Reproducible crashes in nsRuleNode::GetStyleTextReset (Firefox crashes when enter on a determined page or interacts with it)

NEW
Unassigned

Status

()

Core
CSS Parsing and Computation
--
critical
6 years ago
6 years ago

People

(Reporter: David Ruiz, Unassigned)

Tracking

({crash, reproducible})

Trunk
crash, reproducible
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
Created attachment 620271 [details]
Screenshot on ubuntu with --debug option.

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19

Steps to reproduce:

Enter in following page (it's a snapshot of original site):
http://office.daveruiz.net/firefox-crash/

Try to press vote/unvote button repeatedly


Actual results:

70% time firefox crashes on page load. 100% time crashes when interacts with it.
Safe mode crashes too. Any SO. Several FF versions was tested.

Firefox --debug returns following error:
Program received signal SIGSEGV, Segmentation fault.
0xb629913d in ?? () from /usr/lib/firefox-8.0/libxul.so


Expected results:

No crash!!
(Reporter)

Updated

6 years ago
OS: Windows 7 → All
Hardware: x86_64 → All
Confirmed on MacOS X with FF13.
http://crash-stats.mozilla.com/report/index/bp-1c409985-266d-438e-95d5-2f4f92120502
Status: UNCONFIRMED → NEW
Ever confirmed: true
Cc-ing dbaron, it looks like the code belongs to him.
Summary: Firefox crashes when enter on a determined page or interacts with it → Reproducible crashes in nsRuleNode::GetStyleTextReset (Firefox crashes when enter on a determined page or interacts with it)
Component: Untriaged → Style System (CSS)
Product: Firefox → Core
QA Contact: untriaged → style-system

Comment 4

6 years ago
It crashes on Windows 7: bp-7c4a9dfd-d053-4bfe-9b0d-b537b2120502
Severity: normal → critical
Crash Signature: [@ nsRuleNode::GetStyleTextReset] [@ nsRuleNode::GetStyleTextReset(nsStyleContext*, bool)]
Keywords: crash, reproducible
Version: unspecified → Trunk
I see the crash without valgrind, but it doesn't seem to crash (or show valgrind warnings) when running under valgrind (and with the frame arena disabled).
(Reporter)

Comment 6

6 years ago
Is there any way to prevent this bug, while it is resolved? Or is it too early? Thank you all.
We don't know yet.

But please leave the testcase up (and unmodified) until we figure it out.
(Reporter)

Comment 8

6 years ago
Ok. Don't worry about that
(Reporter)

Comment 9

6 years ago
Just today I'm having problems with my connection. I uploaded a mirror here: http://www.daveruiz.net/firefox-crash/
Sorry about inconvenience
(Reporter)

Comment 10

6 years ago
We did some tests and we managed to prevent crash Firefox. In the css file ui-styles.css, line 384, we have removed "vertical-align:-.1em" and apparently the page is no longer causing problems. I hope that helps you find the cause.
You need to log in before you can comment on or make changes to this bug.