Firefox crashes because empty document is used during reflow: Program received signal SIGSEGV, Segmentation fault. 0x00002aaab9026626 in nsObjectFrame::CreateDefaultFrames (this=0x435a120, aPresContext=0x6240250, aMetrics=@0x7fff4123e750, aReflowState=@0x7fff4123e640) at nsObjectFrame.cpp:1559 1559 getter_AddRefs(anchor)); (gdb) bt #0 0x00002aaab9026626 in nsObjectFrame::CreateDefaultFrames (this=0x435a120, aPresContext=0x6240250, aMetrics=@0x7fff4123e750, aReflowState=@0x7fff4123e640) at nsObjectFrame.cpp:1559 #1 0x00002aaab90279d5 in nsObjectFrame::Reflow (this=0x435a120, aPresContext=0x6240250, aMetrics=@0x7fff4123e750, aReflowState=@0x7fff4123e640, aStatus=@0x7fff4123ee1c) at nsObjectFrame.cpp:1023 #2 0x00002aaab901b01a in nsLineLayout::ReflowFrame (this=0x7fff4123f000, aFrame=0x435a120, aReflowStatus=@0x7fff4123ee1c, aMetrics=0x0, aPushedFrame=@0x7fff4123e8e4) at nsLineLayout.cpp:995 nsObjectFrame.cpp: // first, we need to get the document nsIDocument *doc = mContent->GetDocument(); nsIPresShell *shell = aPresContext->GetPresShell(); nsStyleSet *styleSet = shell->StyleSet(); nsCOMPtr<nsIHTMLDocument> htmldoc(do_QueryInterface(doc)); PRInt32 id; if (htmldoc && !doc->IsCaseSensitive()) id = kNameSpaceID_None; else id = kNameSpaceID_XHTML; nsCOMPtr<nsIContent> anchor; nsresult rv = doc->CreateElem(nsHTMLAtoms::a, nsnull, id, htmldoc != nsnull, getter_AddRefs(anchor)); (gdb) p doc $9 = (nsIDocument *) 0x0
Created attachment 297784 [details] proposed patch
Created attachment 297785 [details] full backtrace
Hi, firefox-1.5.0.12-13.el5_1 appears to have fixed the cnbc.com bug I mentioned on bug #433823 comment 31 and is supposed to be fixed in this bug. Thanks for the rapid help! daryl
I note that the recently released firefox-1.5.0.12-14.el5_1 seems to not have this fix included. Is that because the problem has been corrected in a different way or did it get lost because of the security updates? A quick check shows that the same patch seems to apply cleanly if added into the specfile...
Should be fixed by the latest Firefox 3 errata.