User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050509 Firefox/1.0+ Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050509 Firefox/1.0+ I'm using the HTML Manglizer from http://lcamtuf.coredump.cx/soft/mangleme.tgz to test the 5/9 nightly build of FF on Windows XP SP2. I came across a page which results in a browser crash. As soon as the page is loaded, FireFox crashes. This is 100% reproducable for me. I don't have details on the source of the problem. I uploaded the page to http://www.cs.rpi.edu/~laplam/crash2.htm so you can view it live. I've also attached the source code for the page, so hopefully someone with greater knowledge can locate the source of the problem. Talkback reports filed as a result of this: TB5711416X, TB5711409H, TB5711405E Reproducible: Always Steps to Reproduce:
Also with Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b2) Gecko/20050507 Firefox/1.0+ ..but the talkback is more meaningful: TB5711541H Basically recursion that never ends at http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/layout/base/nsCSSRendering.cpp&mark=3878&rev=#3878 This bug should probably go to Core -> CSS
When I tried reducing this I ended up with: <hr width=20003066 size=3 color=0> Removing the <hr> from the original testcase seems to stop the crash, I think this bug could be a duplicate of Bug 265736. Moving to Core->Layout for further triage.
Component: General → Layout
Product: Firefox → Core
QA Contact: general → layout
Version: unspecified → Trunk
Crash reproduced using Mozilla Suite Trunk Nightly Build ID: 2005051105 on Windows XP. Load URL, Crash Talkback ID:TB5759808Y Please change status to: NEW
Incident ID: 5759808 Stack Signature msvcrt.dll + 0x403c6 (0x77c503c6) c15c109e Product ID MozillaTrunk Build ID 2005051105 Trigger Time 2005-05-11 17:15:56.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module msvcrt.dll + (000403c6) URL visited http://www.cs.rpi.edu/~laplam/crash2.htm User Comments Load url Crash This is Mozilla Bug 293560 Since Last Crash 198 sec Total Uptime 1389 sec Trigger Reason Stack overflow Source File, Line No. N/A Stack Trace msvcrt.dll + 0x403c6 (0x77c503c6) QBCurve::SubDivide [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSRendering.cpp, line 3927] QBCurve::SubDivide [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSRendering.cpp, line 3936] QBCurve::SubDivide [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/base/nsCSSRendering.cpp, line 3936] *** This bug has been marked as a duplicate of 265736 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.