User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041022 Firefox/1.0 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041022 Firefox/1.0 Tonight's firefox build on linux and 1.0PR1 on Windows crashes reproducably under at the given URL Reproducible: Always Steps to Reproduce: 1. go to titus-stahl.ecommunics.org/TB1476484Z.html 2. 3. Actual Results: Firefox crashes Expected Results: Firefox doesn't crash Talkback ID TB1476484Z
Created attachment 163170 [details] [diff] [review] fix crash in DEBUG-only code The only crash I saw after loading the page in question for a few minutes was in debug-only code, and this fixes it.
Comment on attachment 163170 [details] [diff] [review] fix crash in DEBUG-only code May as well at least land this on the trunk (IntTagToStringTag seems to return null for the userdefined enum. Should we fix that instead?)
Bug confirmed on 1.0PR1 Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Windows 2000 Had a few tabs open, went to site, and crashed. Sent talkback, but I neglected to get the ID (and I am not sure how to get the info back up on FF).
Comment on attachment 163170 [details] [diff] [review] fix crash in DEBUG-only code r+sr=jst
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8a5) Gecko/20041107 Firefox/0.9.1+ This didn't crash for me, I left it running for several hours, evincing 2 MB of some seriously weird HTML. Is there known to be a fix in? Mac OS X running under MOL, so there may have been less than the usual risk of memory depletion
Created attachment 175738 [details] backtrace Reported using: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b) Gecko/20050209 Firefox/1.0+ Crash occurred in MAS of that date Crashes are still possible. I also get these ASSERTIONS ###!!! ASSERTION: failed to load URL: 'NS_SUCCEEDED(rv)', file ../../../../../../src/content/html/content/src/nsGenericHTMLElement.cpp, line 3456 ###!!! ASSERTION: illegal height for combined area: 'aCombinedArea.height >= 0', file ../../../../src/layout/generic/nsLineBox.cpp, line 480 and many WARNINGS. I assume that the URL given generates HTML with random attributes and other values.
Created attachment 188169 [details] backtrace This bug appears to be still in, there are some minor changes to the backtrace, but I suspect that the crash is the same.
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20051128 Firefox/1.6a1 I don't get a crash here. CPU skyrockets and I get lots of assertions; e.g. ###!!! ASSERTION: bad width: 'Not Reached', file /moz/mozilla/layout/generic/nsLineLayout.cpp, line 247, but it doesn't crash and I /am/ able to click the back button and navigate away from the page.
The url testcase doesn't seem to be there anymore.
still valid with 3.5.2 or later?
no, sorry, testcase was lost - but telling from the age of the bug it should probably be invalid anyway.
Well, take a leap and say WFM.