Closed Bug 148245 Opened 22 years ago Closed 22 years ago

Crash when float:left is applied to a p:first-letter [@ nsHTMLReflowState::Init]

Categories

(Core :: Layout, defect, P2)

Product:
Core
Component:
Layout
Platform:
x86
All
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.0.1

People

(Reporter: harvested_from_mozilla4, Assigned: karnaze)

References

(
URL
)

Details

(4 keywords, Whiteboard: [PATCH])

Crash Data

Attachments

(2 files)

testcase
162 bytes, text/html
Details
patch to fix the bug
2.55 KB, patch
Details | Diff | Splinter Review 
Mozilla crashes at http://www.lynuxworks.com/products/lynxos/lynxos.php3.  The
CSS style named "dropcap", found in the style sheet synergy-v5.css, appears to
be teh cause of the crash, when it applies float:left to the p.first-letter
pseudo-element.
wfm with Build 2002052809 on Win XP Pro
URL crashes for me too, using trunk 2002053008 on win2k - TB6844196K
confirming
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash, stackwanted
Attached file testcase 
reduced test case. seems first-letter and first-line styles are both need to
cause crash, although it doesn't matter what style is applied to first-line.
paragraph needs at least 2 letters.
Keywords: testcase
wfm win2k sp2, m1 rc3
Stephend, could you get the stack?  TB6844196K
nsHTMLReflowState::Init [nsHTMLReflowState.cpp, line 316]
nsHTMLReflowState::nsHTMLReflowState [nsHTMLReflowState.cpp, line 256]
nsFirstLetterFrame::Reflow [nsFirstLetterFrame.cpp, line 236]
nsBlockReflowContext::DoReflowBlock [nsBlockReflowContext.cpp, line 570]
nsBlockReflowContext::ReflowBlock [nsBlockReflowContext.cpp, line 348]
nsBlockFrame::ReflowFloater [nsBlockFrame.cpp, line 5286]
nsBlockReflowState::FlowAndPlaceFloater [nsBlockReflowState.cpp, line 879]
nsBlockReflowState::AddFloater [nsBlockReflowState.cpp, line 681]
nsLineLayout::ReflowFrame [nsLineLayout.cpp, line 1177]
nsInlineFrame::ReflowInlineFrame [nsInlineFrame.cpp, line 717]
nsInlineFrame::ReflowFrames [nsInlineFrame.cpp, line 522]
nsFirstLineFrame::Reflow [nsInlineFrame.cpp, line 1066]
nsLineLayout::ReflowFrame [nsLineLayout.cpp, line 1104]
nsBlockFrame::ReflowInlineFrame [nsBlockFrame.cpp, line 3775]
nsBlockFrame::DoReflowInlineFrames [nsBlockFrame.cpp, line 3601]
nsBlockFrame::DoReflowInlineFramesAuto [nsBlockFrame.cpp, line 3491]
nsBlockFrame::ReflowInlineFrames [nsBlockFrame.cpp, line 3436]
nsBlockFrame::ReflowLine [nsBlockFrame.cpp, line 2594]
nsBlockFrame::ReflowDirtyLines [nsBlockFrame.cpp, line 2238]
nsBlockFrame::Reflow [nsBlockFrame.cpp, line 947]
nsBlockReflowContext::DoReflowBlock [nsBlockReflowContext.cpp, line 570]
nsBlockReflowContext::ReflowBlock [nsBlockReflowContext.cpp, line 348]
nsBlockFrame::ReflowBlockFrame [nsBlockFrame.cpp, line 3197]
nsBlockFrame::ReflowLine [nsBlockFrame.cpp, line 2460]
nsBlockFrame::ReflowDirtyLines [nsBlockFrame.cpp, line 2238]
nsBlockFrame::Reflow [nsBlockFrame.cpp, line 947]
nsBlockReflowContext::DoReflowBlock [nsBlockReflowContext.cpp, line 570]
nsBlockReflowContext::ReflowBlock [nsBlockReflowContext.cpp, line 348]
nsBlockFrame::ReflowBlockFrame [nsBlockFrame.cpp, line 3197]
nsBlockFrame::ReflowLine [nsBlockFrame.cpp, line 2460]
nsBlockFrame::ReflowDirtyLines [nsBlockFrame.cpp, line 2238]
nsBlockFrame::Reflow [nsBlockFrame.cpp, line 947]
nsContainerFrame::ReflowChild [nsContainerFrame.cpp, line 806]
nsTableCellFrame::Reflow [nsTableCellFrame.cpp, line 946]
nsContainerFrame::ReflowChild [nsContainerFrame.cpp, line 806]
nsTableRowFrame::ReflowChildren [nsTableRowFrame.cpp, line 1040]
nsTableRowFrame::Reflow [nsTableRowFrame.cpp, line 1458]
nsContainerFrame::ReflowChild [nsContainerFrame.cpp, line 806]
nsTableRowGroupFrame::ReflowChildren [nsTableRowGroupFrame.cpp, line 447]
nsTableRowGroupFrame::Reflow [nsTableRowGroupFrame.cpp, line 1211]
nsContainerFrame::ReflowChild [nsContainerFrame.cpp, line 806]
nsTableFrame::ReflowChildren [nsTableFrame.cpp, line 3313]
nsTableFrame::Reflow [nsTableFrame.cpp, line 2007]
nsContainerFrame::ReflowChild [nsContainerFrame.cpp, line 806]
nsTableOuterFrame::OuterReflowChild [nsTableOuterFrame.cpp, line 1027]
nsTableOuterFrame::Reflow [nsTableOuterFrame.cpp, line 1612]
nsBlockReflowContext::DoReflowBlock [nsBlockReflowContext.cpp, line 570]
nsBlockReflowContext::ReflowBlock [nsBlockReflowContext.cpp, line 348]
nsBlockFrame::ReflowBlockFrame [nsBlockFrame.cpp, line 3197]
nsBlockFrame::ReflowLine [nsBlockFrame.cpp, line 2460]
nsBlockFrame::ReflowDirtyLines [nsBlockFrame.cpp, line 2238]
nsBlockFrame::Reflow [nsBlockFrame.cpp, line 947]
nsBlockReflowContext::DoReflowBlock [nsBlockReflowContext.cpp, line 570]
nsBlockReflowContext::ReflowBlock [nsBlockReflowContext.cpp, line 348]
nsBlockFrame::ReflowBlockFrame [nsBlockFrame.cpp, line 3197]
nsBlockFrame::ReflowLine [nsBlockFrame.cpp, line 2460]
nsBlockFrame::ReflowDirtyLines [nsBlockFrame.cpp, line 2238]
nsBlockFrame::Reflow [nsBlockFrame.cpp, line 947]
nsContainerFrame::ReflowChild [nsContainerFrame.cpp, line 806]
CanvasFrame::Reflow [nsHTMLFrame.cpp, line 566]
nsBoxToBlockAdaptor::Reflow [nsBoxToBlockAdaptor.cpp, line 886]
nsBoxToBlockAdaptor::DoLayout [nsBoxToBlockAdaptor.cpp, line 627]
nsBox::Layout [nsBox.cpp, line 1052]
nsScrollBoxFrame::DoLayout [nsScrollBoxFrame.cpp, line 394]
Keywords: stackwanted
To layout....
Assignee: dbaron → attinasi
Component: Style System → Layout
QA Contact: ian → petersen
Summary: Crash when float:left is applied to a p:first-letter → Crash when float:left is applied to a p:first-letter [@ nsHTMLReflowState::Init]
QA Contact: petersen → moied
Priority: -- → P2
Adding topcrash+ keyword, this is a topcrasher on the MozillaTrunk and we have a
testcase.
Keywords: topcrash+
i'm unable to repro the crash with a debug trunk build from 6/1 under linux.  i
tried both test cases.
nominating. Added impact.
Keywords: nsbeta1
Whiteboard: [ADT1 RTM]
-> Karnaze
Assignee: attinasi → karnaze
*** Bug 150216 has been marked as a duplicate of this bug. ***
regression occurred between 2002052808 and 2002052809 (trunk)
backing out bug 145305 fixes the crash
OS=>All
Keywords: regression
OS: Windows 98 → All
Depends on: 145305
*** Bug 150459 has been marked as a duplicate of this bug. ***
*** Bug 150656 has been marked as a duplicate of this bug. ***
Bug 150656 showed that this crash also happens on Shaver's blog:

http://off.net/~shaver/diary/
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0.1

    
  
Whiteboard: [ADT1 RTM] → [ADT1 RTM][PATCH]

    
    

    
  
*** Bug 150890 has been marked as a duplicate of this bug. ***

    
    

    
  
Any idea why you're ending up with an incomplete reflow status when the height
is unconstrained?  Shouldn't that never happen?

    
    

    
  
I think the notion of an incomplete status and the naming of prev-in-flow and 
next-in-flow must have originated to handle spans (and the like) which didn't 
fit horizontally within a constrained space. And it appears that the concept was 
later applied to blocks and tables when they didn't fit vertically within a 
constrained space. But the two concepts seem different to me. In the 
horizontally incomplete case the span's continuation needs to go on the 
beginning of the next line, whereas in the vertically incomplete case, the 
table's continuation needs to go directly under its prev-in-flow (e.g. a 
continued floated table). 

Bug 145305 deals with splitting floaters, that are vertically incomplete. In the 
patch I attached here, I must only handle the vertically incomplete cases, 
because the first letter frame is horizontally incomplete, and it shouldn't be 
split. I also added code to not split first letters that are vertically 
incomplete because the effort is not worth the benefit (i.e the only case this 
would be necessary is if a first letter were larger than a page).  

So dbaron, yes it appears that the first letter frame is horizontally 
incomplete. 

    
    

    
  
It seems to me that the two concepts are pretty much the same, except one is
within an inline reflow context and the other within a block reflow context.  It
seems here that nsFirstLetterFrame is incorrect in propagating the status from
an inline reflow context into a block reflow context.

    
    

    
  
Karnaze say:

"This bug is a direct result of my patch to bug 145305 (floaters do not split
when printing). Consequently, I don't think the first letter frame is at fault.
As I tried to explain, I need to know when a floater is incomplete because of
vertical constraints, and the first letter frame was incomplete because of
horiziontal constraints. So, basically, I'm fixing the problems that I introduced."


Waterson say: "ok, sr=waterson"

    
    

    
  
*** Bug 150950 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 151510 has been marked as a duplicate of this bug. ***

    
    

    
  
The patch is in.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED

    
    

    
  
*** Bug 152578 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 152948 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 154148 has been marked as a duplicate of this bug. ***

    
    

    
  
removing adt1 rtm since this was trunk only.
Whiteboard: [ADT1 RTM][PATCH] → [PATCH]

    
    

    
  
nsbeta1-. The crash does not affect the Moz1.0 branch because the fix for bug
145305 which causes this crash is not on the branch.

    
    

    
  
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/54417ebbaea2
Flags: in-testsuite+
Crash Signature: [@ nsHTMLReflowState::Init]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: