Closed
Bug 318451
Opened 19 years ago
Closed 19 years ago
Crash with earthlink.net
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 315752
People
(Reporter: martijn.martijn, Unassigned)
References
()
Details
(Keywords: crash, Whiteboard: [sg:dupe 315752] after 1.8 branch)
From the talkback ID: 0x0365b5ff DoDeletingFrameSubtree [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9687] DoDeletingFrameSubtree [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9687] DeletingFrameSubtree [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9733] nsCSSFrameConstructor::RemoveMappingsForFrameSubtree [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9783] nsFrameList::DestroyFrame [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/generic/nsFrameList.cpp, line 234] DeletingFrameSubtree [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9767] nsCSSFrameConstructor::ContentRemoved [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9918] nsCSSFrameConstructor::RecreateFramesForContent [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 11530] nsCSSFrameConstructor::RestyleElement [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 10412] nsCSSFrameConstructor::ProcessOneRestyle [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 13246] nsCSSFrameConstructor::ProcessPendingRestyles [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 13298] nsCSSFrameConstructor::RestyleEvent::HandleEvent [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 13365] SHELL32.dll + 0x520c24 (0x778b0c24) So this could have the same cause as bug 310426.
Depends on: 310426
Updated•19 years ago
|
Whiteboard: [sg:investigate]
Updated•19 years ago
|
Flags: blocking1.8.0.1?
Reporter | ||
Comment 2•19 years ago
|
||
Note that this was a follow-up from bug 316636. That bug is fixed on trunk and has blocking 1.8.0.1? flag set. This crash could be the same as bug 310426, which is a trunk only crasher.
Depends on: 316636
Reporter | ||
Comment 4•19 years ago
|
||
Yes, I think so, although I never crashed with the same stacktrace in bug 316636 (which is why I got a different minimised testcase there).
Reporter | ||
Comment 5•19 years ago
|
||
This is fixed by bug 315752. Tested with: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051220 Firefox/1.6a1 Doesn't crash anymore.
Comment 6•19 years ago
|
||
Bob: is this a trunk only crash like 315752? If so please remove the 1.8.0.1 nomination.
Updated•19 years ago
|
Flags: blocking1.8.0.1?
Comment 8•19 years ago
|
||
> but see a crash similar to bug 307809 Bug 307809 was only fixed on trunk, not on branch. Do we need that fix on branch?
Comment 9•19 years ago
|
||
(In reply to comment #8) > Bug 307809 was only fixed on trunk, not on branch. Do we need that fix on > branch? Not that I can see. It was not a real security issue and was just easy to fix on trunk right?
Comment 10•19 years ago
|
||
Yeah, it was a null-pointer-dereference crash, so not a security issue.
Updated•18 years ago
|
Whiteboard: [sg:investigate] → [sg:dupe 315752]
Updated•18 years ago
|
Whiteboard: [sg:dupe 315752] → [sg:dupe 315752] after 1.8 branch
Updated•17 years ago
|
Flags: wanted1.8.1.x-
Updated•17 years ago
|
Group: security
Resolution: FIXED → DUPLICATE
Summary: Crash with automated randomstyles at earthlink.net → Crash with earthlink.net
You need to log in
before you can comment on or make changes to this bug.
Comment 1
•