Closed
Bug 622596
Opened 13 years ago
Closed 11 years ago
Firefox 3.5.16 Crash Report [@ nsTypedSelection::ContainsNode(nsIDOMNode*, int, int*) ]
Categories
(Core :: General, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: cbook, Assigned: bc)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(1 file)
161 bytes,
text/html
|
Details |
Running Mz's fuzzer on 3.5.16 caused a crash in @ nsTypedSelection::ContainsNode(nsIDOMNode*, int, int*) http://crash-stats.mozilla.com/report/index/b7ad94d8-b87a-40e8-a680-4c1cd2110103 need to find the url for the testcase Crashing Thread Frame Module Signature [Expand] Source 0 xul.dll nsTypedSelection::ContainsNode layout/generic/nsSelection.cpp:6064 1 xul.dll nsCOMPtr_base::~nsCOMPtr_base obj-firefox/xpcom/build/nsCOMPtr.cpp:81 2 xul.dll XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2456
Updated•13 years ago
|
Whiteboard: [sg:needinfo]
Comment 2•13 years ago
|
||
lets put all the cross_fuzz bugs as blocking on bug 581539 for now.
Comment 3•13 years ago
|
||
so far this looks like only 3.5.16 Windows NT 6.1.7600, and maybe all three reports are tomcat. nsTypedSelection::ContainsNode(nsIDOMNode*, int, int*) 3.5.16 Windows NT 6.1.7600 http://lcamtuf.coredump.cx/cross_fuzz/targets/target.html CrashCat http://crash-stats.mozilla.com/report/index/83f5a97c-2fb3-4df2-99cd-3f0732110103 nsTypedSelection::ContainsNode(nsIDOMNode*, int, int*) 3.5.16 Windows NT 6.1.7600 http://lcamtuf.coredump.cx/cross_fuzz/targets/target.html crashcat windows 7 http://crash-stats.mozilla.com/report/index/b7ad94d8-b87a-40e8-a680-4c1cd2110103 nsTypedSelection::ContainsNode(nsIDOMNode*, int, int*) 3.5.16 Windows NT 6.1.7600 wyciwyg://19/http://lcamtuf.coredump.cx/cross_fuzz/cross_fuzz_randomized_20100729_seed.html CrashCat http://crash-stats.mozilla.com/report/index/3431aead-bcab-4590-802b-1d3302110103
Updated•13 years ago
|
Blocks: crossfuzz-pvt
Reporter | ||
Comment 4•13 years ago
|
||
(In reply to comment #3) > so far this looks like only 3.5.16 Windows NT 6.1.7600, and maybe all three > reports are tomcat. > yeah all 3 were from me - just look at crashcat at the user comments. i use "crashcat" there to identify my crashes
Assignee | ||
Comment 5•13 years ago
|
||
I reproduced this on 32bit linux with seed -1992972524
OS: Windows 7 → All
Assignee | ||
Comment 6•13 years ago
|
||
t2 = window.open(); t2.document.documentElement.childNodes.item(undefined).contentEditable = true; t2.getSelection().containsNode([], false); I reduced this on mac, fwiw.
Assignee | ||
Updated•13 years ago
|
Keywords: testcase-wanted → testcase
Updated•13 years ago
|
Crash Signature: [@ nsTypedSelection::ContainsNode(nsIDOMNode*, int, int*) ]
Comment 7•12 years ago
|
||
I think this is fixed but haven't narrowed down when.
Comment 8•11 years ago
|
||
WFM in recent Nightly builds on Linux64, OSX and Win7. Also in local ASan debug build on Linux64. I don't see any reports matching "nsTypedSelection::ContainsNode" in the past 4 weeks on crash-stats, in any version.
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: in-testsuite?
Resolution: --- → WORKSFORME
Comment 9•9 years ago
|
||
Landed a crashtest: https://hg.mozilla.org/integration/mozilla-inbound/rev/b8efd7688256
Group: core-security
Flags: in-testsuite? → in-testsuite+
Whiteboard: [sg:needinfo]
Reporter | ||
Comment 10•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/b8efd7688256
Assignee: nobody → bob
You need to log in
before you can comment on or make changes to this bug.
Description
•