155970 - [RR]mozilla crashes on resizing fonts

Status: RESOLVED FIXED

(Core :: Layout, defect, P2)

Description

[Lev Povalahev]

Go to www.opengl.org, wait for the page to load, press (ctrl -), the fonts get
smaller, press it one more time and mozilla crashes (every time).

using the latest build(2002070404)

Comment 1

[Nicholas Allen]

I'm seeing this too on Win2k 0704.  I had to increase font size with ctrl + 
before decreasing in order to see the crash.

Talkback TB8037943G

Comment 2

[Bill Mason]

Also crashed in 2002070408 PC/Win98.  Talkback ID TB8038956H

Interestingly, I was able to size the fonts down 4 or 5 times without a problem.
 As soon as I went back up one font size, it crashed.

Comment 3

[Andrew Schultz]

sounds like bug 155445, although that bug is crashing in Linux-specific territory.

Comment 4

[R.K.Aa.]

top of (long) stack from a day old linux CVS, non-debug with symbols:

#0  0x00000083 in ?? ()
#1  0x416114ac in nsLineLayout::ReflowFrame () from libgklayout.so
#2  0x4160db7f in nsInlineFrame::ReflowInlineFrame () from libgklayout.so
#3  0x4160d817 in nsInlineFrame::ReflowFrames () from libgklayout.so
#4  0x4160d69c in nsInlineFrame::Reflow () from libgklayout.so
#5  0x41610ec1 in nsLineLayout::ReflowFrame () from libgklayout.so
#6  0x415e47e0 in nsBlockFrame::ReflowInlineFrame () from libgklayout.so
#7  0x415e45e8 in nsBlockFrame::DoReflowInlineFrames () from libgklayout.so

seems to happen in layout - changing component

Comment 5

[R.K.Aa.]

Attachment: full non-dbug backtrace. Day old CVS, Linux

Comment 6

[R.K.Aa.]

forgot: got the crash first when i sized the fonts UP again
(hitting "ctrl +" after some "ctrl -")

Comment 7

[Andre Guibert de Bruet]

I've run into this problem on a FreeBSD 4.6-STABLE box using the latest nightlies.
I ran mozilla through gdb and managed to get a backtrace. I put the log up at
http://siliconlandmark.com/staff/andre/mozilla-slashdot.org-fontresize.sigbus.txt

I've managed to reproduce this crash on XP, NT, 2k, Linux and FreeBSD.

Comment 8

[Andrew Schultz]

Attachment: stack with symbols

debug build complains as follows while loading the page:
WARNING: aFrame is already associated with a region, file nsSpaceManager.cpp,
line 792
###!!! ASSERTION: bad floater placement: 'NS_SUCCEEDED(rv)', file
nsBlockReflowState.cpp, line 1029   (a lot of this)

when I increase font size, it says:
###!!! ASSERTION: unexpected flow: 'mFrames.ContainsFrame(nextInFlow)', file
nsInlineFrame.cpp, line 518
###!!! ASSERTION: failed to remove frame: 'result', file nsContainerFrame.cpp,
line 983
###!!! ASSERTION: non null next-in-flow: 'nsnull == nextInFlow', file
nsContainerFrame.cpp, line 997

Comment 9

[Andrew Schultz]

Attachment: testcase

make fonts bigger (ctrl +), make fonts smaller (ctrl -) ==> crash

Comment 10

[Andrew Schultz]

regression between linux trunk build 2002061304 and 2002061408
(branch 20020703 is ok)
OS=>All

Comment 11

[Andrew Schultz]

backing out 1 line from the patch for bug 148399 (the change to line 528 of
nsInlineFrame.cpp) fixes the testcase and the URL.  however, it also brings back
148399, so it is probably correct and the problem lies elsewhere.

with that one line changed, the ASSERTIONs still appear during page load, but
there are no ASSERTIONs when the font size is changed.

Comment 12

[Chris Petersen]

Reproduces on OS X trunk (2002-07-10-08).

Comment 13

[Andrew Schultz]

this seems to be a regression from bug 145305 + bug 148399

CVS build 20020529 - patch for bug 145305 does not crash.
CVS build 20020529 does not crash.
CVS build 20020529 + patch for bug 148399 does crash.

cc'ing karnaze

Comment 14

[Kevin McCluskey (gone)]

-> karnaze

Comment 15

[leon.zhang]

very suprised
I didn't find crash in solaris 5.8 + trunk20020718

Comment 16

[Lev Povalahev]

It does not crash for me also with 20020727 on WinXP, seems fixed?? 

Comment 17

[Andrew Schultz]

the testcase was fixed by bug 154741
the URL does not crash current builds, but also does not crash older builds that
used to crash, so the URL probably changed.

marking FIXED by bug 154741