Closed Bug 675492 Opened 9 years ago Closed 9 years ago

Crash with mouse over Forecastfox

Categories

(Core :: General, defect, critical)

x86_64
Windows 7
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla8

People

(Reporter: anttit, Assigned: hsivonen)

References

Details

(Keywords: crash, Whiteboard: [inbound])

Crash Data

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0a1) Gecko/20110730 Firefox/8.0a1
Build ID: 20110730030836

Steps to reproduce:

Mouse over Forecastfox


Actual results:

Crash


Expected results:

Forecastfox extension shows more info.
Nightly 110729 does not crash.

Nightly 110730 crashes:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0a1) Gecko/20110730 Firefox/8.0a1 ID:20110730030836 

https://crash-stats.mozilla.com/report/index/bp-3c5894cf-b095-4cc0-bd8e-56e402110731
Maybe related to/Dupe of Bug 675437.
Yes, I agree, it is related to that, did not find that bug..:-(
Severity: normal → critical
Crash Signature: [@ nsScriptableUnescapeHTML::ParseFragment(nsAString_internal const&, int, nsIURI*, nsIDOMElement*, nsIDOMDocumentFragment**) ]
Depends on: 675437
Keywords: crash
Product: Firefox → Core
QA Contact: general → general
Summary: Crash: nsScriptableUnescapeHTML::ParseFragment(nsAString_internal const&, int, nsIURI*, nsIDOMElement*, nsIDOMDocumentFragment**) → Crash with mouse over Forecastfox
Bug 675437 Fix is available in http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-inbound-win32/1312208046/ if anyone (Antti?) wants to check the Extension Case of this Report.
(In reply to comment #4)
> Comments on
> https://crash-stats.mozilla.com/report/
> list?signature=nsScriptableUnescapeHTML%3A%3AParseFragment%28nsAString_intern
> al%20const%26%2C%20int%2C%20nsIURI%2A%2C%20nsIDOMElement%2A%2C%20nsIDOMDocume
> ntFragment%2A%2A%29 suggest that this happens with all kinds of RSS feeds.
> 
> Henri, can you confirm that this is the same as bug 675437?

Based on stacks, it seems that this is different.
Assignee: nobody → hsivonen
Attachment #550056 - Flags: review?(bzbarsky)
Duplicate of this bug: 675925
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment on attachment 550056 [details] [diff] [review]
Null-check base URI in the HTML case

r=me
Attachment #550056 - Flags: review?(bzbarsky) → review+
Thanks. Pushed to inbound:
http://hg.mozilla.org/integration/mozilla-inbound/rev/78efa76773a6
Status: NEW → ASSIGNED
Flags: in-testsuite?
Whiteboard: [inbound]
http://hg.mozilla.org/mozilla-central/rev/78efa76773a6
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla8
Flags: in-testsuite? → in-testsuite+
Verifying Fixed using latest m-c hourly build based on:

http://hg.mozilla.org/mozilla-central/rev/c35c69e1ce99
Status: RESOLVED → VERIFIED
Added [@ nsScriptableUnescapeHTML::ParseFragment ] since that was the Mac and Linux specific signature for this crash.
Crash Signature: [@ nsScriptableUnescapeHTML::ParseFragment(nsAString_internal const&, int, nsIURI*, nsIDOMElement*, nsIDOMDocumentFragment**) ] → [@ nsScriptableUnescapeHTML::ParseFragment(nsAString_internal const&, int, nsIURI*, nsIDOMElement*, nsIDOMDocumentFragment**) ] [@ nsScriptableUnescapeHTML::ParseFragment ]
You need to log in before you can comment on or make changes to this bug.