Closed
Bug 192408
Opened 22 years ago
Closed 20 years ago
crash on page load ----- illegal SplitLine on block line [@ nsStyleContext::GetStyleData ]
Categories
(Core :: Layout: Block and Inline, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: ervin.nemeth+org.mozilla.bugzilla, Unassigned)
References
()
Details
(Keywords: crash, testcase, topcrash-)
Crash Data
Attachments
(2 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030207 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030207 Mozilla is crashing on loading this page. Exception: if I Mozilla is launched with this URL as a parameter, it just hangs (full CPU consumption). Reproducible: Always Steps to Reproduce:
Comment 2•22 years ago
|
||
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3b) Gecko/20030208 TB17043980W TB17043310W maybe
This is something with block and line layout ###!!! ASSERTION: illegal SplitLine on block line: 'aLine->IsInline()', file c:/ moz_sour/mozilla/mozilla/layout/html/base/src/nsBlockFrame.cpp, line 4105 nsDebug::Assertion(const char * 0x014c0e28, const char * 0x014c0e14, const char * 0x014c0dd0, int 0x00001009) line 280 + 13 bytes nsDebug::AbortIfFalse(const char * 0x014c0e28, const char * 0x014c0e14, const char * 0x014c0dd0, int 0x00001009) line 391 + 21 bytes nsBlockFrame::SplitLine(nsBlockReflowState & {...}, nsLineLayout & {...}, nsLineList_iterator {...}, nsIFrame * 0x02730114) line 4105 + 45 bytes nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineLayout & {...}, nsLineList_iterator {...}, nsIFrame * 0x02746870, unsigned char * 0x0091d7d0) line 3967 + 28 bytes nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState & {...}, nsLineLayout & {...}, nsLineList_iterator {...}, int * 0x0091def0, unsigned char * 0x0091dca4, int 0x00000000, int 0x00000001) line 3729 + 32 bytes nsBlockFrame::DoReflowInlineFramesAuto(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0091def0, unsigned char * 0x0091dca4, int 0x00000000, int 0x00000001) line 3631 + 46 bytes nsBlockFrame::ReflowInlineFrames(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0091def0, int 0x00000001, int 0x00000000) line 3575 + 36 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0091def0, int 0x00000001) line 2665 + 33 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2311 + 31 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x02740764, nsIPresContext * 0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 943 + 15 bytes nsBlockReflowContext::ReflowBlock(const nsRect & {...}, int 0x00000001, nsCollapsingMargin & {...}, int 0x00000001, nsMargin & {...}, nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 546 + 42 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0091ea78) line 3331 + 56 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0091ea78, int 0x00000001) line 2529 + 27 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2311 + 31 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x02740578, nsIPresContext * 0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 943 + 15 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x02740578, nsIPresContext * 0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0x00000000, int 0x00000000, unsigned int 0x00000000, unsigned int & 0x00000000) line 960 + 31 bytes CanvasFrame::Reflow(CanvasFrame * const 0x0275ba98, nsIPresContext * 0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 590 nsBoxToBlockAdaptor::Reflow(nsBoxLayoutState & {...}, nsIPresContext * 0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000, int 0x00000000, int 0x00000000, int 0x000023dc, int 0x00001176, int 0x00000001) line 902 nsBoxToBlockAdaptor::DoLayout(nsBoxToBlockAdaptor * const 0x027404e0, nsBoxLayoutState & {...}) line 646 + 46 bytes nsBox::Layout(nsBox * const 0x027404e0, nsBoxLayoutState & {...}) line 1074 nsScrollBoxFrame::DoLayout(nsScrollBoxFrame * const 0x0275bec4, nsBoxLayoutState & {...}) line 361 nsBox::Layout(nsBox * const 0x0275bec4, nsBoxLayoutState & {...}) line 1074 nsContainerBox::LayoutChildAt(nsBoxLayoutState & {...}, nsIBox * 0x0275bec4, const nsRect & {...}) line 643 + 16 bytes nsGfxScrollFrameInner::LayoutBox(nsBoxLayoutState & {...}, nsIBox * 0x0275bec4, const nsRect & {...}) line 1153 + 17 bytes nsGfxScrollFrameInner::Layout(nsBoxLayoutState & {...}) line 1308 nsGfxScrollFrame::DoLayout(nsGfxScrollFrame * const 0x0275bda4, nsBoxLayoutState & {...}) line 1161 + 15 bytes nsBox::Layout(nsBox * const 0x0275bda4, nsBoxLayoutState & {...}) line 1074 nsBoxFrame::Reflow(nsBoxFrame * const 0x0275bd6c, nsIPresContext * 0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 902 nsGfxScrollFrame::Reflow(nsGfxScrollFrame * const 0x0275bd6c, nsIPresContext * 0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 845 + 25 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x0275bd6c, nsIPresContext * 0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0x00000000, int 0x00000000, unsigned int 0x00000000, unsigned int & 0x00000000) line 960 + 31 bytes ViewportFrame::Reflow(ViewportFrame * const 0x0275b988, nsIPresContext * 0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 299 + 43 bytes IncrementalReflow::Dispatch(nsIPresContext * 0x0262b9c0, nsHTMLReflowMetrics & {...}, const nsSize & {...}, nsIRenderingContext & {...}) line 894 PresShell::ProcessReflowCommands(int 0x00000001) line 6489 ReflowEvent::HandleEvent() line 6334 HandlePLEvent(ReflowEvent * 0x0269a060) line 6348 PL_HandleEvent(PLEvent * 0x0269a060) line 663 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00c80c00) line 593 + 9 bytes _md_EventReceiverProc(HWND__ * 0x00000754, unsigned int 0x0000de7c, unsigned int 0x00000000, long 0x00c80c00) line 1385 + 9 bytes KERNEL32! bff7363b() KERNEL32! bff94407() 00918cce()
Status: UNCONFIRMED → NEW
Component: Browser-General → Layout: Block & Inline
Ever confirmed: true
Summary: crash on page load → crash on page load ----- illegal SplitLine on block line
Comment 5•22 years ago
|
||
wfm using build 20020130 (CVS) and 2003020805 on Linux.
Comment 6•22 years ago
|
||
Comment 7•22 years ago
|
||
does patch for bug 154751 help here ?
Summary: crash on page load ----- illegal SplitLine on block line → crash on page load ----- illegal SplitLine on block line [@ nsStyleContext::GetStyleData ]
If you look at the code, it's clear this shouldn't happen with the stack given. I suspect some sort of memory corruption issue. The page loads fine, without any assertions, when running under valgrind. (Even looking at the memory in gdb a few runs before made my unsure why IsInline was false.)
Valgrind + no frame arena --> still, no assertions or crash. However, no frame arena, but normal debug build, leads to crash in nsObjectFrame code accessing an nsObjectFrame that looks like it's been deleted. I suspect this may be a duplicate of bug 136927.
It's not a duplicate of bug 136927. However, it may be some weird interaction between WipeContainingBlock and plugins, or just some problem with WipeContainingBlock. I'm having trouble reproducing the crash again...
Comment 12•22 years ago
|
||
linux trunk 20030208 crashes loading this
Updated•22 years ago
|
Attachment #113970 -
Attachment mime type: text/plain → text/html
Comment 13•22 years ago
|
||
build 2003020908 WinXP crashes too but without a talback report
Comment 14•22 years ago
|
||
This is a topcrash on M30B. Marking topcrash+ since there is a testcase.
Keywords: topcrash+
I doubt it's this particular crash. There are lots of separate bugs that cause crashes in GetStyleData.
Keywords: topcrash+
Keywords: topcrash
Comment 16•22 years ago
|
||
This stack matches the second stack given in the attachment on comment #6. Is that one relevant to this bug?
Comment 17•22 years ago
|
||
The stack from my comment #6 is from this bug (crash with an optimized build with symbols from the URL in the bug header). My debug doesn't crash but you get assertions (see Bernd's stack in comment #3 from the first assertion in a debug build). dbaron means AFAIK that there are more than one bug that results in this stack trace.
Comment 18•22 years ago
|
||
*** Bug 194168 has been marked as a duplicate of this bug. ***
Comment 19•21 years ago
|
||
Although we have a testcase, I'm going to mark this topcrash-. I only see 1 incident in Mozilla 1.3 Beta Talkback data...and only 1 incident with recent MozillaTrunk builds.
Comment 20•20 years ago
|
||
WFM. Opening http://krystalle.free.fr/magie.htm without problems. Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7b) Gecko/20040331 Microsoft Windows 2000 Professional 5.00.2195 SP4
Reporter | ||
Comment 21•20 years ago
|
||
Sure, me too. Why is this bug still open?
Comment 22•20 years ago
|
||
both URL and testcase wfm using 20040328 + QT 6.5 on Win2k. Anyone still crashing, please reopen
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
Comment 23•15 years ago
|
||
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/afc662d52ab1
Flags: in-testsuite+
Updated•13 years ago
|
Crash Signature: [@ nsStyleContext::GetStyleData ]
You need to log in
before you can comment on or make changes to this bug.
Description
•