Closed
Bug 445711
Opened 17 years ago
Closed 17 years ago
Firefox crashes when it meets over 25 "ௌ". (U+0BCC TAMIL VOWEL SIGN AU)
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: black_wizard_00, Assigned: smontagu)
References
Details
(Keywords: regression, verified1.9.0.2, verified1.9.1)
Attachments
(1 file)
1.17 KB,
patch
|
pavlov
:
review+
samuel.sidler+old
:
approval1.9.0.2+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 LG_UA AD_LOGON=LGE.NET;
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 LG_UA AD_LOGON=LGE.NET;
Firefox crashes every time when it tries to handle a string of Tamil character. Specifically, it's "ௌ". When firefox encounters a page with more than 25 consecutive "ௌ"s, or if you try to enter more than 25 consecutive "ௌ" in any text area (including address bar, search bar, etc).
The crash only occurs if there are over 25 consecutive "ௌ"s. This is to say, that if you were to place a space after the 25th one and enter another "ௌ", it will be fine.
Reproducible: Always
Steps to Reproduce:
There are many steps to recreate this problem.
1. Create a document with 26 (or more) consecutive "ௌ" (without quotation marks.)
2. Try to view it in firefox.
Or:
1. In your address bar (or any other text field) enter "ௌ" 26 times. (It will crash as soon as the 26th one has been entered)
Or:
1. Create a text document and enter 26 or more consecutive "ௌ".
2. Copy the string.
3. Try to paste it into any text field in Firefox.
Actual Results:
Firefox crashes instantly.
Expected Results:
Not crash.
Or at least display some kind of warning as to what happened. The crash is instantaneous, and user is given no warning whatsoever.
This bug can be exploited in any forum or web page to make firefox crash as soon as the string of character is loaded.
I have only checked this on Windows machine, but will check to see if the same thing happens in Linux (ubuntu) during the weekend.
Comment 1•17 years ago
|
||
Please read http://mversen.de/crash/
Updated•17 years ago
|
Component: General → Layout: Fonts and Text
Product: Firefox → Core
QA Contact: general → layout.fonts-and-text
Comment 2•17 years ago
|
||
Related to bug 444452?
Assignee | ||
Comment 3•17 years ago
|
||
Attachment #330197 -
Flags: review?
Assignee | ||
Updated•17 years ago
|
Attachment #330197 -
Flags: review? → review?(pavlov)
Assignee | ||
Comment 4•17 years ago
|
||
This is regression from bug 394691:
if (rv == E_OUTOFMEMORY) {
- mGlyphs.AddElemCapacity(mMaxGlyphs);
- mAttr.AddElemCapacity(mMaxGlyphs);
+ mGlyphs.SetLength(mMaxGlyphs);
+ mAttr.SetLength(mMaxGlyphs);
mMaxGlyphs *= 2;
continue;
}
Assignee: nobody → smontagu
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.9.0.2?
Blocks: 394691
Flags: blocking1.9.1?
Assignee | ||
Updated•17 years ago
|
Summary: Firefox crashes when it meets over 25 "ௌ". → Firefox crashes when it meets over 25 "ௌ". (U+0BCC TAMIL VOWEL SIGN AU)
Updated•17 years ago
|
Flags: blocking1.9.0.2? → blocking1.9.0.2+
Keywords: regression
Comment 5•17 years ago
|
||
Stuart, can we get this reviewed? It's a blocker for 1.9.0.2.
Updated•17 years ago
|
Attachment #330197 -
Flags: review?(pavlov) → review+
Assignee | ||
Comment 6•17 years ago
|
||
Checked in with crashtest. http://hg.mozilla.org/index.cgi/mozilla-central/rev/4e59007070b6
Status: NEW → RESOLVED
Closed: 17 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Assignee | ||
Comment 7•17 years ago
|
||
Comment on attachment 330197 [details] [diff] [review]
Patch
Asking approval for 1.9.0.2. This is a very simple fix for a crash, with no risk.
Attachment #330197 -
Flags: approval1.9.0.2?
Comment 8•17 years ago
|
||
Comment on attachment 330197 [details] [diff] [review]
Patch
Approved for 1.9.0.2. Please land in CVS. a=ss
Be sure to land the crash test as well.
Attachment #330197 -
Flags: approval1.9.0.2? → approval1.9.0.2+
Checked into 1.9.0 branch with test.
Keywords: fixed1.9.0.2
Comment 11•17 years ago
|
||
verified with: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.2) Gecko/2008082911 Firefox/3.0.2
also assuming the crash test has passed for the past two weeks.
Keywords: fixed1.9.0.2 → verified1.9.0.2
Flags: blocking1.9.1? → blocking1.9.1+
Keywords: fixed1.9.1
Comment 12•16 years ago
|
||
Has this been pushed to 1.9.1 and trunk yet?
Keywords: fixed1.9.1 → verified1.9.1
Updated•16 years ago
|
Keywords: verified1.9.1 → fixed1.9.1
Comment 13•16 years ago
|
||
adesai@mozilla.com: we do not mark bugs with hundreds of keywords for all future versions that contain a fix. We use bugzilla's status fields for trunk and only add keywords for cases where we've *backported* to a branch after it branched from trunk.
Keywords: fixed1.9.1
Comment 14•16 years ago
|
||
timeless: Aakash was replacing the fixed1.9.1 keyword he had removed. Please look at a bug's history before judging the person who added a keyword.
Keywords: fixed1.9.1
Comment 15•16 years ago
|
||
Verified FIXED: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090331 Minefield/3.6a1pre
and
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4pre) Gecko/20090401 Shiretoko/3.5b4pre
timeless, there was just a small hiccup with how it was vetted :). Thanks, Sam.
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1 → verified1.9.1
You need to log in
before you can comment on or make changes to this bug.
Description
•