Too-much-recursion crash with "@media (width: 5ex)" due to the possibility of font-face rules

RESOLVED FIXED in mozilla1.9.1b3

Status

()

Core
CSS Parsing and Computation
P2
critical
RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: Jesse Ruderman, Assigned: dbaron)

Tracking

(Blocks: 1 bug, {crash, testcase, verified1.9.1})

Trunk
mozilla1.9.1b3
crash, testcase, verified1.9.1
Points:
---
Bug Flags:
blocking1.9.1 +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

(Reporter)

Description

9 years ago
Created attachment 357300 [details]
testcase (crashes Firefox when loaded)
(Reporter)

Comment 1

9 years ago
Created attachment 357301 [details]
stack trace window
(Assignee)

Comment 2

9 years ago
Probably when CalcLengthWith calls GetMetricsFor we need to suppress the call to GetUserFontSet.
(Assignee)

Updated

9 years ago
Flags: blocking1.9.1?
(Assignee)

Updated

9 years ago
Assignee: nobody → dbaron
(Assignee)

Comment 3

9 years ago
Created attachment 357436 [details] [diff] [review]
patch

I think ignoring the user font set in this case is the right thing to do; it *shouldn't* make a difference, and on the off-chance it does, we should be using the value without in anyway.  (The infinite recursion was the result of building it.)
Attachment #357436 - Flags: superreview?(bzbarsky)
Attachment #357436 - Flags: review?(bzbarsky)
Attachment #357436 - Flags: superreview?(bzbarsky)
Attachment #357436 - Flags: superreview+
Attachment #357436 - Flags: review?(bzbarsky)
Attachment #357436 - Flags: review+
(Assignee)

Comment 4

9 years ago
Fixed: http://hg.mozilla.org/mozilla-central/rev/b5eb575e2264
Status: NEW → RESOLVED
Last Resolved: 9 years ago
OS: Mac OS X → All
Priority: -- → P2
Hardware: x86 → All
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.2a1
Flags: blocking1.9.1? → blocking1.9.1+
(Assignee)

Comment 5

9 years ago
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/0224daaa3156
Keywords: fixed1.9.1
Target Milestone: mozilla1.9.2a1 → mozilla1.9.1b3
(Reporter)

Updated

9 years ago
Blocks: 476744
Verified fixed on the 1.9.1 branch using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20090211 Shiretoko/3.1b3pre and Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b3pre) Gecko/20090211 Shiretoko/3.1b3pre. No crash with testcase. Adding keyword.
Keywords: fixed1.9.1 → verified1.9.1
You need to log in before you can comment on or make changes to this bug.