Closed Bug 318451 Opened 19 years ago Closed 19 years ago

Crash with earthlink.net

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 315752

People

(Reporter: martijn.martijn, Unassigned)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: [sg:dupe 315752] after 1.8 branch) 

From the talkback ID:

0x0365b5ff
DoDeletingFrameSubtree  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9687]
DoDeletingFrameSubtree  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9687]
DeletingFrameSubtree  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9733]
nsCSSFrameConstructor::RemoveMappingsForFrameSubtree  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9783]
nsFrameList::DestroyFrame  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/generic/nsFrameList.cpp, line 234]
DeletingFrameSubtree  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9767]
nsCSSFrameConstructor::ContentRemoved  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9918]
nsCSSFrameConstructor::RecreateFramesForContent  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 11530]
nsCSSFrameConstructor::RestyleElement  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 10412]
nsCSSFrameConstructor::ProcessOneRestyle  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 13246]
nsCSSFrameConstructor::ProcessPendingRestyles  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 13298]
nsCSSFrameConstructor::RestyleEvent::HandleEvent  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 13365]
SHELL32.dll + 0x520c24 (0x778b0c24)

So this could have the same cause as bug 310426.
Depends on: 310426
Whiteboard: [sg:investigate]
Flags: blocking1.8.0.1?
Note that this was a follow-up from bug 316636. That bug is fixed on trunk and has blocking 1.8.0.1? flag set.
This crash could be the same as bug 310426, which is a trunk only crasher.
Depends on: 316636
Martijn, so does that mean we crash later than before?
Yes, I think so, although I never crashed with the same stacktrace in bug 316636 (which is why I got a different minimised testcase there).
This is fixed by bug 315752.
Tested with:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051220 Firefox/1.6a1
Doesn't crash anymore.
Status: NEW → RESOLVED
Closed: 19 years ago
Depends on: 315752
No longer depends on: 310426
Resolution: --- → FIXED
Bob: is this a trunk only crash like 315752? If so please remove the 1.8.0.1 nomination.
Flags: blocking1.8.0.1?
> but see a crash similar to bug 307809

Bug 307809 was only fixed on trunk, not on branch.  Do we need that fix on branch?
(In reply to comment #8)

> Bug 307809 was only fixed on trunk, not on branch.  Do we need that fix on
> branch?

Not that I can see. It was not a real security issue and was just easy to fix on trunk right?

Yeah, it was a null-pointer-dereference crash, so not a security issue.
Whiteboard: [sg:investigate] → [sg:dupe 315752]
Whiteboard: [sg:dupe 315752] → [sg:dupe 315752] after 1.8 branch
Flags: wanted1.8.1.x-
Group: security
Resolution: FIXED → DUPLICATE
Summary: Crash with automated randomstyles at earthlink.net → Crash with earthlink.net
You need to log in before you can comment on or make changes to this bug.