Closed Bug 389663 Opened 17 years ago Closed 17 years ago

CSS test crashes Firefox [@ 0x1d13bf3a] [@ nsImageDocument::CheckOverflowing]

Categories

(Core :: CSS Parsing and Computation, defect)

Product:
Core
Component:
CSS Parsing and Computation
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: mp3geek, Assigned: sharparrow1)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

Attachments

(3 files)

Patch
(deleted), patch
bzbarsky
: review+
bzbarsky
: superreview+
Details | Diff | Splinter Review
Diff -w (for easier reviewing)
(deleted), patch
Details | Diff | Splinter Review
Final patch
(deleted), patch
dbaron
: review+
dbaron
: superreview+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007072605 Minefield/3.0a7pre Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007072605 Minefield/3.0a7pre Clicking on the link from the website will crash firefox Reproducible: Always Steps to Reproduce: 1. Open the Above URL 2. Click on the link 3. Crash Actual Results: Crashes browser Expected Results: Shouldn't crash browser its only a beta test site, previously worked with other versions
Crash using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a7pre) Gecko/2007072605 Minefield/3.0a7pre ID:2007072605 bp-b3c857ae-3b82-11dc-ae37-001a4bd43ef6
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a7pre) Gecko/2007072607 Minefield/3.0a7pre ID:2007072607 crashes here too (virgin profile)
Severity: normal → major
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attached patch Patch (deleted) — Splinter Review
Another case of someone holding onto a random stylecontext pointer too long and expecting things to work...
Assignee: nobody → sharparrow1
Status: NEW → ASSIGNED
Attachment #273989 - Flags: review?(bzbarsky)
Attached patch Diff -w (for easier reviewing) (deleted) — Splinter Review
Severity: major → critical
Component: General → Style System (CSS)
Keywords: crash
OS: Linux → All
Product: Firefox → Core
QA Contact: general → style-system
Hardware: PC → All
Version: unspecified → Trunk
Comment on attachment 273989 [details] [diff] [review] Patch Looks fine, but what's killing the prescontext in this case? It might be worth filing a bug on somehow making style contexts keep things alive better or something...
Attachment #273989 - Flags: superreview+
Attachment #273989 - Flags: review?(bzbarsky)
Attachment #273989 - Flags: review+
Wait, that comment is wrong. The issue is that the rule node is getting destroyed. I'll post a fixed version.
Attached patch Final patch (deleted) — Splinter Review
Patch with fixed-up comment.
Attachment #274019 - Flags: superreview+
Attachment #274019 - Flags: review+
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a7pre) Gecko/2007072614 Minefield/3.0a7pre ID:2007072614 VERIFIED
Flags: in-testsuite?
Pasting stack here so people searching for this can actually find it. Also marking verified based on Peter's comment. 0 @0x1d13bf3a 1 nsImageDocument::CheckOverflowing(int) 2 nsImageDocument::OnStartContainer(imgIRequest*, imgIContainer*) 3 nsImageLoadingContent::OnStartContainer(imgIRequest*, imgIContainer*) 4 imgRequestProxy::OnStartContainer(imgIContainer*) 5 imgRequest::OnStartContainer(imgIRequest*, imgIContainer*) 6 nsGIFDecoder2::BeginGIF() 7 nsGIFDecoder2::GifWrite(unsigned char const*, unsigned int) 8 nsGIFDecoder2::ProcessData(unsigned char*, unsigned int, unsigned int*) 9 ReadDataOut(nsIInputStream*, void*, char const*, unsigned int, unsigned int, unsigned int*)
Status: RESOLVED → VERIFIED
Summary: CSS test crashes Firefox → CSS test crashes Firefox [@ 0x1d13bf3a] [@ nsImageDocument::CheckOverflowing]
Crash Signature: [@ 0x1d13bf3a] [@ nsImageDocument::CheckOverflowing]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: