Closed Bug 390470 Opened 18 years ago Closed 17 years ago

Crash in gfxSkipCharsIterator::SetOffsets on some articles on http://www.heise.de/tp/

Categories

(Core :: Graphics, defect)

x86
All
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: jiha.bugzilla, Unassigned)

References

()

Details

Attachments

(1 file)

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007073122 Mnenhy/0.7.5.0 SeaMonkey/2.0a1pre Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/200707312222 Mnenhy/0.7.5.0 SeaMonkey/2.0a1pre (self compiled from cvs; cvs checkout start: 2007-07-31 22:31:11 CEST (+0200)) The crash does not occur always. Maybe it depends on dynamically generated content. Reproducible: Sometimes Steps to Reproduce: 1. Visit http://www.heise.de/tp/r4/artikel/25/25842/1.html or http://www.heise.de/tp/r4/artikel/25/25854/1.html 2. If crash does not occur immediately try to resize the browser window. 3. If crash still does not occur try to reload. Actual Results: Crash with 0xb58136f3 in gfxSkipCharsIterator::SetOffsets (this=0xbf8670fc, aOffset=934, aInOriginalString=1) at /media/hdb2/mozilla/moz-cvs-Arbeitskopie/mozilla/gfx/thebes/src/gfxSkipChars.cpp:129 I also reproduced the crash with an official Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a7pre) Gecko/2007080104 Minefield/3.0a7pre. Breakpad Report should be found at: http://crash-stats.mozilla.com/report/index/dc3620b8-4041-11dc-9bc4-001a4bd43ed6?date=2007-08-01-15 See also http://crash-stats.mozilla.com/report/list?range_unit=weeks&query_search=signature&query_type=contains&signature=gfxSkipCharsIterator%3A%3ASetOffsets%28unsigned+int%2Cint%29&query=gfxSkipCharsIterator%3A%3ASetOffsets&range_value=1 Maybe this has something to do with bug 385270 and/or bug 386584 . However those crashes refer to gfxSkipChars.cpp, line 92. I checked http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=mozilla%2Fgfx%2Fthebes%2Fsrc%2FgfxSkipChars.cpp&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=all&mindate=2007-06-20&maxdate=&cvsroot=%2Fcvsroot to see if this line 92 maybe became line 129 due to recent patches but it does not look like that.
Adding stacktrace made with a SeaMonkey 20070801-debug-build. Furthermore I found out that the crash does not occur with a 20070723_firefox-3.0a7pre.en-US.linux-i686. I'll try to narrow the regression range.
Last good here: cvs checkout start: Mo 2007-07-30 15:24:16 CEST (+0200) First bad: cvs checkout start: Tue 2007-07-31 18:36:29 CEST (+0200) However I can not figure out a suspicious checkin at http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2007-07-30+06%3A00%3A00&maxdate=2007-07-31+09%3A45%3A00&cvsroot=%2Fcvsroot
I get the same stacktrace with suiterunner debug build 20070801 using Windows XP. The problematic access is mSkipChars->mList[mListPrefixLength]; According to the VS2005 Debugger, mListPrefixLength has the value 84803983, but mSkipChars.mListLength has the value 6.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
(In reply to comment #2) > Last good here: > cvs checkout start: Mo 2007-07-30 15:24:16 CEST (+0200) > > First bad: > cvs checkout start: Tue 2007-07-31 18:36:29 CEST (+0200) Could be the backout of bug 385270. If that's the case, the crash should also appear in builds from before the initial checkin of that bug (20070723).
(In reply to comment #4) > Could be the backout of bug 385270. If that's the case, the crash should also > appear in builds from before the initial checkin of that bug (20070723). I checked builds with: cvs checkout start: Fr 2007-07-20 01:00:12 CEST (+0200) cvs checkout start: Fr 2007-07-20 14:49:34 CEST (+0200) cvs checkout start: Mo 2007-07-23 13:45:44 CEST (+0200) cvs checkout start: Mo 2007-07-23 19:31:51 CEST (+0200) cvs checkout start: Mo 2007-07-23 23:50:17 CEST (+0200) All of them don't show the crash.
Dupe of 385526?
Does this still happen on trunk now that bug 385526 is fixed?
Actually I cannot reproduce this anymore. Even with the above mentioned 'bad' builds. Maybe something was changed at the site (e.g. some dynamically embedded ads). Marking this bug WORKSFORME
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: