Closed
Bug 477498
Opened 15 years ago
Closed 15 years ago
Crash [@ TextRunWordCache::MakeTextRun]
Categories
(Core :: Layout: Text and Fonts, defect, P2)
Tracking
()
RESOLVED
FIXED
People
(Reporter: smaug, Assigned: MatsPalmgren_bugz)
References
Details
(Keywords: crash, fixed1.9.1)
Crash Data
Attachments
(2 files)
10.38 KB,
text/plain
|
Details | |
2.59 KB,
patch
|
roc
:
review+
roc
:
superreview+
|
Details | Diff | Splinter Review |
I got the crash when running mochitest. The crash happened with the test for bug 441782. No idea if this is security sensitive.
Reporter | ||
Comment 1•15 years ago
|
||
Something strange happening (gdb) p length $1 = 11 (gdb) p j $2 = 0 (gdb) p wordStart $3 = 16 (gdb) p i $4 = 27 That means that wordStart+j > 0 is true, so numString[j-1] is evaluated. And j-1 is pretty huge number because j is unsigned and its value is 0.
Reporter | ||
Comment 2•15 years ago
|
||
Perhaps this is a regression from Bug 467672?
Assignee | ||
Comment 3•15 years ago
|
||
I think it's a regression from bug 441782. I needed a workaround to run mochitest and this seems to work...
Assignee | ||
Updated•15 years ago
|
Flags: blocking1.9.1?
Comment 4•15 years ago
|
||
Comment on attachment 361161 [details] [diff] [review] Patch This seems like the correct fix. Requesting review from roc.
Attachment #361161 -
Flags: superreview?(roc)
Attachment #361161 -
Flags: review?(roc)
Updated•15 years ago
|
Attachment #361161 -
Attachment description: fwiw → Patch
Attachment #361161 -
Flags: superreview?(roc)
Attachment #361161 -
Flags: superreview+
Attachment #361161 -
Flags: review?(roc)
Attachment #361161 -
Flags: review+
Reporter | ||
Comment 5•15 years ago
|
||
I pushed this. http://hg.mozilla.org/mozilla-central/rev/5f349409c9d5 Thanks Mats!
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Flags: blocking1.9.1? → blocking1.9.1+
Priority: -- → P2
Reporter | ||
Updated•15 years ago
|
Keywords: fixed1.9.1
Comment 6•15 years ago
|
||
The 1.9.1 landing: <http://hg.mozilla.org/releases/mozilla-1.9.1/rev/7272f7e838d2>
Updated•15 years ago
|
Group: core-security
Flags: wanted1.9.0.x-
Updated•13 years ago
|
Crash Signature: [@ TextRunWordCache::MakeTextRun]
You need to log in
before you can comment on or make changes to this bug.
Description
•