     00000000     00000542     00000000    
      user32!DispatchMessageWorker+231     c7f5dd23     0707f6bc     61ce3c0f     0707d578    
      user32!DispatchMessageW+10     0707d578     04dedd50     046c5040     00000001    
      ieframe!CTabWindow::_TabWindowThreadProc+45f     0707f788     61ce4b70     04de0578     047007e8    
      ieframe!LCIETab_ThreadProc+393     04dedd50     72a09520     72a09520     04de0578    
      iertutil!TFlatIsoAPIMessage::Post+8d     04de0578     75da3720     c0ab5f98     0707f7f0    
      kernel32!BaseThreadInitThunk+24     04de0578     c2ceda6b     00000000     00000000    
      ntdll!__RtlUserThreadStart+2f     ffffffff     7777d7b0     00000000     00000000    
      ntdll!_RtlUserThreadStart+1b     72a09520     04de0578     00000000     00000000    
      
    • Hi,

      I am not a security expert, but I always read that a stack overflow, sooner or later, will lead to a security hole!
      And IE family has a long list of security holes exploited by stack overflow.

      So, YES, this regression in IE11 for W10 will be a security hole sooner or later! It is not only a "IE feature bugs". It is only a matter of time before hackers exploit it…

      So, please Microsoft Edge Team, correct it.

      Thanks,
      Ruben

    • I was able to duplicate this issue on two separate Windows 10 machines using the link provided in this issue. I only searched for this issue of an angular app I’m working on that crashes when I try to use the dev tools to track down IE11 specific css issues. Without being able to access the dev tools, those issues are even harder to resolve.

    You need to sign in to your Microsoft account to add a comment.

    Sign in