Closed
Bug 192408
Opened 22 years ago
Closed 20 years ago
crash on page load ----- illegal SplitLine on block line [@ nsStyleContext::GetStyleData ]
Categories
(Core :: Layout: Block and Inline, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: ervin.nemeth+org.mozilla.bugzilla, Unassigned)
References
()
Details
(Keywords: crash, testcase, topcrash-)
Crash Data
Attachments
(2 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030207 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030207 Mozilla is crashing on loading this page. Exception: if I Mozilla is launched with this URL as a parameter, it just hangs (full CPU consumption). Reproducible: Always Steps to Reproduce:
|
||
Comment 2•22 years ago
|
||
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3b) Gecko/20030208 TB17043980W TB17043310W maybe
This is something with block and line layout
###!!! ASSERTION: illegal SplitLine on block line: 'aLine->IsInline()', file c:/
moz_sour/mozilla/mozilla/layout/html/base/src/nsBlockFrame.cpp, line 4105
nsDebug::Assertion(const char * 0x014c0e28, const char * 0x014c0e14, const char
* 0x014c0dd0, int 0x00001009) line 280 + 13 bytes
nsDebug::AbortIfFalse(const char * 0x014c0e28, const char * 0x014c0e14, const
char * 0x014c0dd0, int 0x00001009) line 391 + 21 bytes
nsBlockFrame::SplitLine(nsBlockReflowState & {...}, nsLineLayout & {...},
nsLineList_iterator {...}, nsIFrame * 0x02730114) line 4105 + 45 bytes
nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineLayout &
{...}, nsLineList_iterator {...}, nsIFrame * 0x02746870, unsigned char *
0x0091d7d0) line 3967 + 28 bytes
nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState & {...}, nsLineLayout &
{...}, nsLineList_iterator {...}, int * 0x0091def0, unsigned char * 0x0091dca4,
int 0x00000000, int 0x00000001) line 3729 + 32 bytes
nsBlockFrame::DoReflowInlineFramesAuto(nsBlockReflowState & {...},
nsLineList_iterator {...}, int * 0x0091def0, unsigned char * 0x0091dca4, int
0x00000000, int 0x00000001) line 3631 + 46 bytes
nsBlockFrame::ReflowInlineFrames(nsBlockReflowState & {...}, nsLineList_iterator
{...}, int * 0x0091def0, int 0x00000001, int 0x00000000) line 3575 + 36 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineList_iterator {...},
int * 0x0091def0, int 0x00000001) line 2665 + 33 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2311 + 31 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x02740764, nsIPresContext *
0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0x00000000) line 943 + 15 bytes
nsBlockReflowContext::ReflowBlock(const nsRect & {...}, int 0x00000001,
nsCollapsingMargin & {...}, int 0x00000001, nsMargin & {...}, nsHTMLReflowState
& {...}, unsigned int & 0x00000000) line 546 + 42 bytes
nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineList_iterator
{...}, int * 0x0091ea78) line 3331 + 56 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineList_iterator {...},
int * 0x0091ea78, int 0x00000001) line 2529 + 27 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2311 + 31 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x02740578, nsIPresContext *
0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0x00000000) line 943 + 15 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x02740578, nsIPresContext *
0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int
0x00000000, int 0x00000000, unsigned int 0x00000000, unsigned int & 0x00000000)
line 960 + 31 bytes
CanvasFrame::Reflow(CanvasFrame * const 0x0275ba98, nsIPresContext * 0x0262b9c0,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 590
nsBoxToBlockAdaptor::Reflow(nsBoxLayoutState & {...}, nsIPresContext *
0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0x00000000, int 0x00000000, int 0x00000000, int 0x000023dc, int
0x00001176, int 0x00000001) line 902
nsBoxToBlockAdaptor::DoLayout(nsBoxToBlockAdaptor * const 0x027404e0,
nsBoxLayoutState & {...}) line 646 + 46 bytes
nsBox::Layout(nsBox * const 0x027404e0, nsBoxLayoutState & {...}) line 1074
nsScrollBoxFrame::DoLayout(nsScrollBoxFrame * const 0x0275bec4, nsBoxLayoutState
& {...}) line 361
nsBox::Layout(nsBox * const 0x0275bec4, nsBoxLayoutState & {...}) line 1074
nsContainerBox::LayoutChildAt(nsBoxLayoutState & {...}, nsIBox * 0x0275bec4,
const nsRect & {...}) line 643 + 16 bytes
nsGfxScrollFrameInner::LayoutBox(nsBoxLayoutState & {...}, nsIBox * 0x0275bec4,
const nsRect & {...}) line 1153 + 17 bytes
nsGfxScrollFrameInner::Layout(nsBoxLayoutState & {...}) line 1308
nsGfxScrollFrame::DoLayout(nsGfxScrollFrame * const 0x0275bda4, nsBoxLayoutState
& {...}) line 1161 + 15 bytes
nsBox::Layout(nsBox * const 0x0275bda4, nsBoxLayoutState & {...}) line 1074
nsBoxFrame::Reflow(nsBoxFrame * const 0x0275bd6c, nsIPresContext * 0x0262b9c0,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 902
nsGfxScrollFrame::Reflow(nsGfxScrollFrame * const 0x0275bd6c, nsIPresContext *
0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0x00000000) line 845 + 25 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x0275bd6c, nsIPresContext *
0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int
0x00000000, int 0x00000000, unsigned int 0x00000000, unsigned int & 0x00000000)
line 960 + 31 bytes
ViewportFrame::Reflow(ViewportFrame * const 0x0275b988, nsIPresContext *
0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0x00000000) line 299 + 43 bytes
IncrementalReflow::Dispatch(nsIPresContext * 0x0262b9c0, nsHTMLReflowMetrics &
{...}, const nsSize & {...}, nsIRenderingContext & {...}) line 894
PresShell::ProcessReflowCommands(int 0x00000001) line 6489
ReflowEvent::HandleEvent() line 6334
HandlePLEvent(ReflowEvent * 0x0269a060) line 6348
PL_HandleEvent(PLEvent * 0x0269a060) line 663 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00c80c00) line 593 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x00000754, unsigned int 0x0000de7c, unsigned int
0x00000000, long 0x00c80c00) line 1385 + 9 bytes
KERNEL32! bff7363b()
KERNEL32! bff94407()
00918cce()
Status: UNCONFIRMED → NEW
Component: Browser-General → Layout: Block & Inline
Ever confirmed: true
Summary: crash on page load → crash on page load ----- illegal SplitLine on block line
|
||
Comment 5•22 years ago
|
||
wfm using build 20020130 (CVS) and 2003020805 on Linux.
|
||
Comment 6•22 years ago
|
||
|
|
||
Comment 7•22 years ago
|
||
does patch for bug 154751 help here ?
Summary: crash on page load ----- illegal SplitLine on block line → crash on page load ----- illegal SplitLine on block line [@ nsStyleContext::GetStyleData ]
If you look at the code, it's clear this shouldn't happen with the stack given. I suspect some sort of memory corruption issue. The page loads fine, without any assertions, when running under valgrind. (Even looking at the memory in gdb a few runs before made my unsure why IsInline was false.)
Valgrind + no frame arena --> still, no assertions or crash. However, no frame arena, but normal debug build, leads to crash in nsObjectFrame code accessing an nsObjectFrame that looks like it's been deleted. I suspect this may be a duplicate of bug 136927.
It's not a duplicate of bug 136927. However, it may be some weird interaction between WipeContainingBlock and plugins, or just some problem with WipeContainingBlock. I'm having trouble reproducing the crash again...
|
||
Comment 12•22 years ago
|
||
linux trunk 20030208 crashes loading this
|
|
||
Updated•22 years ago
|
Attachment #113970 -
Attachment mime type: text/plain → text/html
|
||
Comment 13•22 years ago
|
||
build 2003020908 WinXP crashes too but without a talback report
|
||
Comment 14•22 years ago
|
||
This is a topcrash on M30B. Marking topcrash+ since there is a testcase.
Keywords: topcrash+
I doubt it's this particular crash. There are lots of separate bugs that cause crashes in GetStyleData.
Keywords: topcrash+
Keywords: topcrash
|
|
||
Comment 16•22 years ago
|
||
This stack matches the second stack given in the attachment on comment #6. Is that one relevant to this bug?
|
|
||
Comment 17•22 years ago
|
||
The stack from my comment #6 is from this bug (crash with an optimized build with symbols from the URL in the bug header). My debug doesn't crash but you get assertions (see Bernd's stack in comment #3 from the first assertion in a debug build). dbaron means AFAIK that there are more than one bug that results in this stack trace.
|
||
Comment 18•22 years ago
|
||
*** Bug 194168 has been marked as a duplicate of this bug. ***
|
||
Comment 19•21 years ago
|
||
Although we have a testcase, I'm going to mark this topcrash-. I only see 1 incident in Mozilla 1.3 Beta Talkback data...and only 1 incident with recent MozillaTrunk builds.
|
||
Comment 20•20 years ago
|
||
WFM. Opening http://krystalle.free.fr/magie.htm without problems. Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7b) Gecko/20040331 Microsoft Windows 2000 Professional 5.00.2195 SP4
|
Reporter | |
Comment 21•20 years ago
|
||
Sure, me too. Why is this bug still open?
|
|
||
Comment 22•20 years ago
|
||
both URL and testcase wfm using 20040328 + QT 6.5 on Win2k. Anyone still crashing, please reopen
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
|
||
Comment 23•15 years ago
|
||
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/afc662d52ab1
Flags: in-testsuite+
|
||
Updated•13 years ago
|
Crash Signature: [@ nsStyleContext::GetStyleData ]
You need to log in
before you can comment on or make changes to this bug.
Description
•