CSS test crashes Firefox [@ 0x1d13bf3a] [@ nsImageDocument::CheckOverflowing]

VERIFIED FIXED

Status

()

Core
CSS Parsing and Computation
--
critical
VERIFIED FIXED
11 years ago
7 years ago

People

(Reporter: mdew, Assigned: Eli Friedman)

Tracking

({crash})

Trunk
crash
Points:
---
Bug Flags:
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(3 attachments)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007072605 Minefield/3.0a7pre
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007072605 Minefield/3.0a7pre

Clicking on the link from the website will crash firefox 

Reproducible: Always

Steps to Reproduce:
1. Open the Above URL
2. Click on the link
3. Crash
Actual Results:  
Crashes browser

Expected Results:  
Shouldn't crash browser

its only a beta test site, previously worked with other versions

Comment 1

11 years ago
Crash using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a7pre) Gecko/2007072605 Minefield/3.0a7pre ID:2007072605

 bp-b3c857ae-3b82-11dc-ae37-001a4bd43ef6

Blocks: 386640
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a7pre) Gecko/2007072607 Minefield/3.0a7pre ID:2007072607

crashes here too (virgin profile)
Severity: normal → major
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Assignee)

Comment 3

11 years ago
Created attachment 273989 [details] [diff] [review]
Patch

Another case of someone holding onto a random stylecontext pointer too long and expecting things to work...
Assignee: nobody → sharparrow1
Status: NEW → ASSIGNED
Attachment #273989 - Flags: review?(bzbarsky)
(Assignee)

Comment 4

11 years ago
Created attachment 273990 [details] [diff] [review]
Diff -w (for easier reviewing)

Updated

11 years ago
Severity: major → critical
Component: General → Style System (CSS)
Keywords: crash
OS: Linux → All
Product: Firefox → Core
QA Contact: general → style-system
Hardware: PC → All
Version: unspecified → Trunk
Comment on attachment 273989 [details] [diff] [review]
Patch

Looks fine, but what's killing the prescontext in this case?

It might be worth filing a bug on somehow making style contexts keep things alive better or something...
Attachment #273989 - Flags: superreview+
Attachment #273989 - Flags: review?(bzbarsky)
Attachment #273989 - Flags: review+
(Assignee)

Comment 6

11 years ago
Wait, that comment is wrong.  The issue is that the rule node is getting destroyed.  I'll post a fixed version.
(Assignee)

Comment 7

11 years ago
Created attachment 274019 [details] [diff] [review]
Final patch

Patch with fixed-up comment.
Attachment #274019 - Flags: superreview+
Attachment #274019 - Flags: review+
(Assignee)

Comment 8

11 years ago
Checked in.
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED

Updated

11 years ago
Duplicate of this bug: 389742
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a7pre) Gecko/2007072614 Minefield/3.0a7pre ID:2007072614

VERIFIED
Duplicate of this bug: 389791

Updated

11 years ago
Flags: in-testsuite?

Updated

11 years ago
Duplicate of this bug: 389681

Updated

11 years ago
Duplicate of this bug: 389777

Comment 14

11 years ago
Pasting stack here so people searching for this can actually find it. Also marking verified based on Peter's comment.

0 @0x1d13bf3a
1 nsImageDocument::CheckOverflowing(int)
2 nsImageDocument::OnStartContainer(imgIRequest*, imgIContainer*)
3 nsImageLoadingContent::OnStartContainer(imgIRequest*, imgIContainer*)
4 imgRequestProxy::OnStartContainer(imgIContainer*)
5 imgRequest::OnStartContainer(imgIRequest*, imgIContainer*)
6 nsGIFDecoder2::BeginGIF()
7 nsGIFDecoder2::GifWrite(unsigned char const*, unsigned int)
8 nsGIFDecoder2::ProcessData(unsigned char*, unsigned int, unsigned int*)
9 ReadDataOut(nsIInputStream*, void*, char const*, unsigned int, unsigned int,
unsigned int*)
Status: RESOLVED → VERIFIED
Summary: CSS test crashes Firefox → CSS test crashes Firefox [@ 0x1d13bf3a] [@ nsImageDocument::CheckOverflowing]
Crash Signature: [@ 0x1d13bf3a] [@ nsImageDocument::CheckOverflowing]
You need to log in before you can comment on or make changes to this bug.