All users were logged out of Bugzilla on October 13th, 2018

[@ nsStyleContext::GetStyleData]

RESOLVED DUPLICATE of bug 306782

Status

()

--
critical
RESOLVED DUPLICATE of bug 306782
13 years ago
7 years ago

People

(Reporter: jruderman, Unassigned)

Tracking

(Blocks: 1 bug, {crash})

1.8 Branch
PowerPC
Mac OS X
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dupe 306782] hold for 306663-based testcase, crash signature)

(Reporter)

Description

13 years ago
The testcase crashes Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
rv:1.8b4) Gecko/20050901 Firefox/1.0+, but doesn't crash trunk.

I'm filing this bug as security-sensitive because the testcase includes code
from bug 306663 and I was unable to make a simple testcase.  This crash doesn't
seem to be exploitable based on stacks.
(Reporter)

Comment 1

13 years ago
Created attachment 194621 [details]
testcase (not simplified)
(Reporter)

Comment 2

13 years ago
Steps to reproduce:
1. Load the testcase.
2. Wait 1-5 seconds after the testcase finishes loading.

Result: Crash (TB8953568W, TB8953741Z, TB8954484Q).
(Reporter)

Updated

13 years ago
Blocks: 306663
(Reporter)

Comment 3

13 years ago
No crash with a Gecko 1.8 branch hourly.  Fixed by the patch for bug 265367.
(Reporter)

Comment 4

13 years ago

*** This bug has been marked as a duplicate of 306782 ***
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 306782] hold for 306663-based testcase
Group: security
(Assignee)

Updated

7 years ago
Crash Signature: [@ nsStyleContext::GetStyleData]
You need to log in before you can comment on or make changes to this bug.