Crash with earthlink.net

RESOLVED DUPLICATE of bug 315752

Status

()

Core
Layout
--
critical
RESOLVED DUPLICATE of bug 315752
12 years ago
11 years ago

People

(Reporter: Martijn Wargers (dead), Unassigned)

Tracking

(Blocks: 1 bug, {crash})

Trunk
x86
Windows XP
crash
Points:
---
Dependency tree / graph
Bug Flags:
wanted1.8.1.x -

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dupe 315752] after 1.8 branch, URL)

(Reporter)

Comment 1

12 years ago
From the talkback ID:

0x0365b5ff
DoDeletingFrameSubtree  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9687]
DoDeletingFrameSubtree  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9687]
DeletingFrameSubtree  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9733]
nsCSSFrameConstructor::RemoveMappingsForFrameSubtree  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9783]
nsFrameList::DestroyFrame  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/generic/nsFrameList.cpp, line 234]
DeletingFrameSubtree  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9767]
nsCSSFrameConstructor::ContentRemoved  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9918]
nsCSSFrameConstructor::RecreateFramesForContent  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 11530]
nsCSSFrameConstructor::RestyleElement  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 10412]
nsCSSFrameConstructor::ProcessOneRestyle  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 13246]
nsCSSFrameConstructor::ProcessPendingRestyles  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 13298]
nsCSSFrameConstructor::RestyleEvent::HandleEvent  [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 13365]
SHELL32.dll + 0x520c24 (0x778b0c24)

So this could have the same cause as bug 310426.
Depends on: 310426
Whiteboard: [sg:investigate]

Updated

12 years ago
Flags: blocking1.8.0.1?
(Reporter)

Comment 2

12 years ago
Note that this was a follow-up from bug 316636. That bug is fixed on trunk and has blocking 1.8.0.1? flag set.
This crash could be the same as bug 310426, which is a trunk only crasher.
Depends on: 316636

Comment 3

12 years ago
Martijn, so does that mean we crash later than before?
(Reporter)

Comment 4

12 years ago
Yes, I think so, although I never crashed with the same stacktrace in bug 316636 (which is why I got a different minimised testcase there).
(Reporter)

Comment 5

12 years ago
This is fixed by bug 315752.
Tested with:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051220 Firefox/1.6a1
Doesn't crash anymore.
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Depends on: 315752
No longer depends on: 310426
Resolution: --- → FIXED
Bob: is this a trunk only crash like 315752? If so please remove the 1.8.0.1 nomination.

Updated

12 years ago
Flags: blocking1.8.0.1?
> but see a crash similar to bug 307809

Bug 307809 was only fixed on trunk, not on branch.  Do we need that fix on branch?

Comment 9

12 years ago
(In reply to comment #8)

> Bug 307809 was only fixed on trunk, not on branch.  Do we need that fix on
> branch?

Not that I can see. It was not a real security issue and was just easy to fix on trunk right?
Yeah, it was a null-pointer-dereference crash, so not a security issue.
Whiteboard: [sg:investigate] → [sg:dupe 315752]
Whiteboard: [sg:dupe 315752] → [sg:dupe 315752] after 1.8 branch
Flags: wanted1.8.1.x-
Group: security
Resolution: FIXED → DUPLICATE
Summary: Crash with automated randomstyles at earthlink.net → Crash with earthlink.net
Duplicate of bug: 315752
You need to log in before you can comment on or make changes to this bug.