Infinite recursion crash [@ nsRuleNode::GetSVGData] again with nested marquees

RESOLVED WORKSFORME

Status

()

--
critical
RESOLVED WORKSFORME
11 years ago
7 years ago

People

(Reporter: martijn.martijn, Unassigned)

Tracking

(Blocks: 1 bug, {crash, regression, testcase})

Trunk
x86
Windows XP
crash, regression, testcase
Points:
---
Bug Flags:
wanted1.9.1 +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dos] stack overflow, crash signature, URL)

(Reporter)

Description

11 years ago
This is a follow-up from bug 454434.

I thought this was fixed by bug 425253 and that the crashtest that was attached to that bug made it sure new crashers would be noticed.
But it seems like the crashtest is the wrong one, afaict:
http://mxr.mozilla.org/mozilla-central/source/layout/generic/crashtests/425253-1.html

So now nested marquees are crashing again.
I can look for a regression range, if wanted.

http://crash-stats.mozilla.com/report/index/c5a96c4f-7ead-11dd-8817-0013211cbf8a
0  	xul.dll  	nsRuleNode::GetSVGData  	
1 	xul.dll 	nsRuleNode::GetStyleData 	
2 	xul.dll 	nsRuleNode::WalkRuleTree 	
3 	xul.dll 	nsRuleNode::GetSVGData 	
4 	xul.dll 	nsRuleNode::GetStyleData 	
5 	xul.dll 	nsRuleNode::WalkRuleTree 	
6 	xul.dll 	nsRuleNode::GetSVGData 	
7 	xul.dll 	nsRuleNode::GetStyleData 	
8 	xul.dll 	nsRuleNode::WalkRuleTree 	
9 	xul.dll 	nsRuleNode::GetSVGData 	
10 	xul.dll 	nsRuleNode::GetStyleData 	
11 	xul.dll 	nsRuleNode::WalkRuleTree
etc...
(Reporter)

Comment 1

11 years ago
Ok, I guess the crash test as checked in also showed the crash.
The nested marquee one was still suffering from bug 239840, I guess.
(Reporter)

Updated

11 years ago
Flags: blocking1.9.1?
Flags: blocking1.9.1? → wanted1.9.1+
I got a slightly different stack clicking attachment details of bug 454434 
bp-e7422a0d-d465-4cbf-80f6-82d952090131
nsRuleNode::GetTextData	layout/style/nsRuleNode.cpp:1326
nsRuleNode::GetStyleText	layout/style/nsStyleStructList.h:89
nsRuleNode::ComputeTextData	layout/style/nsRuleNode.cpp:2926
@0x9bc69c7	
nsRuleNode::GetStyleData	layout/style/nsStyleStructList.h:89
nsRuleNode::WalkRuleTree	layout/style/nsRuleNode.cpp:1764
nsRuleNode::GetStyleData	layout/style/nsStyleStructList.h:89
nsRuleNode::WalkRuleTree	layout/style/nsRuleNode.cpp:1764
nsRuleNode::GetStyleData	layout/style/nsStyleStructList.h:89
nsRuleNode::WalkRuleTree	layout/style/nsRuleNode.cpp:1764
nsRuleNode::GetTextData	layout/style/nsRuleNode.cpp:1331
nsRuleNode::GetStyleText	layout/style/nsStyleStructList.h:89
Blocks: 454434
Whiteboard: [sg:dos] stack overflow
No longer blocks: 454434

Comment 4

8 years ago
Should this be a dupe of bug 363722 ?

Comment 5

8 years ago
http://www.kossolax.be/scripts/je_veux_crasher_mon_navigateur.php appears to be this same bug which crashes Firefox 4 on Windows XP and 7 with a variety of stacks that either begin with or contain:

nsRuleNode::GetSVGData(nsStyleContext*)
nsRuleNode::GetStyleData(nsStyleStructID, nsStyleContext*, int)
nsStyleContext::GetStyleData(nsStyleStructID)
nsRuleNode::WalkRuleTree(nsStyleStructID, nsStyleContext*, nsRuleData*, nsCSSStruct*)
nsRuleNode::GetSVGData(nsStyleContext*)
Blocks: 532972
Crash Signature: [@ nsRuleNode::GetSVGData]

Comment 6

7 years ago
Nothing in a version beyond 3.0 and 3.6. Even then there is a single instance in the past 4 weeks. Resolving as Works For Me.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.