Martijn Wargers (dead) Reporter
	Description • 18 years ago

See upcoming testcase, which crashes current trunk Mozilla build for me within 3 seconds.
It doesn't crash in a 2006-12-27 build, but it does crash in a 2006-12-28 build, so I think a regression from bug 287624 somehow.

Talkback ID: TB29113221Q
MSVCR80.dll + 0x5af7e (0x7818af7e)
fabsf   QBCurve::SubDivide  [mozilla\layout\base\nscssrendering.cpp, line 3954]
QBCurve::SubDivide  [mozilla\layout\base\nscssrendering.cpp, line 3965]
QBCurve::SubDivide  [mozilla\layout\base\nscssrendering.cpp, line 3965]
QBCurve::SubDivide  [mozilla\layout\base\nscssrendering.cpp, line 3965]
QBCurve::SubDivide  [mozilla\layout\base\nscssrendering.cpp, line 3965]
QBCurve::SubDivide  [mozilla\layout\base\nscssrendering.cpp, line 3965]
etc...

The testcase isn't minimised and uses a bit weird code, so I'm marking it security sensitive for now.
If wanted, I could try and make a minimal testcase.

Maybe the testcase2 from bug 367498 ( https://bugzilla.mozilla.org/attachment.cgi?id=252058 ) is basically the same issue as this?

	Boris Zbarsky [:bzbarsky]
	Comment 2 • 18 years ago

This code is going away in bug 368247, so we shouldn't worry about this too much if it's trunk-only.

	Vladimir Vukicevic [:vlad] [:vladv] (needinfo me, slow to respond)
	Comment 3 • 17 years ago

This is I believe fixed by patch for bug 368247 -- I can run this for a while (3-4 minutes plus now) under windows, though I see some /very/ odd rendering every now and then (like weird trapezoidal lines and stuff).

	Martijn Wargers (dead) Reporter
	Comment 4 • 17 years ago

Yes, verified fixed, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a5pre) Gecko/20070501 Minefield/3.0a5pre
I'll file bugs for the odd rendering (if someone else hasn't done it before I'm planning on doing it).