Closed Bug 570376 Opened 14 years ago Closed 14 years ago

Crash [@ MaybeSetForm] with html5.enable == false and <form><legend>

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla2.0b1

People

(Reporter: philor, Assigned: philor)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Fix v.1
3.08 KB, patch
bzbarsky
: review+
Details | Diff | Splinter Review 
STR:

1. In any build after bug 565611 landed, set html5.enable to false
2. Load data:text/html,<form><legend> (or, if you insist on realism, load a UPS tracking page, that's what I did)
3. Crash, bang, boom, http://crash-stats.mozilla.com/report/index/b6cfaae1-ec96-4d31-a77c-dc5752100605

My naive assumption is that just removing case eHTMLTag_legend: from http://hg.mozilla.org/mozilla-central/annotate/b219912edfec/content/html/document/src/nsHTMLContentSink.cpp#l500 will fix the crash, but I'm not sure how to write a crashtest that requires having a pref set to crash.
Attached patch Fix v.1Splinter Review 
Assignee: nobody → philringnalda
Status: NEW → ASSIGNED

        Attachment #449564 -
        Flags: review?(bzbarsky)

    
  
Keywords: crash

    
    

    
  
Comment on attachment 449564 [details] [diff] [review]
Fix v.1

r=bzbarsky.  Sorry for the lag!

        Attachment #449564 -
        Flags: review?(bzbarsky) → review+

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/b51803f3fdef
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Flags: in-testsuite+

    
    

    
  
V. Fixed for Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a6pre) Gecko/20100625 SeaMonkey/2.1a3pre, no more crash despite html5.enable=false.
Status: RESOLVED → VERIFIED

    
    

    
  
And http://hg.mozilla.org/mozilla-central/rev/de899bedeb3e since as Jesse pointed out, I typoed the bug number when I gave it to gen_template.pl, so with the no-bug-number commit message, it really looked like I was hiding something.
Target Milestone: --- → mozilla1.9.3b1
Crash Signature: [@ MaybeSetForm]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: