User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.14 Safari/534.3 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:18.104.22.168) Gecko/20100722 Firefox/3.6.8 Looks like it's a use-after-free issue. I think the testcase is self-explaining although it's quite weak - it takes a lot of time to trigger the crash. Reproducible: Always http://crash-stats.mozilla.com/report/index/4b3b731c-511c-484c-a13f-ff27b2100804 Also crashes 4.0b2.
Status: UNCONFIRMED → NEW
blocking1.9.1: --- → ?
blocking1.9.2: --- → ?
blocking2.0: --- → ?
Component: Security → DOM
Ever confirmed: true
OS: Windows 7 → All
Product: Firefox → Core
QA Contact: firefox → general
Hardware: x86 → All
mrbkap thinks he has a patch
This should do it -- we need to ensure that we notify our weak references about stuff going away. I'll file a followup bug after this lands on getting rid of the manual refcounting.
Assignee: nobody → mrbkap
Status: NEW → ASSIGNED
Attachment #462981 - Flags: review?(jst)
Comment on attachment 462981 [details] [diff] [review] Proposed fix >+ if (mMimeTypeArray) >+ mMimeTypeArray->Invalidate(); s/mMimeTypeArray/mMimeTypes/g
Let's get this into the branches.
blocking1.9.1: ? → .12+
blocking1.9.2: ? → .9+
Attachment #463008 - Flags: approval22.214.171.124?
Pushed to mozilla-central. http://hg.mozilla.org/mozilla-central/rev/fe1b3c35fa9d
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Comment on attachment 463008 [details] [diff] [review] Oops, yes a=LegNeato for 126.96.36.199. This needs to be landed as soon as possible. Does the same apply to 1.9.1?
Attachment #463008 - Flags: approval188.8.131.52? → approval184.108.40.206+
Comment on attachment 463008 [details] [diff] [review] Oops, yes Note: this patch applies cleanly after s|dom/base|dom/src/base|g
Attachment #463008 - Flags: approval220.127.116.11?
Comment on attachment 463008 [details] [diff] [review] Oops, yes a=LegNeato for 18.104.22.168
Attachment #463008 - Flags: approval22.214.171.124? → approval126.96.36.199+
Verified with attached testcase in 1.9.1 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:188.8.131.52pre) Gecko/20100817 Shiretoko/3.5.12pre ( .NET CLR 3.5.30729) and in 1.9.2 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:184.108.40.206pre) Gecko/20100817 Namoroka/3.6.9pre ( .NET CLR 3.5.30729).
You need to log in before you can comment on or make changes to this bug.