Closed
Bug 1420345
Opened 7 years ago
Closed 7 years ago
Crash in nsHtml5TreeBuilder::appendToCurrentNodeAndPushElementMayFoster
Categories
(Core :: DOM: HTML Parser, defect, P1)
Tracking
()
RESOLVED
DUPLICATE
of bug 1418000
People
(Reporter: jesup, Unassigned)
Details
(Keywords: crash, csectype-uaf, sec-high)
Crash Data
This bug was filed from the Socorro interface and is report bp-cf55a05e-4157-4fcd-a819-14ada0171123. ============================================================= Top 10 frames of crashing thread: 0 xul.dll nsHtml5TreeBuilder::appendToCurrentNodeAndPushElementMayFoster parser/html/nsHtml5TreeBuilder.cpp:4257 1 xul.dll nsHtml5TreeBuilder::startTag parser/html/nsHtml5TreeBuilder.cpp:1109 2 xul.dll nsHtml5Tokenizer::emitCurrentTagToken parser/html/nsHtml5Tokenizer.cpp:342 3 xul.dll nsHtml5Tokenizer::stateLoop<nsHtml5SilentPolicy> parser/html/nsHtml5Tokenizer.cpp:2329 4 xul.dll nsHtml5Tokenizer::tokenizeBuffer parser/html/nsHtml5Tokenizer.cpp:449 5 xul.dll nsHtml5Parser::Parse parser/html/nsHtml5Parser.cpp:388 6 xul.dll nsHTMLDocument::WriteCommon dom/html/nsHTMLDocument.cpp:2029 7 xul.dll nsHTMLDocument::WriteCommon dom/html/nsHTMLDocument.cpp:1917 8 xul.dll mozilla::dom::HTMLDocumentBinding::write dom/bindings/HTMLDocumentBinding.cpp:652 9 xul.dll mozilla::dom::GenericBindingMethod dom/bindings/BindingUtils.cpp:3040 ============================================================= New crash in 58.0b4; no other crashes in crash-stats Henri is off right now; anyone else who can look at this?
|
Reporter | |
Updated•7 years ago
|
Flags: needinfo?(overholt)
|
||
Comment 1•7 years ago
|
||
Maybe Alphan or smaug can take a look? (It's already the weekend for Alphan and almost the weekend for Olli)
Flags: needinfo?(overholt)
Flags: needinfo?(bugs)
Flags: needinfo?(alchen)
|
|
||
Updated•7 years ago
|
Priority: -- → P1
|
||
Comment 2•7 years ago
|
||
The part of the stack that shows where the JS is called from looks like this is a duplicate of bug 1418000. I'd treat this as such unless evidence of this crash is builds where that bug is fixed shows up.
|
||
Updated•7 years ago
|
Flags: needinfo?(bugs)
|
||
Comment 3•7 years ago
|
||
I would like to know more about bug 1418000. Could someone help? Thanks.
Flags: needinfo?(alchen)
|
|
||
Comment 4•7 years ago
|
||
That bug landed to beta 2017-11-23 https://hg.mozilla.org/releases/mozilla-beta/rev/3039d8099e94
|
||
Updated•7 years ago
|
Group: core-security → dom-core-security
|
||
Comment 5•7 years ago
|
||
No crashes from 58b5 onwards, which fits exactly with when bug 1418000 was uplifted.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•4 years ago
|
Group: dom-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•