Closed Bug 389663 Opened 17 years ago Closed 17 years ago

CSS test crashes Firefox [@ 0x1d13bf3a] [@ nsImageDocument::CheckOverflowing]

Categories

(Core :: CSS Parsing and Computation, defect)

defect
Not set
critical

Tracking

()

VERIFIED FIXED

People

(Reporter: mp3geek, Assigned: sharparrow1)

References

()

Details

(Keywords: crash)

Crash Data

Attachments

(3 files)

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007072605 Minefield/3.0a7pre
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007072605 Minefield/3.0a7pre

Clicking on the link from the website will crash firefox 

Reproducible: Always

Steps to Reproduce:
1. Open the Above URL
2. Click on the link
3. Crash
Actual Results:  
Crashes browser

Expected Results:  
Shouldn't crash browser

its only a beta test site, previously worked with other versions
Crash using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a7pre) Gecko/2007072605 Minefield/3.0a7pre ID:2007072605

 bp-b3c857ae-3b82-11dc-ae37-001a4bd43ef6

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a7pre) Gecko/2007072607 Minefield/3.0a7pre ID:2007072607

crashes here too (virgin profile)
Severity: normal → major
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attached patch PatchSplinter Review
Another case of someone holding onto a random stylecontext pointer too long and expecting things to work...
Assignee: nobody → sharparrow1
Status: NEW → ASSIGNED
Attachment #273989 - Flags: review?(bzbarsky)
Severity: major → critical
Component: General → Style System (CSS)
Keywords: crash
OS: Linux → All
Product: Firefox → Core
QA Contact: general → style-system
Hardware: PC → All
Version: unspecified → Trunk
Comment on attachment 273989 [details] [diff] [review]
Patch

Looks fine, but what's killing the prescontext in this case?

It might be worth filing a bug on somehow making style contexts keep things alive better or something...
Attachment #273989 - Flags: superreview+
Attachment #273989 - Flags: review?(bzbarsky)
Attachment #273989 - Flags: review+
Wait, that comment is wrong.  The issue is that the rule node is getting destroyed.  I'll post a fixed version.
Attached patch Final patchSplinter Review
Patch with fixed-up comment.
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a7pre) Gecko/2007072614 Minefield/3.0a7pre ID:2007072614

VERIFIED
Flags: in-testsuite?
Pasting stack here so people searching for this can actually find it. Also marking verified based on Peter's comment.

0 @0x1d13bf3a
1 nsImageDocument::CheckOverflowing(int)
2 nsImageDocument::OnStartContainer(imgIRequest*, imgIContainer*)
3 nsImageLoadingContent::OnStartContainer(imgIRequest*, imgIContainer*)
4 imgRequestProxy::OnStartContainer(imgIContainer*)
5 imgRequest::OnStartContainer(imgIRequest*, imgIContainer*)
6 nsGIFDecoder2::BeginGIF()
7 nsGIFDecoder2::GifWrite(unsigned char const*, unsigned int)
8 nsGIFDecoder2::ProcessData(unsigned char*, unsigned int, unsigned int*)
9 ReadDataOut(nsIInputStream*, void*, char const*, unsigned int, unsigned int,
unsigned int*)
Status: RESOLVED → VERIFIED
Summary: CSS test crashes Firefox → CSS test crashes Firefox [@ 0x1d13bf3a] [@ nsImageDocument::CheckOverflowing]
Crash Signature: [@ 0x1d13bf3a] [@ nsImageDocument::CheckOverflowing]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: