Closed Bug 925984 Opened 12 years ago Closed 12 years ago

Crash with Stylish add-on when anonymous DIV is second parameter

Categories

(Core :: CSS Parsing and Computation, defect)

Product:
Core
Component:
CSS Parsing and Computation
Version:
24 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 541506

People

(Reporter: a.eibach, Unassigned)

Details

(Keywords: crash, testcase)

Attachments

(1 file)

FULL backtrace with gdb, using debug build of FF 24
134.30 KB, text/plain
Details
This is yet another Stylish problem, similar to the one reported in bug 541506. Back then, the user was told to report this problem to the add-on author, and not to Mozilla, but back then, the user didn't provide a true backtrace, either. :) I've followed the steps described here: https://wiki.ubuntu.com/MozillaTeam/Bugs#Crashes since I'm on a Ubuntu "remix" as well (i. e. Lubuntu). Reproduction of the crash: - 0. (Precondition) Have Stylish add-on installed: https://addons.mozilla.org/en-US/firefox/addon/stylish/?src=external-userstyleshome - 1. Create a new web-site-specific Style with Stylish (in Add-on Manager, on top left) and paste this short bit: (took me2 hours to narrow down, yes I'm serious) --begin snip---- @-moz-document regexp('http://(www\\.)?watzatsong\\.com.*') { #comment-form div { position: absolute; left: 100px ! important; font-size: 14px ! important; } } --- end snip --- 3. Go to http://watzatsong.com/en (music-related site) - make sure the "CSS patch" is activated for the site - and click on the wide 'Answer' button. It will crash instantly. ------------- NOTE THIS !! ------------- "#comment-form div". This has a 'div' as a SECOND parameter. And now let's look again at bug 541506: --- td.headerbg div --- Again, a div as a second parameter! Once I remove the div, no more crash. This definitely looks related IMHO.
Keywords: crash, testcase
Version: unspecified → 24 Branch
Sure. It's the same problem: Stylish is violating internal layout invariants. In particular, it's fucking up the internals of text inputs in ways they don't expect. It shouldn't be doing that!
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
No it shouldn't be doing that, but actually I'm glad that it currently does do that, since this will make FF more error-proof. No matter how weird the stuff is that Stylish may be doing there, FF should still be made immune against that. Plus, the "No such file or directory" denotes that FF was looking for something in the code, that wasn't there? Or not?
Resolution: DUPLICATE → INVALID
Hey is this a bug in new UI? Why is INVALID preset if it's already DUPLICATE? That happened through my comment. Restored old setting from comment 1. Sheesh...
Resolution: INVALID → DUPLICATE
> FF should still be made immune against that. No. Stylish is explicitly hooking into privileged parts of the style system that are allowed to do dangerous things. Those are exposed to addons because sometimes they do need to tweak things in there, but Stylish is throwing arbitrary user styles in there. > Plus, the "No such file or directory" denotes that FF was looking for something in the > code It just means GDB is looking for the Firefox source files, which you don't have on your machine in the path where it's looking for them.
Yes? So I will change the title to something more sensible. Thought it would give some actual indication where to start looking...
Summary: Crash with Stylish add-on: nsSelection.cpp: No such file or directory → Crash with Stylish add-on when DIV is second parameter
Summary: Crash with Stylish add-on when DIV is second parameter → Crash with Stylish add-on when anonymous DIV is second parameter
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: