Crash bug in nightly build (5/9), with source.

RESOLVED DUPLICATE of bug 265736

Status

()

--
critical
RESOLVED DUPLICATE of bug 265736
14 years ago
14 years ago

People

(Reporter: bugzilla, Unassigned)

Tracking

Trunk
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050509 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050509 Firefox/1.0+

I'm using the HTML Manglizer from
http://lcamtuf.coredump.cx/soft/mangleme.tgz to test the 5/9 nightly build of FF
 on Windows XP SP2.  I came across a page which results in a browser crash.  As
soon as the page is loaded, FireFox crashes.  This is 100%
reproducable for me.  I don't have details on the source of the problem.  

I uploaded the page to http://www.cs.rpi.edu/~laplam/crash2.htm so you can view
it live.  I've also attached the source code for the page, so
hopefully someone with greater knowledge can locate the source of the problem.

Talkback reports filed as a result of this:
TB5711416X, TB5711409H, TB5711405E

Reproducible: Always

Steps to Reproduce:
(Reporter)

Comment 1

14 years ago
Created attachment 183118 [details]
Source code resulting in crash (tarred).
Also with Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b2)
Gecko/20050507 Firefox/1.0+

..but the talkback is more meaningful: TB5711541H
Basically recursion that never ends at
http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/layout/base/nsCSSRendering.cpp&mark=3878&rev=#3878

This bug should probably go to Core -> CSS

Comment 3

14 years ago
When I tried reducing this I ended up with:

<hr width=20003066 size=3 color=0>

Removing the <hr> from the original testcase seems to stop the crash, I think
this bug could be a duplicate of Bug 265736.

Moving to Core->Layout for further triage.
Component: General → Layout
Product: Firefox → Core
QA Contact: general → layout
Version: unspecified → Trunk

Comment 4

14 years ago
Crash reproduced using Mozilla Suite Trunk Nightly Build ID: 2005051105 on
Windows XP.
Load URL, Crash

Talkback ID:TB5759808Y

Please change status to: NEW

Comment 5

14 years ago
Incident ID: 5759808
Stack Signature	msvcrt.dll + 0x403c6 (0x77c503c6) c15c109e
Product ID	MozillaTrunk
Build ID	2005051105
Trigger Time	2005-05-11 17:15:56.0
Platform	Win32
Operating System	Windows NT 5.1 build 2600
Module	msvcrt.dll + (000403c6)
URL visited	http://www.cs.rpi.edu/~laplam/crash2.htm
User Comments	Load url Crash This is Mozilla Bug 293560
Since Last Crash	198 sec
Total Uptime	1389 sec
Trigger Reason	Stack overflow
Source File, Line No.	N/A
Stack Trace 	
msvcrt.dll + 0x403c6 (0x77c503c6)
QBCurve::SubDivide 
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSRendering.cpp,
line 3927]
QBCurve::SubDivide 
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSRendering.cpp,
line 3936]
QBCurve::SubDivide 
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSRendering.cpp,
line 3936]

*** This bug has been marked as a duplicate of 265736 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.