superreview requested: [Bug 425253] stack overflow Marquee testcase from bug 239840 is crashing [@ ntdll.dll] Mozilla again : [Attachment 314446] fix

Robert O'Callahan (:roc) (reduced activity March 18 to April 9)
<roc@ocallahan.org> has asked David Baron [:dbaron] <dbaron@mozilla.com> for
superreview:
Bug 425253: stack overflow Marquee testcase from bug 239840 is crashing [@
ntdll.dll] Mozilla again
https://bugzilla.mozilla.org/show_bug.cgi?id=425253

Attachment 314446: fix
https://bugzilla.mozilla.org/attachment.cgi?id=314446&action=edit

------- Additional Comments from Robert O'Callahan (:roc) (reduced activity
March 18 to April 9) <roc@ocallahan.org>
The right fix is to propagate mReflowDepth through box layout. Right now
<marquee> effectively resets the reflow depth, making it trivial to subvert.
This fixes the bug and it seems pretty safe. I guess someone out there might
have a really deep frame tree...
0
bugzilla
4/8/2008 11:16:06 PM
mozilla.dev.super-review 29307 articles. 3 followers. Post Follow

0 Replies
619 Views

Similar Articles

[PageSpeed] 54

Reply:

Similar Artilces:

superreview requested: [Bug 303336] [FIX]stack overflow crash when I try to open an attachment with forwarded message : [Attachment 192770] Patch -- use a valid content type
David Bienvenu <bienvenu@nventure.com> has asked Scott MacGregor <mscott@mozilla.org> for superreview: Bug 303336: [FIX]stack overflow crash when I try to open an attachment with forwarded message https://bugzilla.mozilla.org/show_bug.cgi?id=303336 Attachment 192770: Patch -- use a valid content type https://bugzilla.mozilla.org/attachment.cgi?id=192770&action=edit ------- Additional Comments from David Bienvenu <bienvenu@nventure.com> Darin's on vacation - so I'm taking the liberty of switching the sr request to mscott - hope that's ok! ...

superreview requested: [Bug 353553] Firefox crashes on certain png images used in the css cursor property [@ ntdll.dll + 0x11e58] [@ JS_ArenaAllocate] : [Attachment 239498] this fixes the crash
Martijn Wargers <martijn.martijn@gmail.com> has asked Robert O'Callahan (Novell) <roc@ocallahan.org> for superreview: Bug 353553: Firefox crashes on certain png images used in the css cursor property [@ ntdll.dll + 0x11e58] [@ JS_ArenaAllocate] https://bugzilla.mozilla.org/show_bug.cgi?id=353553 Attachment 239498: this fixes the crash https://bugzilla.mozilla.org/attachment.cgi?id=239498&action=edit ------- Additional Comments from Martijn Wargers <martijn.martijn@gmail.com> Well, this wasn't meant as a real patch, this was just to indicate what I dis...

superreview requested: [Bug 309706] stack overflow crash [@ jpinscp.dll + 0xaa87] : [Attachment 201384] patch
Christian Biesinger (:bi) (reviews slower than usual) <cbiesinger@gmx.at> has asked Boris Zbarsky <bzbarsky@mit.edu> for superreview: Bug 309706: stack overflow crash [@ jpinscp.dll + 0xaa87] https://bugzilla.mozilla.org/show_bug.cgi?id=309706 Attachment 201384: patch https://bugzilla.mozilla.org/attachment.cgi?id=201384&action=edit ------- Additional Comments from Christian Biesinger (:bi) (reviews slower than usual) <cbiesinger@gmx.at> - adds some logging to nsObjectLoadingContent - calls (the new function) StopPlugin where needed - defaults all classes to...

superreview requested: [Bug 302118] issues with extensive HTML tables in combination with CSS [@ ntdll.dll] : [Attachment 194667] crash fix
Bernd <bernd_mozilla@gmx.de> has asked Boris Zbarsky <bzbarsky@mit.edu> for superreview: Bug 302118: issues with extensive HTML tables in combination with CSS [@ ntdll.dll] https://bugzilla.mozilla.org/show_bug.cgi?id=302118 Attachment 194667: crash fix https://bugzilla.mozilla.org/attachment.cgi?id=194667&action=edit ------- Additional Comments from Bernd <bernd_mozilla@gmx.de> Boris this is the thing that we talked on IRC last week. The usual suspects, the table background painter relies on correct column information. Nobody did that so strict before, so w...

superreview requested: [Bug 350754] Crash [@ ntdll.dll][@ nsFrameManager::GetPrimaryFrameFor] with xbl testcase : [Attachment 237213] Patch rev. 3
Mats Palmgren <mats.palmgren@bredband.net> has asked Boris Zbarsky <bzbarsky@mit.edu> for superreview: Bug 350754: Crash [@ ntdll.dll][@ nsFrameManager::GetPrimaryFrameFor] with xbl testcase https://bugzilla.mozilla.org/show_bug.cgi?id=350754 Attachment 237213: Patch rev. 3 https://bugzilla.mozilla.org/attachment.cgi?id=237213&action=edit ------- Additional Comments from Mats Palmgren <mats.palmgren@bredband.net> Nits fixed. ...

superreview requested: [Bug 350754] Crash [@ ntdll.dll][@ nsFrameManager::GetPrimaryFrameFor] with xbl testcase : [Attachment 236383] Patch rev. 1
Mats Palmgren <mats.palmgren@bredband.net> has asked Boris Zbarsky <bzbarsky@mit.edu> for superreview: Bug 350754: Crash [@ ntdll.dll][@ nsFrameManager::GetPrimaryFrameFor] with xbl testcase https://bugzilla.mozilla.org/show_bug.cgi?id=350754 Attachment 236383: Patch rev. 1 https://bugzilla.mozilla.org/attachment.cgi?id=236383&action=edit ------- Additional Comments from Mats Palmgren <mats.palmgren@bredband.net> This fixes both testcases. ...

superreview requested: [Bug 350754] Crash [@ ntdll.dll][@ nsFrameManager::GetPrimaryFrameFor] with xbl testcase : [Attachment 236603] Patch rev. 2
Mats Palmgren <mats.palmgren@bredband.net> has asked Boris Zbarsky <bzbarsky@mit.edu> for superreview: Bug 350754: Crash [@ ntdll.dll][@ nsFrameManager::GetPrimaryFrameFor] with xbl testcase https://bugzilla.mozilla.org/show_bug.cgi?id=350754 Attachment 236603: Patch rev. 2 https://bugzilla.mozilla.org/attachment.cgi?id=236603&action=edit ------- Additional Comments from Mats Palmgren <mats.palmgren@bredband.net> Moved to nsXBLService::LoadBindings() and walking GetBindingParent() chain. The first test: if (!bindingParent || aChild == bindingParent) { ...

superreview requested: [Bug 303484] Recursive spawning of alerts inside alerts causes crash/stack overflow/JS errors : [Attachment 192055] fix
Robert O'Callahan (Novell) <roc@ocallahan.org> has asked Brendan Eich <brendan@mozilla.org> for superreview: Bug 303484: Recursive spawning of alerts inside alerts causes crash/stack overflow/JS errors https://bugzilla.mozilla.org/show_bug.cgi?id=303484 Attachment 192055: fix https://bugzilla.mozilla.org/attachment.cgi?id=192055&action=edit ------- Additional Comments from Robert O'Callahan (Novell) <roc@ocallahan.org> This is the bulletproofing fix. With this, the testcase spawns a lot of activity but most of the alerts fail to show and the browser r...

superreview requested: [Bug 314549] Various bugs involving containers not actually fixed for subframes : [Attachment 229901] crash fix
Brian Ryner <bryner@gmail.com> has asked Boris Zbarsky <bzbarsky@mit.edu> for superreview: Bug 314549: Various bugs involving containers not actually fixed for subframes https://bugzilla.mozilla.org/show_bug.cgi?id=314549 Attachment 229901: crash fix https://bugzilla.mozilla.org/attachment.cgi?id=229901&action=edit ------- Additional Comments from Brian Ryner <bryner@gmail.com> yes. ...

superreview requested: [Bug 314549] Various bugs involving containers not actually fixed for subframes : [Attachment 229880] crash fix
Brian Ryner <bryner@gmail.com> has asked Boris Zbarsky <bzbarsky@mit.edu> for superreview: Bug 314549: Various bugs involving containers not actually fixed for subframes https://bugzilla.mozilla.org/show_bug.cgi?id=314549 Attachment 229880: crash fix https://bugzilla.mozilla.org/attachment.cgi?id=229880&action=edit ------- Additional Comments from Brian Ryner <bryner@gmail.com> Well that's what I get for merging the patch I posted, rather than the one I checked in (which has this as a strong ref, based on Boris's review comment about this exact situat...

superreview requested: [Bug 288790] [FIX]Crash [@ GetNearestContainingBlock] with this xbl testcase : [Attachment 196875] Fix
Boris Zbarsky <bzbarsky@mit.edu> has asked David Baron <dbaron@mozillafoundation.org> for superreview: Bug 288790: [FIX]Crash [@ GetNearestContainingBlock] with this xbl testcase https://bugzilla.mozilla.org/show_bug.cgi?id=288790 Attachment 196875: Fix https://bugzilla.mozilla.org/attachment.cgi?id=196875&action=edit ------- Additional Comments from Boris Zbarsky <bzbarsky@mit.edu> So nsCSSFrameConstructor::ContentRemoved is just confused. It should just be using the parent of the primary frame, instead of looking for insertion points, since that parent _is...

superreview requested: [Bug 280463] Crash on delete from address book sidebar after search : [Attachment 173208] Patch to fix crash and bug 152133
Mark Banner <mark@standard8.demon.co.uk> has asked Scott MacGregor <mscott@mozilla.org> for superreview: Bug 280463: Crash on delete from address book sidebar after search https://bugzilla.mozilla.org/show_bug.cgi?id=280463 Attachment 173208: Patch to fix crash and bug 152133 https://bugzilla.mozilla.org/attachment.cgi?id=173208&action=edit ...

superreview requested: [Bug 208920] If the Print command is issued, the browser crashes : [Attachment 134747] final fixes from camino branch which fix bug
Mike Pinkerton <pinkerton@aol.net> has asked Simon Fraser <sfraser@aol.net> for superreview: Bug 208920: If the Print command is issued, the browser crashes http://bugzilla.mozilla.org/show_bug.cgi?id=208920 Attachment 134747: final fixes from camino branch which fix bug http://bugzilla.mozilla.org/attachment.cgi?id=134747&action=edit ------- Additional Comments from Mike Pinkerton <pinkerton@aol.net> need r/sr for changes leftover from camino branch. ...

superreview requested: [Bug 315127] Crash [@ ntdll.dll + 0x2ae22] : [Attachment 202038] partial backout of attachment 201686
Robert O'Callahan (Novell) <roc@ocallahan.org> has asked David Baron <dbaron@mozilla.com> for superreview: Bug 315127: Crash [@ ntdll.dll + 0x2ae22] https://bugzilla.mozilla.org/show_bug.cgi?id=315127 Attachment 202038: partial backout of attachment 201686 https://bugzilla.mozilla.org/attachment.cgi?id=202038&action=edit ------- Additional Comments from Robert O'Callahan (Novell) <roc@ocallahan.org> This just reverses part of attachment 201686 so we go back to allocating nsDirectionalFrame on the heap. This fixes the crash. It's a trivial patch. ...

superreview requested: [Bug 245066] [internal] nsPop3Protocol.cpp, back out fix for bug #157644, since david has fixed the problem another way (bug #229374) : [Attachment 156344] proposed fix
David Bienvenu <bienvenu@nventure.com> has asked Scott MacGregor <mscott@mozilla.org> for superreview: Bug 245066: [internal] nsPop3Protocol.cpp, back out fix for bug #157644, since david has fixed the problem another way (bug #229374) http://bugzilla.mozilla.org/show_bug.cgi?id=245066 Attachment 156344: proposed fix http://bugzilla.mozilla.org/attachment.cgi?id=156344&action=edit ...

Web resources about - superreview requested: [Bug 425253] stack overflow Marquee testcase from bug 239840 is crashing [@ ntdll.dll] Mozilla again : [Attachment 314446] fix - mozilla.dev.super-review

Resources last updated: 1/19/2016 9:35:58 AM