Closed
Bug 389663
Opened 17 years ago
Closed 17 years ago
CSS test crashes Firefox [@ 0x1d13bf3a] [@ nsImageDocument::CheckOverflowing]
Categories
(Core :: CSS Parsing and Computation, defect)
Core
CSS Parsing and Computation
Tracking
()
VERIFIED
FIXED
People
(Reporter: mp3geek, Assigned: sharparrow1)
References
()
Details
(Keywords: crash)
Crash Data
Attachments
(3 files)
(deleted),
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
dbaron
:
review+
dbaron
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007072605 Minefield/3.0a7pre
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007072605 Minefield/3.0a7pre
Clicking on the link from the website will crash firefox
Reproducible: Always
Steps to Reproduce:
1. Open the Above URL
2. Click on the link
3. Crash
Actual Results:
Crashes browser
Expected Results:
Shouldn't crash browser
its only a beta test site, previously worked with other versions
Comment 1•17 years ago
|
||
Crash using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a7pre) Gecko/2007072605 Minefield/3.0a7pre ID:2007072605
bp-b3c857ae-3b82-11dc-ae37-001a4bd43ef6
Comment 2•17 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a7pre) Gecko/2007072607 Minefield/3.0a7pre ID:2007072607
crashes here too (virgin profile)
Severity: normal → major
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 3•17 years ago
|
||
Another case of someone holding onto a random stylecontext pointer too long and expecting things to work...
Assignee | ||
Comment 4•17 years ago
|
||
Updated•17 years ago
|
Severity: major → critical
Component: General → Style System (CSS)
Keywords: crash
OS: Linux → All
Product: Firefox → Core
QA Contact: general → style-system
Hardware: PC → All
Version: unspecified → Trunk
Comment 5•17 years ago
|
||
Comment on attachment 273989 [details] [diff] [review]
Patch
Looks fine, but what's killing the prescontext in this case?
It might be worth filing a bug on somehow making style contexts keep things alive better or something...
Attachment #273989 -
Flags: superreview+
Attachment #273989 -
Flags: review?(bzbarsky)
Attachment #273989 -
Flags: review+
Assignee | ||
Comment 6•17 years ago
|
||
Wait, that comment is wrong. The issue is that the rule node is getting destroyed. I'll post a fixed version.
Assignee | ||
Comment 7•17 years ago
|
||
Patch with fixed-up comment.
Updated•17 years ago
|
Attachment #274019 -
Flags: superreview+
Attachment #274019 -
Flags: review+
Assignee | ||
Comment 8•17 years ago
|
||
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Comment 10•17 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a7pre) Gecko/2007072614 Minefield/3.0a7pre ID:2007072614
VERIFIED
Updated•17 years ago
|
Flags: in-testsuite?
Comment 14•17 years ago
|
||
Pasting stack here so people searching for this can actually find it. Also marking verified based on Peter's comment.
0 @0x1d13bf3a
1 nsImageDocument::CheckOverflowing(int)
2 nsImageDocument::OnStartContainer(imgIRequest*, imgIContainer*)
3 nsImageLoadingContent::OnStartContainer(imgIRequest*, imgIContainer*)
4 imgRequestProxy::OnStartContainer(imgIContainer*)
5 imgRequest::OnStartContainer(imgIRequest*, imgIContainer*)
6 nsGIFDecoder2::BeginGIF()
7 nsGIFDecoder2::GifWrite(unsigned char const*, unsigned int)
8 nsGIFDecoder2::ProcessData(unsigned char*, unsigned int, unsigned int*)
9 ReadDataOut(nsIInputStream*, void*, char const*, unsigned int, unsigned int,
unsigned int*)
Status: RESOLVED → VERIFIED
Summary: CSS test crashes Firefox → CSS test crashes Firefox [@ 0x1d13bf3a] [@ nsImageDocument::CheckOverflowing]
Updated•14 years ago
|
Crash Signature: [@ 0x1d13bf3a]
[@ nsImageDocument::CheckOverflowing]
You need to log in
before you can comment on or make changes to this bug.
Description
•