Closed
Bug 475215
Opened 16 years ago
Closed 16 years ago
Crash due to too much recursion in nsCSSSelector::ToStringInternal
Categories
(Core :: DOM: CSS Object Model, defect, P4)
Core
DOM: CSS Object Model
Tracking
()
VERIFIED
FIXED
mozilla1.9.2a1
People
(Reporter: jruderman, Assigned: dbaron)
References
Details
(Keywords: crash, testcase, verified1.9.1, Whiteboard: [not really fixed1.9.1; just the pre-patch is])
Attachments
(3 files)
420 bytes,
text/html
|
Details | |
10.03 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
roc
:
approval1.9.1+
|
Details | Diff | Splinter Review |
6.40 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
498 // selectors are linked from right-to-left, so the next selector in the linked list
499 // actually precedes this one in the resulting string
:(
Reporter | ||
Updated•16 years ago
|
Blocks: jesse-css-grammar-fuzzer
Assignee | ||
Updated•16 years ago
|
Assignee: nobody → dbaron
Status: NEW → ASSIGNED
OS: Mac OS X → All
Hardware: x86 → All
Assignee | ||
Comment 1•16 years ago
|
||
This adds a bunch of tests that I wanted to be sure not to break, and fixes a crash in those tests, which was a null dereference of prefixAtom just below the lines inserted, after failing this assertion:
NS_ASSERTION(prefixAtom, "how'd we get a non-default namespace "
"without a prefix?");
nsAutoString prefix;
prefixAtom->ToString(prefix);
Attachment #361897 -
Flags: superreview?(bzbarsky)
Attachment #361897 -
Flags: review?(bzbarsky)
Assignee | ||
Comment 2•16 years ago
|
||
This should fix the bug, although I admit I was too lazy to test...
Attachment #361899 -
Flags: superreview?(bzbarsky)
Attachment #361899 -
Flags: review?(bzbarsky)
Comment 3•16 years ago
|
||
Comment on attachment 361897 [details] [diff] [review]
patch 1: tests for what I'm going to change, and a crash fix for those tests
Hrm. I'd thought I'd checked that... Do we need to backport this part to 1.9.1?
Attachment #361897 -
Flags: superreview?(bzbarsky)
Attachment #361897 -
Flags: superreview+
Attachment #361897 -
Flags: review?(bzbarsky)
Attachment #361897 -
Flags: review+
Updated•16 years ago
|
Attachment #361899 -
Flags: superreview?(bzbarsky)
Attachment #361899 -
Flags: superreview+
Attachment #361899 -
Flags: review?(bzbarsky)
Attachment #361899 -
Flags: review+
Assignee | ||
Comment 4•16 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/044096199dd6
http://hg.mozilla.org/mozilla-central/rev/cb9390d48d10
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Priority: -- → P4
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.2a1
Assignee | ||
Updated•16 years ago
|
Attachment #361897 -
Flags: approval1.9.1?
Attachment #361897 -
Flags: approval1.9.1? → approval1.9.1+
Assignee | ||
Comment 5•16 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/bd55ea224fb7
marking fixed1.9.1 since the part I wanted to land on 1.9.1 is fixed there.
Keywords: fixed1.9.1
Whiteboard: [not really fixed1.9.1; just the pre-patch is]
Comment 6•16 years ago
|
||
verified FIXED on builds: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090415 Minefield/3.6a1pre ID:20090415030845
and
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b4pre) Gecko/20090416 Shiretoko/3.5b4pre ID:20090416030924
I'm a bit confused on the test cases for patch 1, were they added to in-testsuite? I'll raise the flag for a check.
Comment 7•15 years ago
|
||
testcase crash Firefox 3.0.14 on load -> http://crash-stats.mozilla.com/report/index/dc57eee0-f06c-48a2-ad42-2e7852090915?p=1
Flags: wanted1.8.1.x?
Updated•15 years ago
|
Flags: wanted1.8.1.x? → wanted1.9.0.x?
You need to log in
before you can comment on or make changes to this bug.
Description
•