Closed
Bug 244490
Opened 20 years ago
Closed 20 years ago
[FIX]Crash when ":before" having URL with wrong document base element [@ nsCSSFrameConstructor::CreateGeneratedFrameFor ]
Categories
(Core :: CSS Parsing and Computation, defect, P1)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
FIXED
mozilla1.8alpha2
People
(Reporter: volkmar, Assigned: bzbarsky)
References
()
Details
(4 keywords)
Crash Data
Attachments
(2 files)
7.85 KB,
text/plain
|
Details | |
1.25 KB,
patch
|
dbaron
:
review+
dbaron
:
superreview+
asa
:
approval-aviary+
asa
:
approval1.7.5+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a2) Gecko/20040522 Firefox/0.8.0+ Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a2) Gecko/20040522 Firefox/0.8.0+ Firefox crashes when pseudo elements ":before" or ":after" have content "URL" and document's base element is nonsense. 1: <?xml version="1.0" encoding="UTF-8"?> 2: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 3: "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 4: <html xml:lang="de" xmlns="http://www.w3.org/1999/xhtml"> 5: <head> 6: <title>Crash Test</title> 7: <base href="D:\CSS Test Files\" /> 8: <style type="text/css"> 9: p { border: 1px red solid } 10: p:before { content: url("images/quote_end.png") } 11: </style> 12: </head> 13: <body> 14: <p>Did it crash?</p> 15: </body> 16: </html> Reproducible: Always Steps to Reproduce: 1. Try to view "http://home.arcor.de/plsdontreply/crashtest.html" Actual Results: Firefox crashes Expected Results: Just ignore nonsense in <base/> element. Reference: http://forums.mozillazine.org/viewtopic.php?t=79058&sid=a881c8e5a30ec1487b84264c1b001cd7
Comment 1•20 years ago
|
||
Hangs SeaMonkey 1.8a1 PC/WinXP ->Browser
Comment 2•20 years ago
|
||
After a hang, it actually did crash the browser on exit. TB58230M
Whiteboard: TB58230M
Comment 3•20 years ago
|
||
Trying Style System
Assignee: general → dbaron
Component: Browser-General → Style System (CSS)
QA Contact: general → ian
Comment 4•20 years ago
|
||
will try to get more local variables if it helps. #0 0x411615e6 in nsCSSFrameConstructor::CreateGeneratedFrameFor(nsIPresContext*, nsIDocument*, nsIFrame*, nsIContent*, nsStyleContext*, nsStyleContent const*, unsigned, nsIFrame**) (this=0x87b67d0, aPresContext=0x8809628, aDocument=0x8830108, aParentFrame=0x87e885c, aContent=0x88779b8, aStyleContext=0x87e8894, aStyleContent=0x87e880c, aContentIndex=0, aFrame=0xbfffe4a4) at nsCSSFrameConstructor.cpp:1380 1380 data.mContent.mURL->GetSpec(spec); // XXXldb Ugh. (gdb) p data $1 = (const nsStyleContentData &) @0x8749a54: {mType = eStyleContentType_URL, mContent = {mString = 0x0, mURL = 0x0}}
Updated•20 years ago
|
Keywords: testcase
Summary: Crash when ":before" having URL with wrong document base element → Crash when ":before" having URL with wrong document base element [@ nsCSSFrameConstructor::CreateGeneratedFrameFor ]
Reporter | ||
Updated•20 years ago
|
Flags: blocking1.8a2?
Comment 5•20 years ago
|
||
TB58230M gives same stack crashing in nsCSSFrameConstructor::CreateGeneratedFrameFor
Keywords: hang → clean-report
Whiteboard: TB58230M
Assignee | ||
Comment 6•20 years ago
|
||
Assignee: dbaron → bzbarsky
Status: NEW → ASSIGNED
Assignee | ||
Comment 7•20 years ago
|
||
Olivier, thanks for the debugger data! Made fixing this a whole lot faster.
Priority: -- → P1
Summary: Crash when ":before" having URL with wrong document base element [@ nsCSSFrameConstructor::CreateGeneratedFrameFor ] → [FIX]Crash when ":before" having URL with wrong document base element [@ nsCSSFrameConstructor::CreateGeneratedFrameFor ]
Target Milestone: --- → mozilla1.8alpha2
Assignee | ||
Comment 8•20 years ago
|
||
Comment on attachment 149478 [details] [diff] [review] Fix David, would you review?
Attachment #149478 -
Flags: superreview?(dbaron)
Attachment #149478 -
Flags: review?(dbaron)
Attachment #149478 -
Flags: superreview?(dbaron)
Attachment #149478 -
Flags: superreview+
Attachment #149478 -
Flags: review?(dbaron)
Attachment #149478 -
Flags: review+
Assignee | ||
Comment 9•20 years ago
|
||
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Updated•20 years ago
|
Flags: blocking1.8a2?
Reporter | ||
Updated•20 years ago
|
Flags: blocking-aviary1.0?
Reporter | ||
Comment 10•20 years ago
|
||
Same crash again with Aviary build 27-Jul-2004 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040727 Firefox/0.9.1+
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Reporter | ||
Updated•20 years ago
|
OS: All → Linux
Reporter | ||
Updated•20 years ago
|
Flags: blocking-aviary1.0PR?
Assignee | ||
Comment 11•20 years ago
|
||
This was checked in on trunk way after aviary branched. It couldn't possibly be fixed there. DO NOT REOPEN TRUNK BUGS BECAUSE OF BRANCH ISSUES!
Status: REOPENED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → FIXED
Comment 12•20 years ago
|
||
Good keywords, good bug, good patch, trunk baking => aviary1.0+. /be
Flags: blocking-aviary1.0? → blocking-aviary1.0+
Assignee | ||
Comment 13•20 years ago
|
||
Oh, and Volkmar? Don't change the OS field to be wrong in the future, please.
OS: Linux → All
Hardware: PC → All
Updated•20 years ago
|
Flags: blocking-aviary1.0PR? → blocking-aviary1.0PR-
Comment 14•20 years ago
|
||
Comment on attachment 149478 [details] [diff] [review] Fix Putting on approval radar. Also asking 1.7.3 to prevent forking.
Attachment #149478 -
Flags: approval1.7.3?
Attachment #149478 -
Flags: approval-aviary?
Comment 15•20 years ago
|
||
Comment on attachment 149478 [details] [diff] [review] Fix a=asa for aviary checkins.
Attachment #149478 -
Flags: approval1.7.x?
Attachment #149478 -
Flags: approval1.7.x+
Attachment #149478 -
Flags: approval-aviary?
Attachment #149478 -
Flags: approval-aviary+
Comment 17•15 years ago
|
||
layout/base/crashtests/244490-1.html http://hg.mozilla.org/mozilla-central/rev/b0337b6287f3
Flags: in-testsuite+
Updated•13 years ago
|
Crash Signature: [@ nsCSSFrameConstructor::CreateGeneratedFrameFor ]
You need to log in
before you can comment on or make changes to this bug.
Description
•