Closed
Bug 343608
Opened 18 years ago
Closed 18 years ago
Crash [@ nsCachedStyleData::GetStyleData] using quotes and generated content
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 343206
People
(Reporter: martijn.martijn, Unassigned)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(2 files)
See upcoming testcase, which crashes current trunk Mozilla builds.
It doesn't crash current Firefox2 build (1.8.1 branch), so this seems to be a regression.
A regression range might be useful here.
The testcase consists of this:
<q xmlns="http://www.w3.org/1999/xhtml">
<script xmlns="http://www.w3.org/1999/xhtml">
function addstyles(){
var x=document.createElementNS('http://www.w3.org/1999/xhtml','style');
x.innerHTML='\
*::before { content:"This page should not crash Mozilla"; float:right;}\
';
document.documentElement.appendChild(x);
}
setTimeout(addstyles,200);
</script>
</q>
Somehow the float:right rule is necessary for the crash, although it doesn't even work for generated content, currently.
|
Reporter | |
Comment 1•18 years ago
|
||
|
|
Reporter | |
Comment 2•18 years ago
|
||
In a debug build, I get an assertion first (stack attached):
###!!! ASSERTION: Must have parent context for generated content: '!generatedCon
tent || parentContext', file c:/mozilla/mozilla/layout/style/nsRuleNode.cpp, lin
e 2628
Then the crash:
#0 0x061cfed4 in nsCachedStyleData::GetStyleData (this=0x1c, aSID=@0x22f338)
at c:/mozilla/mozilla/layout/style/nsRuleNode.h:215
#1 0x05d95100 in nsStyleContext::GetStyleData (this=0x0,
aSID=eStyleStruct_Display)
at c:/mozilla/mozilla/layout/style/nsStyleContext.cpp:221
#2 0x061b071f in nsStyleContext::GetStyleDisplay (this=0x0)
at c:/mozilla/mozilla/layout/svg/base/src/../../../style/nsStyleStructList.h
:95
#3 0x05d8def5 in nsRuleNode::ComputeDisplayData (this=0xf307bc8,
aStartStruct=0x10882f74, aData=@0x22f498, aContext=0x108b90d4,
aHighestNode=0xf307bc8, aRuleDetail=@0x22f3fc, aInherited=0)
at c:/mozilla/mozilla/layout/style/nsRuleNode.cpp:2630
#4 0x05d8a632 in nsRuleNode::WalkRuleTree (this=0xf307bc8,
aSID=eStyleStruct_Display, aContext=0x108b90d4, aRuleData=0x22f448,
aSpecificData=0x22f498)
at c:/mozilla/mozilla/layout/style/nsStyleStructList.h:95
etc.
|
||
Comment 3•18 years ago
|
||
Crashed for the first time between 1.9a1_2006041419 and 1.9a1_2006041504
|
|
Reporter | |
Comment 4•18 years ago
|
||
Ok, thanks Ria.
So with that regression range and the stacktrace I get, I would say this is somehow a regression from bug 332333.
Blocks: 332333
|
||
Comment 5•18 years ago
|
||
Martijn, I'm pretty sure this is a dupe of bug 343206.
|
|
Reporter | |
Comment 6•18 years ago
|
||
Yeah, indeed a duplicate of that bug.
*** This bug has been marked as a duplicate of 343206 ***
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
|
|
Reporter | |
Updated•18 years ago
|
Group: security
|
||
Updated•18 years ago
|
Group: security
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@ nsCachedStyleData::GetStyleData]
You need to log in
before you can comment on or make changes to this bug.
Description
•