[HTML5] Crash [@ nsHtml5Parser::ExecuteScript] with svg document.write and script

RESOLVED WORKSFORME

Status

()

Core
HTML: Parser
--
critical
RESOLVED WORKSFORME
9 years ago
7 years ago

People

(Reporter: Martijn Wargers (dead), Unassigned)

Tracking

({crash, testcase})

Trunk
x86
All
crash, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

9 years ago
Created attachment 387546 [details]
testcase

See testcase, to get this crash, you need to have the html5.enable pref set to
true.

http://crash-stats.mozilla.com/report/index/4089bea6-5242-4ae0-bd8e-8576f2090708?p=1
0  	XUL  	nsHtml5Parser::ExecuteScript  	 parser/html/nsHtml5Parser.cpp:1319
1 	XUL 	nsHtml5Parser::ParseUntilSuspend 	parser/html/nsHtml5Parser.cpp:1243
2 	XUL 	nsHtml5Parser::OnStopRequest 	parser/html/nsHtml5Parser.cpp:655
3 	XUL 	nsDocumentOpenInfo::OnStopRequest 	uriloader/base/nsURILoader.cpp:323
4 	XUL 	nsBaseChannel::OnStopRequest 	netwerk/base/src/nsBaseChannel.cpp:680
5 	XUL 	nsInputStreamPump::OnStateStop 	netwerk/base/src/nsInputStreamPump.cpp:576
6 	XUL 	nsInputStreamPump::OnInputStreamReady 	netwerk/base/src/nsInputStreamPump.cpp:401
7 	XUL 	nsInputStreamReadyEvent::Run 	xpcom/io/nsStreamUtils.cpp:111
8 	XUL 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:527
9 	XUL 	NS_ProcessPendingEvents_P 	nsThreadUtils.cpp:180
10 	XUL 	nsBaseAppShell::NativeEventCallback 	widget/src/xpwidgets/nsBaseAppShell.cpp:121
11 	XUL 	nsAppShell::ProcessGeckoEvents 	widget/src/cocoa/nsAppShell.mm:413
12 	CoreFoundation 	CFRunLoopRunSpecific 	
13 	CoreFoundation 	CFRunLoopRunInMode 	
14 	HIToolbox 	RunCurrentEventLoopInMode 	
15 	HIToolbox 	ReceiveNextEventCommon 	
16 	HIToolbox 	BlockUntilNextEventMatchingListInMode 	
17 	AppKit 	_DPSNextEvent 	
18 	AppKit 	-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 	
19 	AppKit 	-[NSApplication run] 	
20 	XUL 	nsAppShell::Run 	widget/src/cocoa/nsAppShell.mm:766
21 	XUL 	nsAppStartup::Run 	toolkit/components/startup/src/nsAppStartup.cpp:193
22 	XUL 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3369
23 	firefox-bin 	main 	browser/app/nsBrowserApp.cpp:156
24 	firefox-bin 	firefox-bin@0x1541 	
25 	firefox-bin 	firefox-bin@0x1468 	
26 		@0xe
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2a1pre) Gecko/20090708 Minefield/3.6a1pre

Reproduce here as well.
OS: Mac OS X → All
I don't crash with a 20090709 Mac OS X build (yes, with the html5 pref turned on). Hard to imagine this coincidentally got fixed the very next day after reporting it, but maybe -- does that make this a dupe of a known bug, or am I testing it incorrectly?
(Reporter)

Updated

9 years ago
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → WORKSFORME
(Assignee)

Updated

7 years ago
Crash Signature: [@ nsHtml5Parser::ExecuteScript]
You need to log in before you can comment on or make changes to this bug.