Closed
Bug 347304
Opened 18 years ago
Closed 18 years ago
ASSERTION: yikes - we just overwrote memory: 'indexp <= aIndexBuffer->mBuffer + aIndexBuffer->mBufferLen', file /home/np/mozilla/layout/generic/nsTextFrame.cpp, line 2366
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 345071
People
(Reporter: jason.barnabe, Unassigned)
References
()
Details
(Keywords: hang, Whiteboard: [sg:dupe 345071])
Attachments
(1 file)
10.26 KB,
text/plain
|
Details |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9a1) Gecko/20060803 Minefield/3.0a1 1. Load http://userstyles.org/style/show/210?raw , a 30KB CSS file with some very long lines 2. Scroll to the bottom 3. Reload 4. Keep reloading until you get a hang Last few reload's output: nsLineLayout: Text(3)@0x2315a08 metrics=511160,225! Block(pre)(0)@0x2352510: line=0x23159c8 xmost=519575 nsLineLayout: Text(3)@0x2315a08 metrics=681803,225! Block(pre)(0)@0x2352510: line=0x23159c8 xmost=690218 nsLineLayout: Text(3)@0x2315a08 metrics=785684,225! Block(pre)(0)@0x2352510: line=0x23159c8 xmost=794099 Block(pre)(0)@0x2352510: WARNING: xmost:794099 ++DOMWINDOW == 9 --DOMWINDOW == 8 nsLineLayout: Text(3)@0x22f9df8 metrics=511160,225! Block(pre)(0)@0x259cb10: line=0x22f9db8 xmost=519575 nsLineLayout: Text(3)@0x22f9df8 metrics=681803,225! Block(pre)(0)@0x259cb10: line=0x22f9db8 xmost=690218 nsLineLayout: Text(3)@0x22f9df8 metrics=785684,225! Block(pre)(0)@0x259cb10: line=0x22f9db8 xmost=794099 Block(pre)(0)@0x259cb10: WARNING: xmost:794099 ++DOMWINDOW == 9 --DOMWINDOW == 8 nsLineLayout: Text(3)@0x2368750 metrics=511026,225! Block(pre)(0)@0x25b9570: line=0x2368710 xmost=578319 nsLineLayout: Text(3)@0x2368750 metrics=681458,225! Block(pre)(0)@0x25b9570: line=0x2368710 xmost=748751 nsLineLayout: Text(3)@0x2368750 metrics=726806,225! Block(pre)(0)@0x25b9570: line=0x2368710 xmost=794099 ###!!! ASSERTION: yikes - we just overwrote memory: 'indexp <= aIndexBuffer->mBuffer + aIndexBuffer->mBufferLen', file /home/np/mozilla/layout/generic/nsTextFrame.cpp, line 2366 I've marked this as a security bug because "yikes - we just overwrote memory" doesn't sound too safe...
Reporter | ||
Comment 1•18 years ago
|
||
Comment 2•18 years ago
|
||
bug 345071 describes a problem in nsTextFrame::PaintUnicodeText involving the same assertion and was recently (Aug 15) fixed on trunk. Has the problem been fixed in recent nightlies, or is it a different problem that just happens to hit the same assertion?
Whiteboard: [sg:critical?] dupe of bug 345071?
Reporter | ||
Comment 3•18 years ago
|
||
Doesn't happen any more with Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9a1) Gecko/20060907 Minefield/3.0a1 I'd mark it as a dupe but Bugzilla seems to not let me.
Comment 4•18 years ago
|
||
Thanks for the confirmation. *** This bug has been marked as a duplicate of 345071 ***
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:critical?] dupe of bug 345071? → [sg:dupe 345071]
Updated•18 years ago
|
Group: security
You need to log in
before you can comment on or make changes to this bug.
Description
•