Closed
Bug 460924
Opened 16 years ago
Closed 16 years ago
Crash [@ nsStyleContext::FindChildWithRules] [@ nsFrame::CorrectStyleParentFrame] with -moz-column, :first-line
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: crash, testcase, Whiteboard: [sg:critical?])
Crash Data
Attachments
(2 files)
Loading the testcase makes Firefox crash with one of the following signatures:
* [@ nsFrame::CorrectStyleParentFrame] - null deref
* [@ nsStyleContext::FindChildWithRules] - 0xdddddde1 deref
Reporter | ||
Updated•16 years ago
|
Whiteboard: [sg:critical?]
Comment 1•16 years ago
|
||
I can reproduce this crash on an up-to-date mozilla-central Linux debug build. Here's the backtrace of the crash (under "CorrectStyleParentFrame").
Briefly investigating in GDB shows that at line 5826 in CorrectStyleParentFrame, we end up with "parent" pointing to a bogus nsIFrame (with almost all of its member data zeroed out). So, the call to parent->GetStyleContext()->GetPseudoType() dies.
MXR reference: http://tinyurl.com/5nauon
Updated•16 years ago
|
OS: Mac OS X → All
Hardware: PC → All
Comment 2•16 years ago
|
||
This works for me on:
* today's 32-bit Linux mozilla-1.9.1 nightly, and
* my 64-bit Linux debug build with my patch queue.
Reporter | ||
Comment 3•16 years ago
|
||
WFM.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ nsStyleContext::FindChildWithRules]
[@ nsFrame::CorrectStyleParentFrame]
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•