Closed
Bug 657455
Opened 13 years ago
Closed 13 years ago
Stack overflow in [@ nsGenericElement::UnbindFromTree(int, int) ] (4.0 and 6.0) / [@ nsXMLElement::UnbindFromTree(int, int) ] (5.0)
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
DUPLICATE
of bug 485941
People
(Reporter: iiiiikolor, Unassigned)
References
()
Details
(Keywords: crash, reproducible, stackwanted)
Crash Data
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Build Identifier: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 This www make crash .please fix Firefox .All version are crash . Reproducible: Always Actual Results: http://niebezpiecznik.pl/PoC/Firefox_3.6/poc.html Expected Results: http://niebezpiecznik.pl/PoC/Firefox_3.6/poc.html http://niebezpiecznik.pl/PoC/Firefox_3.6/poc.html
I have trying and all Version Firefox was die . http://niebezpiecznik.pl/PoC/Firefox_3.6/poc.html http://niebezpiecznik.pl/PoC/Opera_10.10/poc.html
|
||
Comment 4•13 years ago
|
||
I crashed on Nightly on Win7.
|
|
||
Updated•13 years ago
|
Keywords: crash
Product: Firefox → Core
QA Contact: firefox → toolkit
Summary: http://niebezpiecznik.pl/PoC/Firefox_3.6/poc.html → Crash visiting page http://niebezpiecznik.pl/PoC/Firefox_3.6/poc.html
Version: unspecified → Trunk
|
||
Comment 5•13 years ago
|
||
Crashes with "Segmentation fault", but I don't get any Crash Reporter. Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17
|
|
||
Comment 6•13 years ago
|
||
Probably just a long-shot, but something makes me associate to bug 656244 even if they are not very similar.
|
|
||
Comment 7•13 years ago
|
||
Pawel and Brian, do get any entries in about:crashes? If so, then please post the Report IDs here. https://developer.mozilla.org/en/How_to_get_a_stacktrace_for_a_bug_report
Keywords: stackwanted
|
|
||
Comment 8•13 years ago
|
||
Reproduced with Segmentation fault. Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110516 Firefox/6.0a1 The Crash Reporter did not get activated this time either, but my fresh, untouched settings says "Submit crash reports".
|
|
||
Updated•13 years ago
|
OS: Windows XP → All
Hardware: x86 → All
|
|
||
Comment 9•13 years ago
|
||
bp-cf0ae8c2-50de-435d-ae47-678472110516 bp-f64023c2-8466-471f-b76b-ede462110516
|
|
||
Comment 10•13 years ago
|
||
Note that in one crash I was at http://niebezpiecznik.pl/PoC/Firefox_4.0/poc.html, but I visited http://niebezpiecznik.pl/PoC/Firefox_3.6/poc.html right beforehand. So, that crash might have also have been caused by http://niebezpiecznik.pl/PoC/Firefox_4.0/poc.html
|
|
||
Comment 11•13 years ago
|
||
bp-6938725d-99d0-4aa8-9c2e-7246c2110516 bp-2f483f94-db1b-4f8a-9d23-656b02110516 Bug 561277 is also in UnbindFromTree.
Component: Security → DOM: Core & HTML
QA Contact: toolkit → general
See Also: → 561277
Summary: Crash visiting page http://niebezpiecznik.pl/PoC/Firefox_3.6/poc.html → Stack overflow in nsGenericElement::UnbindFromTree(int, int) / nsXMLElement::UnbindFromTree
|
|
||
Comment 12•13 years ago
|
||
See also Bug 480300, another crash in UnbindFromTree.
|
|
||
Comment 13•13 years ago
|
||
My little crash party! :-) All crashes while visiting http://niebezpiecznik.pl/PoC/Firefox_3.6/poc.html using Windows XP SP3. Reproduced. [@ nsGenericElement::UnbindFromTree(int, int) ] Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 bp-5980ca8c-bb4e-4f35-8864-6dac82110516 bp-cf9bf184-ba26-4d4b-8c09-486982110516 bp-a1fc4c86-f609-4eb5-8221-79b092110516 Reproduced. [@ nsXMLElement::UnbindFromTree(int, int) ] Mozilla/5.0 (Windows NT 5.1; rv:5.0a2) Gecko/20110516 Firefox/5.0a2 bp-390e2002-aa14-4a61-93b8-b90282110516 bp-20369c2b-b38e-40cd-bf14-422b52110516 bp-17563d05-f950-4685-a0a5-aa6112110516 Reproduced. [@ nsGenericElement::UnbindFromTree(int, int) ] Mozilla/5.0 (Windows NT 5.1; rv:6.0a1) Gecko/20110516 Firefox/6.0a1 bp-776e1daa-5de6-438f-bcd2-0cc6b2110516 bp-5861147f-cbc1-41e9-a858-31b012110516 bp-f18a8c29-3a81-4e96-8d64-11a602110516 If I use Windows on my slow laptop I get a crash immediately every time and the Crash Reporter works. If I use Linux on my powerful workstation I have to work harder and run the stress program in a shell while reloading the page. Within a minute or so Firefox crashes with Segmentation fault - but the Crash Reporter does not get activated.
|
Reporter | |
Comment 14•13 years ago
|
||
"Thomas Ahlblom " sorry my English is basic but I give you my links to crash . https://crash-stats.mozilla.com/report/index/f0b2f284-8532-476d-9f93-ac0f62110516
|
||
Updated•13 years ago
|
Keywords: reproducible
Summary: Stack overflow in nsGenericElement::UnbindFromTree(int, int) / nsXMLElement::UnbindFromTree → Stack overflow in [@ nsGenericElement::UnbindFromTree(int, int) ] (4.0 and 6.0) / [@ nsXMLElement::UnbindFromTree(int, int) ] (5.0)
|
||
Updated•13 years ago
|
Severity: normal → critical
|
|
||
Comment 15•13 years ago
|
||
This is the usual "recursive algorithms can run out of stack" issue.
Whiteboard: DUPEME
|
|
Reporter | |
Comment 16•13 years ago
|
||
Ok Tell my why people from "Mozilla" don't repair this mistake.
|
||
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
|
|
Reporter | |
Comment 18•13 years ago
|
||
If you say this bug is Duplicate .Why nobody from Mozilla not fix this BUG .All firefox is crash constantly .
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@ nsGenericElement::UnbindFromTree(int, int) ]
[@ nsXMLElement::UnbindFromTree(int, int) ]
|
|
Reporter | |
Comment 19•13 years ago
|
||
ok if I will be programmer .But I'm plumber .That is reason .
Crash Signature: [@ nsGenericElement::UnbindFromTree(int, int) ]
[@ nsXMLElement::UnbindFromTree(int, int) ] → [@ nsGenericElement::UnbindFromTree(int, int) ]
[@ nsXMLElement::UnbindFromTree(int, int) ]
You need to log in
before you can comment on or make changes to this bug.
Description
•