Run StirDOM v1.8 with default parameters on the URL. (crash occurs after: "Stir DOM 1.8: 800") It usually crashes in nsContentIterator::NextNode but I also saw hangs on two occasions, I investigated one in a debugger and it was in nsRange::PopRanges. The following assertion before the crash seems related. ###!!! ASSERTION: element not in the document: 'doc', file nsChildIterator.cpp, line 62 This could be the same underlying problem as bug 335896, but that bug is a bit old and the behaviour here is new. The reason I know this is that I run StirDOM on this URL as part of sanity checking my own patches, so I run it regularly and this crash did not happen a few days ago. (The crash also occurs with older versions of StirDOM) SeaMonkey debug build on Linux.

> the behaviour here is new. The reason I know this is that I run > StirDOM on this URL as part of sanity checking my own patches, so I run it > regularly and this crash did not happen a few days ago. It could also be that CNN changed their content, have you re-tested with an older build?

bug 130900 among others deal w/ nsContentIterator::NextNode crashing

Stir DOM is very sensitive to changes in the page -- the addition of a whitespace node can completely change the behavior with a given seed, since it changes what is at each allNodes index and changes the length of allNodes (used as a modulus for large random integers). CNN uses iframes, and the crash stack matches bug 335896, so this is probably bug 335896. If you want to be sure, save a copy of the page now, test with the local copy, and retest after bug 335896 is fixed. Or you could make a reduced testcase (perhaps using Lithium). *** This bug has been marked as a duplicate of 335896 ***