Security-sensitive because the testcase includes code from bug 306663. (The testcase is also derived in part from a testcase on bug 300474.) Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20051006 Firefox/1.6a1 Steps to reproduce: 1. Make your browser window reasonably large (maximized should work) 2. Load the testcase. Expected: Background of the page turns green. Result: Background of the page remains white. Firefox stops repainting in the entire window. If you press the Home button, you'll see your home page's title in the title bar, but your home page won't appear. Resizing the window makes Firefox start painting again. I can reproduce in a debug build.
Created attachment 198786 [details] testcase (somewhat reduced) This testcase does fewer than 20 DOM manipulations. Hopefully that's reduced-enough, because I don't know how to reduce it further.
Summary: Firefox stops repainting after juggling OPTIONS and OPTGROUPS → Firefox stops repainting after juggling <option>s and <optgroup>s
Whiteboard: [sg:nse] dos (private because reveals another bug)
Is this still reproducible?
Created attachment 218677 [details] testcase (not reduced) Stops repainting around when the status bar counter says 302. Around the same time, I start seeing ###!!! ASSERTION: Height is still NS_UNCONSTRAINEDSIZE: 'aDesiredSize.height < 100000', file /Users/admin/trunk/mozilla/layout/forms/nsListControlFrame.cpp, line 1074 in the console if I'm using a debug build. So maybe this bug is similar to bug 305029 and bug 322731 in that it involves huge widths or heights.
Sounds like it might be. Maybe we need a tracker to track such issues?
I created bug 334359, "[meta] Bugs where Firefox stops painting/drawing".
I am not currently working on this -> nobody
Assignee: joshmoz → nobody
Whiteboard: [sg:nse] dos (private because reveals another bug) → [sg:dos] (private because reveals another bug)
Product: Core → Core Graveyard
Jesse: Is this still applicable anywhere? Does it still reveal a bug? (Bug 300474 is fixed now but bug 306663 is closed; can we just make the testcase a private attachment?)
WFM in mozilla-central debug builds, even on my oldest Mac (PowerBook G4 / Leopard).
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → WORKSFORME
Keywords: csec-dos, csec-spoof
Whiteboard: [sg:dos] (private because reveals another bug)
You need to log in before you can comment on or make changes to this bug.