Closed
Bug 509132
Opened 15 years ago
Closed 12 years ago
top crash [@ nsSubDocumentFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&)]
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: samuel.sidler+old, Unassigned)
References
Details
(Keywords: crash, Whiteboard: [sg:dos null-deref])
Crash Data
+++ This bug was initially created as a clone of Bug #482578 +++ In bug 482578, we fixed a topcrasher that was the #1 overall topcrash, by far. It typically contained 2-3 times the amount of crashes as the #2 and #3 top crashes. The fix, however, might not be complete. We're still seeing this crash on the 1.9.0 branch. It's currently #15 overall. We need URLs to reproduce this on, however. The initial testcase has been fixed in 482578. Bob, Tomcat: Can you provide some URLs for this signature? Filing as security sensitive since the previous bug was.
Comment 1•15 years ago
|
||
Not until bug 507985 is fixed.
Comment 3•15 years ago
|
||
This has dropped to crash #68 in Firefox 3.0.15 Seems to be a null deref based on stacks, do we really need this hidden? Are we likely to fix it more than it currently is since it's not on newer branches?
Keywords: testcase-wanted
Whiteboard: [sg:dos null-deref]
Reporter | ||
Comment 4•15 years ago
|
||
I only made it hidden since bug 482578 was hidden. If we don't think this is a dangerous crash, then we should open it up.
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ nsSubDocumentFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&)]
Comment 5•13 years ago
|
||
This isn't very high volume. I am removing the top crash keyword.
Keywords: topcrash
Comment 6•12 years ago
|
||
According to https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&query=nsSubDocumentFrame%3A%3AReflow&reason_type=contains&date=03%2F09%2F2012%2020%3A18%3A00&range_value=1&range_unit=weeks&hang_type=any&process_type=any&do_query=1&signature=nsSubDocumentFrame%3A%3AReflow%28nsPresContext*%2C%20nsHTMLReflowMetrics%26%2C%20nsHTMLReflowState%20const%26%2C%20unsigned%20int%26%29 There are a bunch of 3.0.x crashes, and then a small handful of ones in recent builds (three in 9, four in 10). There are ZERO in 3.5.x or 3.6.x so I think it's safe to call whatever this bug represented as "worksforme" rather than try to keep it open to now represent the newer crash that just happens to occur at the same location (in very small numbers).
Group: core-security
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Updated•9 years ago
|
Keywords: testcase-wanted
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•