Crash [@nsCSSFrameConstructor::GetFrame]

VERIFIED DUPLICATE of bug 265181

Status

()

defect
--
critical
VERIFIED DUPLICATE of bug 265181
15 years ago
5 years ago

People

(Reporter: mozilla, Unassigned)

Tracking

({crash})

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:nse], crash signature)

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.8a5) Gecko/20041021

When running the Zalewski cgi test program I discovered a reproducible crash
with a garbage HTML file that I will attach shortly. The OS/2 debugger tells me
that it is in nsCSSFrameConstructor::GetFrame in the line
   return frame->GetContentInsertionFrame();
While the crash is not specific to OS/2 or the trunk (I can reproduce it with
1.7.3 on OS/2 and with 1.7.3 on Linux) I didn't create a debug build for Linux
yet and I don't have talkback.

Perhaps there is security involved...
(Reporter)

Comment 1

15 years ago
Posted file testcase
The garbled HTML as created by the Zalewski test program

Updated

15 years ago
Group: security
Confirmed on Linux with Mozilla 1.7.?
Severity: normal → critical
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: crash in nsCSSFrameConstructor::GetFrame → Crash [@nsCSSFrameConstructor::GetFrame]

Updated

15 years ago
Whiteboard: [sg:nse]

Comment 3

15 years ago
confirmed, winxp, firefox 0.10.1

Comment 4

15 years ago
TB1456593G

Comment 5

15 years ago
the patch in bug 265181 fixes this crash
Depends on: 265181
Blocks: Zalewski
(Reporter)

Comment 6

15 years ago
Can someone please confirm that the patch to bug 265404 fixed this? Cannot
reproduce any more, so from my point of view this can be resolved.

*** This bug has been marked as a duplicate of 265181 ***
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
No longer depends on: 265181
Crash Signature: [@nsCSSFrameConstructor::GetFrame]
You need to log in before you can comment on or make changes to this bug.