Closed
Bug 2013337
Opened 5 days ago
Closed 1 day ago
Hit MOZ_CRASH(begin <= end (229 <= 130) when slicing ...) at servo/components/style/custom_properties.rs:2120
Categories
(Core :: CSS Parsing and Computation, defect)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
FIXED
149 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox-esr140 | --- | affected |
| firefox147 | --- | wontfix |
| firefox148 | --- | fixed |
| firefox149 | --- | verified |
People
(Reporter: tsmith, Assigned: emilio, NeedInfo)
References
(Blocks 1 open bug, Regression, )
Details
(Keywords: assertion, pernosco, regression)
Crash Data
Attachments
(2 files)
|
282 bytes,
text/html
|
Details | |
|
48 bytes,
text/x-phabricator-request
|
dmeehan
:
approval-mozilla-beta+
|
Details | Review |
Found with m-c 20260119-75da7a3dfb81 (--enable-debug)
This was found by visiting a live website with a debug build.
STR:
- Launch browser and visit site
This issue was triggered by visiting https://hackathon.pump.fun/. A Pernosco session is available here: https://pernos.co/debug/-Ad1kcZB4zNlT7xHUF8jXg/index.html
Hit MOZ_CRASH(begin <= end (229 <= 130) when slicing 0px 0px 3px 1px var(--token-62be83f1-0097-4872-b224-94c7b2aa11d6, nullpx nullpx nullpx nullpx rgb(245, 245, 245), 0px 0px 4px 2px var(--token-63fea906-5b5e-4ed0-9785-37e4c202cb5f, nullpx nullpx nullpx undefinedpx rgb(1, 255, 148)) at servo/components/style/custom_properties.rs:2120
0|0|libxul.so|RustMozCrash|git:github.com/mozilla-firefox/firefox:mozglue/static/rust/wrappers.cpp:93aad2a6615f670b1279c229dd37f7397236131a|18|0x2a
0|1|libxul.so|mozglue_static::panic_hook|git:github.com/mozilla-firefox/firefox:mozglue/static/rust/lib.rs:93aad2a6615f670b1279c229dd37f7397236131a|99|0xfe
0|2|libxul.so|core::ops::function::Fn::call|/builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs|80|0xb
0|3|libxul.so|std::panicking::rust_panic_with_hook|git:github.com/rust-lang/rust:library/std/src/panicking.rs:1159e78c4747b02ef996e55082b704c09b970588|841|0x167
0|4|libxul.so|std::panicking::begin_panic_handler::{{closure}}|git:github.com/rust-lang/rust:library/std/src/panicking.rs:1159e78c4747b02ef996e55082b704c09b970588|706|0x99
0|5|libxul.so|std::sys::backtrace::__rust_end_short_backtrace|git:github.com/rust-lang/rust:library/std/src/sys/backtrace.rs:1159e78c4747b02ef996e55082b704c09b970588|174|0x8
0|6|libxul.so|__rustc::rust_begin_unwind|git:github.com/rust-lang/rust:library/std/src/panicking.rs:1159e78c4747b02ef996e55082b704c09b970588|697|0x1c
0|7|libxul.so|core::panicking::panic_fmt|git:github.com/rust-lang/rust:library/core/src/panicking.rs:1159e78c4747b02ef996e55082b704c09b970588|75|0x1f
0|8|libxul.so|core::str::slice_error_fail_rt|git:github.com/rust-lang/rust:library/core/src/str/mod.rs:1159e78c4747b02ef996e55082b704c09b970588||0x396
0|9|libxul.so|core::str::slice_error_fail|git:github.com/rust-lang/rust:library/core/src/str/mod.rs:1159e78c4747b02ef996e55082b704c09b970588|69|0x9
0|10|libxul.so|style::custom_properties::do_substitute_chunk|git:github.com/mozilla-firefox/firefox:servo/components/style/custom_properties.rs:93aad2a6615f670b1279c229dd37f7397236131a||0x16c2
0|11|libxul.so|style::custom_properties::substitute_internal|git:github.com/mozilla-firefox/firefox:servo/components/style/custom_properties.rs:93aad2a6615f670b1279c229dd37f7397236131a|2287|0x97
0|12|libxul.so|style::properties::UnparsedValue::substitute_variables|git:github.com/mozilla-firefox/firefox:servo/components/style/properties/mod.rs:93aad2a6615f670b1279c229dd37f7397236131a|1465|0x131
0|13|libxul.so|style::properties::cascade::Cascade::apply_one_longhand|git:github.com/mozilla-firefox/firefox:servo/components/style/properties/cascade.rs:93aad2a6615f670b1279c229dd37f7397236131a|976|0x2f9
0|14|libxul.so|style::properties::cascade::Cascade::apply_non_prioritary_properties|git:github.com/mozilla-firefox/firefox:servo/components/style/properties/cascade.rs:93aad2a6615f670b1279c229dd37f7397236131a|911|0x9d
0|15|libxul.so|style::properties::cascade::cascade_rules|git:github.com/mozilla-firefox/firefox:servo/components/style/properties/cascade.rs:93aad2a6615f670b1279c229dd37f7397236131a|202|0x717
0|16|libxul.so|style::stylist::Stylist::cascade_style_and_visited|git:github.com/mozilla-firefox/firefox:servo/components/style/stylist.rs:93aad2a6615f670b1279c229dd37f7397236131a|1495|0xef
0|17|libxul.so|style::style_resolver::StyleResolverForElement<E>::cascade_primary_style|git:github.com/mozilla-firefox/firefox:servo/components/style/style_resolver.rs:93aad2a6615f670b1279c229dd37f7397236131a|278|0x504
0|18|libxul.so|style::style_resolver::StyleResolverForElement<E>::resolve_primary_style|git:github.com/mozilla-firefox/firefox:servo/components/style/style_resolver.rs:93aad2a6615f670b1279c229dd37f7397236131a|232|0xc1
0|19|libxul.so|style::style_resolver::StyleResolverForElement<E>::resolve_style|git:github.com/mozilla-firefox/firefox:servo/components/style/style_resolver.rs:93aad2a6615f670b1279c229dd37f7397236131a|296|0x29
0|20|libxul.so|style::traversal::compute_style|git:github.com/mozilla-firefox/firefox:servo/components/style/traversal.rs:93aad2a6615f670b1279c229dd37f7397236131a|616|0x1c92
0|21|libxul.so|style::parallel::style_trees|git:github.com/mozilla-firefox/firefox:servo/components/style/parallel.rs:93aad2a6615f670b1279c229dd37f7397236131a|158|0x37e
0|22|libxul.so|style::driver::traverse_dom::{{closure}}|git:github.com/mozilla-firefox/firefox:servo/components/style/driver.rs:93aad2a6615f670b1279c229dd37f7397236131a|138|0x1f8
0|23|libxul.so|style::driver::traverse_dom|git:github.com/mozilla-firefox/firefox:servo/components/style/driver.rs:93aad2a6615f670b1279c229dd37f7397236131a|127|0x20c
0|24|libxul.so|geckoservo::glue::traverse_subtree|git:github.com/mozilla-firefox/firefox:servo/ports/geckolib/glue.rs:93aad2a6615f670b1279c229dd37f7397236131a|330|0x3eb
0|25|libxul.so|Servo_TraverseSubtree|git:github.com/mozilla-firefox/firefox:servo/ports/geckolib/glue.rs:93aad2a6615f670b1279c229dd37f7397236131a|390|0x3c5
0|26|libxul.so|mozilla::ServoStyleSet::StyleDocument(mozilla::ServoTraversalFlags)|git:github.com/mozilla-firefox/firefox:layout/style/ServoStyleSet.cpp:93aad2a6615f670b1279c229dd37f7397236131a|830|0x239
0|27|libxul.so|mozilla::RestyleManager::DoProcessPendingRestyles(mozilla::ServoTraversalFlags)|git:github.com/mozilla-firefox/firefox:layout/style/RestyleManager.cpp:93aad2a6615f670b1279c229dd37f7397236131a|3202|0x1cb
0|28|libxul.so|mozilla::RestyleManager::ProcessPendingRestyles()|git:github.com/mozilla-firefox/firefox:layout/style/RestyleManager.cpp:93aad2a6615f670b1279c229dd37f7397236131a|3340|0xc1
0|29|libxul.so|mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush)|git:github.com/mozilla-firefox/firefox:layout/base/PresShell.cpp:93aad2a6615f670b1279c229dd37f7397236131a|4473|0x6b7
0|30|libxul.so|mozilla::EventStateManager::FlushLayout(nsPresContext*)|git:github.com/mozilla-firefox/firefox:dom/events/EventStateManager.cpp:93aad2a6615f670b1279c229dd37f7397236131a|6944|0x31
0|31|libxul.so|mozilla::EventStateManager::PreHandleEvent(nsPresContext*, mozilla::WidgetEvent*, nsIFrame*, nsIContent*, nsEventStatus*, nsIContent*)|git:github.com/mozilla-firefox/firefox:dom/events/EventStateManager.cpp:93aad2a6615f670b1279c229dd37f7397236131a|1212|0xf3d
0|32|libxul.so|mozilla::PresShell::EventHandler::DispatchEvent(mozilla::EventStateManager*, mozilla::WidgetEvent*, bool, nsEventStatus*, nsIContent*)|git:github.com/mozilla-firefox/firefox:layout/base/PresShell.cpp:93aad2a6615f670b1279c229dd37f7397236131a|9096|0x10c
0|33|libxul.so|mozilla::PresShell::EventHandler::HandleEventWithCurrentEventInfo(mozilla::WidgetEvent*, nsEventStatus*, bool, nsIContent*)|git:github.com/mozilla-firefox/firefox:layout/base/PresShell.cpp:93aad2a6615f670b1279c229dd37f7397236131a|9063|0x345
0|34|libxul.so|mozilla::PresShell::EventHandler::HandleEventWithTarget(mozilla::WidgetEvent*, nsIFrame*, nsIContent*, nsEventStatus*, bool, nsIContent**, nsIContent*)|git:github.com/mozilla-firefox/firefox:layout/base/PresShell.cpp:93aad2a6615f670b1279c229dd37f7397236131a|8970|0x22b
0|35|libxul.so|mozilla::PointerEventHandler::DispatchPointerFromMouseOrTouch(mozilla::PresShell*, nsIFrame*, nsIContent*, mozilla::dom::Element*, mozilla::WidgetGUIEvent*, bool, nsEventStatus*, nsIContent**)|git:github.com/mozilla-firefox/firefox:dom/events/PointerEventHandler.cpp:93aad2a6615f670b1279c229dd37f7397236131a|1323|0xa63
0|36|libxul.so|mozilla::PresShell::EventHandler::DispatchPrecedingPointerEvent(AutoWeakFrame&, mozilla::WidgetGUIEvent*, mozilla::dom::Element*, bool, mozilla::PresShell::EventHandler::EventTargetData*, nsEventStatus*)|git:github.com/mozilla-firefox/firefox:layout/base/PresShell.cpp:93aad2a6615f670b1279c229dd37f7397236131a|7980|0x221
0|37|libxul.so|mozilla::PresShell::EventHandler::HandleEventUsingCoordinates(AutoWeakFrame&, mozilla::WidgetGUIEvent*, nsEventStatus*, bool)|git:github.com/mozilla-firefox/firefox:layout/base/PresShell.cpp:93aad2a6615f670b1279c229dd37f7397236131a|7602|0x1f6
0|38|libxul.so|mozilla::PresShell::EventHandler::HandleEvent(AutoWeakFrame&, mozilla::WidgetGUIEvent*, bool, nsEventStatus*)|git:github.com/mozilla-firefox/firefox:layout/base/PresShell.cpp:93aad2a6615f670b1279c229dd37f7397236131a|7484|0x197
0|39|libxul.so|mozilla::PresShell::HandleEvent(nsIFrame*, mozilla::WidgetGUIEvent*, bool, nsEventStatus*)|git:github.com/mozilla-firefox/firefox:layout/base/PresShell.cpp:93aad2a6615f670b1279c229dd37f7397236131a|7304|0x467
0|40|libxul.so|mozilla::PresShellWidgetListener::HandleEvent(mozilla::WidgetGUIEvent*)|git:github.com/mozilla-firefox/firefox:layout/base/PresShellWidgetListener.cpp:93aad2a6615f670b1279c229dd37f7397236131a|245|0xb3
0|41|libxul.so|mozilla::dom::BrowserChild::HandleRealMouseButtonEvent(mozilla::WidgetMouseEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long const&)|git:github.com/mozilla-firefox/firefox:dom/ipc/BrowserChild.cpp:93aad2a6615f670b1279c229dd37f7397236131a|1811|0x2fa
0|42|libxul.so|mozilla::dom::BrowserChild::RecvRealMouseButtonEvent(mozilla::WidgetMouseEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long const&)|git:github.com/mozilla-firefox/firefox:dom/ipc/BrowserChild.cpp:93aad2a6615f670b1279c229dd37f7397236131a|1762|0x1b
0|43|libxul.so|mozilla::dom::BrowserChild::RecvSynthMouseMoveEvent(mozilla::WidgetMouseEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long const&)|git:github.com/mozilla-firefox/firefox:dom/ipc/BrowserChild.cpp:93aad2a6615f670b1279c229dd37f7397236131a|1720|0xd
0|44|libxul.so|mozilla::dom::PBrowserChild::OnMessageReceived(IPC::Message const&)|s3:gecko-generated-sources:86b2651c92f7d73b0cda96d4881bb192bec53324db50d58eece10d9945522745dd36ff78ed3c7223e63a210b09c915bacfb51f26d9bfce20aec6dff4bcc62e29/ipc/ipdl/PBrowserChild.cpp:|5302|0x10dd
0|45|libxul.so|mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&)|s3:gecko-generated-sources:9f274f2791b4b9de4e65dc9a135f92ba6f798c6230b89699e23987d8da5cedf255e23591a3db132d73f97a61a90828e57850fa394ff09126d02050ed342431b9/ipc/ipdl/PContentChild.cpp:|8534|0x5f9
0|46|libxul.so|mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&)|git:github.com/mozilla-firefox/firefox:ipc/glue/MessageChannel.cpp:93aad2a6615f670b1279c229dd37f7397236131a|1793|0x128
0|47|libxul.so|mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, std::unique_ptr<IPC::Message, std::default_delete<IPC::Message> >)|git:github.com/mozilla-firefox/firefox:ipc/glue/MessageChannel.cpp:93aad2a6615f670b1279c229dd37f7397236131a|1719|0x250
0|48|libxul.so|mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&)|git:github.com/mozilla-firefox/firefox:ipc/glue/MessageChannel.cpp:93aad2a6615f670b1279c229dd37f7397236131a|1508|0x178
0|49|libxul.so|mozilla::ipc::MessageChannel::MessageTask::Run()|git:github.com/mozilla-firefox/firefox:ipc/glue/MessageChannel.cpp:93aad2a6615f670b1279c229dd37f7397236131a|1610|0xcd
0|50|libxul.so|mozilla::RunnableTask::Run()|git:github.com/mozilla-firefox/firefox:xpcom/threads/TaskController.cpp:93aad2a6615f670b1279c229dd37f7397236131a|705|0x17
0|51|libxul.so|mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&)|git:github.com/mozilla-firefox/firefox:xpcom/threads/TaskController.cpp:93aad2a6615f670b1279c229dd37f7397236131a|1325|0x5b4
0|52|libxul.so|mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&)|git:github.com/mozilla-firefox/firefox:xpcom/threads/TaskController.cpp:93aad2a6615f670b1279c229dd37f7397236131a|1148|0x57
0|53|libxul.so|mozilla::TaskController::ProcessPendingMTTask(bool)|git:github.com/mozilla-firefox/firefox:xpcom/threads/TaskController.cpp:93aad2a6615f670b1279c229dd37f7397236131a|641|0x65
0|54|libxul.so|mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run()|git:github.com/mozilla-firefox/firefox:xpcom/threads/nsThreadUtils.h:93aad2a6615f670b1279c229dd37f7397236131a|549|0x16
0|55|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|git:github.com/mozilla-firefox/firefox:xpcom/threads/nsThread.cpp:93aad2a6615f670b1279c229dd37f7397236131a|1164|0x5ba
0|56|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|git:github.com/mozilla-firefox/firefox:xpcom/threads/nsThreadUtils.cpp:93aad2a6615f670b1279c229dd37f7397236131a|461|0x4f
0|57|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|git:github.com/mozilla-firefox/firefox:ipc/glue/MessagePump.cpp:93aad2a6615f670b1279c229dd37f7397236131a|85|0xc0
0|58|libxul.so|MessageLoop::Run()|git:github.com/mozilla-firefox/firefox:ipc/chromium/src/base/message_loop.cc:93aad2a6615f670b1279c229dd37f7397236131a|343|0x61
0|59|libxul.so|nsBaseAppShell::Run()|git:github.com/mozilla-firefox/firefox:widget/nsBaseAppShell.cpp:93aad2a6615f670b1279c229dd37f7397236131a|152|0x28
0|60|libxul.so|nsAppShell::Run()|git:github.com/mozilla-firefox/firefox:widget/gtk/nsAppShell.cpp:93aad2a6615f670b1279c229dd37f7397236131a|555|0x114
0|61|libxul.so|XRE_RunAppShell()|git:github.com/mozilla-firefox/firefox:toolkit/xre/nsEmbedFunctions.cpp:93aad2a6615f670b1279c229dd37f7397236131a|656|0x6b
0|62|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*)|git:github.com/mozilla-firefox/firefox:ipc/glue/MessagePump.cpp:93aad2a6615f670b1279c229dd37f7397236131a|235|0x3c
0|63|libxul.so|MessageLoop::Run()|git:github.com/mozilla-firefox/firefox:ipc/chromium/src/base/message_loop.cc:93aad2a6615f670b1279c229dd37f7397236131a|343|0x61
0|64|libxul.so|XRE_InitChildProcess(int, char**, XREChildData const*)|git:github.com/mozilla-firefox/firefox:toolkit/xre/nsEmbedFunctions.cpp:93aad2a6615f670b1279c229dd37f7397236131a|594|0xa21
0|65|firefox-bin|main|git:github.com/mozilla-firefox/firefox:browser/app/nsBrowserApp.cpp:93aad2a6615f670b1279c229dd37f7397236131a|465|0x21c
|
Assignee | |
Updated•4 days ago
|
Flags: needinfo?(emilio)
|
|
Assignee | |
Comment 1•1 day ago
|
||
We might want to skip this signature (so that the one that shows up is do_substitute_chunk). Do you recall how to do this?
Flags: needinfo?(continuation)
|
||
Comment 2•1 day ago
|
||
(In reply to Emilio Cobos Álvarez [:emilio] from comment #1)
We might want to skip this signature (so that the one that shows up is
do_substitute_chunk). Do you recall how to do this?
You'll want to add things to irrelevant_signature_re.txt. (And probably remove them from prefix_signature_re.txt.) Basically you just need to file a bug in Bugzilla, and then do a pull request in Socorro. Documentation is here, though I wouldn't worry about testing locally.
Flags: needinfo?(continuation)
|
|
||
Comment 3•1 day ago
|
||
Basically, frames that match the irrelevant list are removed and frames in the prefix list are added to the signature and then it moves to the next frame. Once it hits a frame that doesn't match either, it adds that frame and stops. (You can see there's already a bunch of stuff to ignore the Rust panic gunk.)
|
|
Assignee | |
Updated•1 day ago
|
Keywords: regression
Regressed by: 1879743
|
|
Assignee | |
Comment 4•1 day ago
|
||
Huh, I wonder what's special about this / why fuzzers haven't found anything like this before :)
|
||
Comment 5•1 day ago
|
||
Set release status flags based on info from the regressing bug 1879743
status-firefox147:
--- → affected
status-firefox148:
--- → affected
status-firefox-esr140:
--- → affected
|
||
Updated•1 day ago
|
|
|
Assignee | |
Updated•1 day ago
|
Flags: needinfo?(emilio)
|
|
Assignee | |
Comment 6•1 day ago
|
||
What is going on in this page is:
- We have two nested references + fallback, both with missing closing
parens. - But the value actually ends with a closing paren, the rgb() function.
So we fail to detect that the closing parens are missing, and we mess up
the indices during substitution because we rely on the fallback end
being the end of the var() reference minus 1.
Properly tests for it by checking the block end against the
outside-of-the-block start. If they're the same there was no closing
paren. We could extend cssparser with this information maybe but for now
this seems ok. UnquotedUrl I think we can leave as-is.
Add two tests, once with a would be successful substitution that we get
wrong right now, but this patch fixes, and the actually crashing test.
I'm a bit surprised that no fuzzer has found this before tbh...
|
||
Updated•1 day ago
|
Assignee: nobody → emilio
Status: NEW → ASSIGNED
Pushed by ealvarez@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/cdebb24a4e19
https://hg.mozilla.org/integration/autoland/rev/61ed05956056
Fix missing-closing-characters checks in custom property parsing. r=firefox-style-system-reviewers,dshin
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/57494 for changes under testing/web-platform/tests
Pushed by pstanciu@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/d8503a135049
https://hg.mozilla.org/integration/autoland/rev/5b0e695b66fd
Fix a regression with trailing unclosed comments.
|
||
Comment 10•1 day ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/61ed05956056
https://hg.mozilla.org/mozilla-central/rev/5b0e695b66fd
Status: ASSIGNED → RESOLVED
Closed: 1 day ago
Resolution: --- → FIXED
Target Milestone: --- → 149 Branch
Upstream PR merged by moz-wptsync-bot
|
|
||
Comment 12•20 hours ago
|
||
The patch landed in nightly and beta is affected.
:emilio, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- See https://wiki.mozilla.org/Release_Management/Requesting_an_Uplift for documentation on how to request an uplift.
- If no, please set
status-firefox148towontfix.
For more information, please visit BugBot documentation.
Flags: needinfo?(emilio)
|
|
Assignee | |
Comment 13•20 hours ago
|
||
Comment on attachment 9541860 [details]
Bug 2013337 - Fix missing-closing-characters checks in custom property parsing. r=#style
Beta/Release Uplift Approval Request
- User impact if declined/Reason for urgency: Fixes crash found on the wild
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: comment 0
- List of other uplifts needed: none
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Relatively well-tested codepath.
- String changes made/needed: none
- Is Android affected?: Yes
Flags: needinfo?(emilio)
Attachment #9541860 -
Flags: approval-mozilla-beta?
|
|
Assignee | |
Updated•20 hours ago
|
Flags: qe-verify+
|
|
Assignee | |
Comment 14•20 hours ago
|
||
Note that https://github.com/mozilla-firefox/firefox/commit/d8503a135049 needs to get uplifted as well.
|
||
Comment 15•18 hours ago
|
||
Verified as fixed on the latest firefox for Android Nightly 149.0a1 from 2/3 with a Samsung Galaxy S24 (Android 16), and a Pixel 6 (Android 16).
Loading hackathon.pump.fun/ crashed Firefox for Android 147.0.2, but not Nightly 149.0a1 from 2/3.
Flags: qe-verify+
|
||
Comment 16•17 hours ago
|
||
:emilio, do you also want to add an uplift request for ESR140?
It will need a rebased patch
https://wiki.mozilla.org/Release_Management/Requesting_an_Uplift#Manual_Cherry-Pick_(Recommended_if_Conflicts_Are_Likely)
Flags: needinfo?(emilio)
|
|
||
Comment 17•15 hours ago
|
||
Comment on attachment 9541860 [details]
Bug 2013337 - Fix missing-closing-characters checks in custom property parsing. r=#style
Approved for 148.0b11
Attachment #9541860 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Updated•15 hours ago
|
|
||
Comment 18•15 hours ago
|
||
| uplift | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•