Closed Bug 477498 Opened 15 years ago Closed 15 years ago

Crash [@ TextRunWordCache::MakeTextRun]

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: smaug, Assigned: MatsPalmgren_bugz)

References

Details

(Keywords: crash, fixed1.9.1)

Crash Data

Attachments

(2 files)

stack 15 years ago Olli Pettay [:smaug][bugs@pettay.fi] 10.38 KB, text/plain		Details
Patch 15 years ago Mats Palmgren (inactive) 2.59 KB, patch	roc : review+ roc : superreview+	Details \| Diff \| Splinter Review

Olli Pettay [:smaug][bugs@pettay.fi]

Reporter

Description

•

15 years ago

Attached file stack — Details

I got the crash when running mochitest. The crash happened with the test for
bug 441782.

No idea if this is security sensitive.

Olli Pettay [:smaug][bugs@pettay.fi]

Reporter

Comment 1

•

15 years ago

Something strange happening
(gdb) p length
$1 = 11
(gdb) p j
$2 = 0
(gdb) p wordStart
$3 = 16
(gdb) p i
$4 = 27

That means that wordStart+j > 0 is true, so numString[j-1] is evaluated.
And j-1 is pretty huge number because j is unsigned and its value is 0.

Olli Pettay [:smaug][bugs@pettay.fi]

Reporter

Updated

•

15 years ago

Blocks: 441782

Olli Pettay [:smaug][bugs@pettay.fi]

Reporter

Comment 2

•

15 years ago

Perhaps this is a regression from Bug 467672?

Mats Palmgren (inactive)

Assignee

Comment 3

•

15 years ago

Attached patch Patch — Details — Splinter Review

I think it's a regression from bug 441782.  I needed a workaround to run
mochitest and this seems to work...

Mats Palmgren (inactive)

Assignee

Updated

•

15 years ago

Flags: blocking1.9.1?

(no longer active)

Comment 4

•

15 years ago

Comment on attachment 361161 [details] [diff] [review]
Patch

This seems like the correct fix.  Requesting review from roc.

Attachment #361161 - Flags: superreview?(roc)

Attachment #361161 - Flags: review?(roc)

(no longer active)

Updated

•

15 years ago

Attachment #361161 - Attachment description: fwiw → Patch

(no longer active)

Updated

•

15 years ago

Assignee: nobody → mats.palmgren

Keywords: crash

Robert O'Callahan (:roc) (email my personal email if necessary)

Updated

•

15 years ago

Attachment #361161 - Flags: superreview?(roc)

Attachment #361161 - Flags: superreview+

Attachment #361161 - Flags: review?(roc)

Attachment #361161 - Flags: review+

Olli Pettay [:smaug][bugs@pettay.fi]

Reporter

Comment 5

•

15 years ago

I pushed this.
http://hg.mozilla.org/mozilla-central/rev/5f349409c9d5

Thanks Mats!

Status: NEW → RESOLVED

Closed: 15 years ago

Resolution: --- → FIXED

Robert O'Callahan (:roc) (email my personal email if necessary)

Updated

•

15 years ago

Flags: blocking1.9.1? → blocking1.9.1+

Priority: -- → P2

Olli Pettay [:smaug][bugs@pettay.fi]

Reporter

Updated

•

15 years ago

Keywords: fixed1.9.1

(no longer active)

Comment 6

•

15 years ago

The 1.9.1 landing: <http://hg.mozilla.org/releases/mozilla-1.9.1/rev/7272f7e838d2>

Daniel Veditz [:dveditz]

Updated

•

15 years ago

Group: core-security

Flags: wanted1.9.0.x-

Nobody; OK to take it and work on it

Updated

•

13 years ago

Crash Signature: [@ TextRunWordCache::MakeTextRun]

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Crash [@ TextRunWordCache::MakeTextRun]

Categories

(Core :: Layout: Text and Fonts, defect, P2)

Tracking

()

People

(Reporter: smaug, Assigned: MatsPalmgren_bugz)

References

Details

(Keywords: crash, fixed1.9.1)

Crash Data

Security

(public)

User Story

Attachments

(2 files)

Description

Comment 1

Updated

Comment 2

Comment 3

Updated

Comment 4

Updated

Updated

Updated

Comment 5

Updated

Updated

Comment 6

Updated

Updated

Attachment

General

Description

File Name

Content Type