Closed
Bug 500788
Opened 15 years ago
Closed 15 years ago
Crash [@ nsFrame::CorrectStyleParentFrame] with -moz-column, <spacer>, <keygen>
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: crash, testcase, Whiteboard: [sg:critical?])
Crash Data
Attachments
(4 files)
Crash [@ nsFrame::CorrectStyleParentFrame] reading from 0xddddddf1.
Reporter | ||
Comment 1•15 years ago
|
||
Reporter | ||
Updated•15 years ago
|
Whiteboard: [sg:critical?]
Comment 3•15 years ago
|
||
dbaron, do you have any time to take this bug or should we look for another owner?
Comment 4•15 years ago
|
||
Here's a somewhat reduced testcase. Removed a few tags and some of the styling, and replaced the <keygen> and the script-created-<area> both with <span>s.
Updated•15 years ago
|
Attachment #406083 -
Attachment is patch: false
Attachment #406083 -
Attachment mime type: text/plain → application/xhtml+xml
Updated•15 years ago
|
OS: Mac OS X → All
Comment 5•15 years ago
|
||
A Twitter user reported http://crash-stats.mozilla.com/report/index/2852b26c-bb56-4ce5-96a2-6762d2091103 which contains this stack. He said he crashed after a session restore.
Reporter | ||
Comment 6•15 years ago
|
||
WFM on trunk. fantasai's frame destruction patches in bug 508473 fixed several -moz-column bugs, so they might have fixed this as well.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ nsFrame::CorrectStyleParentFrame]
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•