As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact
Last Comment Bug 761021 - cross_fuzz crash in mozilla::SVGStringList::GetValue
: cross_fuzz crash in mozilla::SVGStringList::GetValue
: crash
Product: Core
Classification: Components
Component: SVG (show other bugs)
: unspecified
: All Mac OS X
: -- critical (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
: Jet Villegas (:jet)
Depends on: 761507
  Show dependency treegraph
Reported: 2012-06-03 13:27 PDT by Chris Peterson [:cpeterson]
Modified: 2012-06-08 12:07 PDT (History)
0 users
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description User image Chris Peterson [:cpeterson] 2012-06-03 13:27:16 PDT
This bug was filed from the Socorro interface and is 
report bp-014afbd0-bde8-4687-9168-a03d72120603 .

Also these crash reports:

1. Load "cross_fuzz" browser stress test:

2. Wait 5-10 minutes.

Crash in mozilla::SVGStringList::GetValue(). I was able to reproduce this same cross_fuzz crash 3 times today.

Frame 	Module 	Signature 	Source
0 	XUL 	mozilla::SVGStringList::GetValue 	nsTArray.h:192
1 	XUL 	nsAttrValue::ToString 	nsAttrValue.cpp:601
2 	XUL 	nsGenericElement::GetAttr 	nsGenericElement.cpp:5427
3 	XUL 	nsDOMAttribute::GetValue 	nsDOMAttribute.cpp:160
4 	XUL 	nsDOMAttribute::SetMap 	nsDOMAttribute.cpp:93
5 	XUL 	RemoveMapRef 	nsDOMAttributeMap.cpp:40
6 	XUL 	PL_DHashTableEnumerate 	pldhash.cpp:715 

Frame 	Module 	Signature 	Source
0 	XUL 	mozilla::SVGStringList::GetValue 	nsTArray.h:192
1 	XUL 	nsAttrValue::ToString 	nsAttrValue.cpp:601
2 	XUL 	nsGenericElement::CopyInnerTo 	nsGenericElement.cpp:5120
3 	XUL 	nsSVGSVGElement::Clone 	nsSVGSVGElement.cpp:193
4 	XUL 	nsNodeUtils::CloneAndAdopt 	nsNodeUtils.cpp:438
5 	XUL 	nsNodeUtils::CloneAndAdopt 	nsNodeUtils.cpp:559
6 	XUL 	nsNodeUtils::CloneAndAdopt 	nsNodeUtils.cpp:559
7 	XUL 	nsDocument::ImportNode 	nsNodeUtils.h:272
8 	XUL 	nsIDOMDocument_ImportNode 	dom_quickstubs.cpp:3391
9 	XUL 	js::InvokeKernel 	jscntxtinlines.h:395
10 	XUL 	js::Invoke 	jsinterp.h:125
Comment 1 User image Chris Peterson [:cpeterson] 2012-06-04 00:32:23 PDT
More cross_fuzz crashes in SVGStringList:
Comment 2 User image Chris Peterson [:cpeterson] 2012-06-04 08:46:54 PDT
Comment 3 User image Robert Longson 2012-06-05 10:41:37 PDT
I imagine the patch in bug 761507 will fix this.
Comment 4 User image Robert Longson 2012-06-07 22:56:03 PDT
Is this fixed now?
Comment 5 User image Chris Peterson [:cpeterson] 2012-06-08 12:07:46 PDT
I think this crash has been fixed. I've been running the cross_fuzz test for 30 minutes without crashing.

Note You need to log in before you can comment on or make changes to this bug.