Closed
Bug 514660
Opened 15 years ago
Closed 15 years ago
Crash when View > Page Style > No.Style [@nsTextControlFrame::CalcIntrinsicSize(nsIRenderingContext*, nsSize&) ]
Categories
(Core :: Layout, defect, P2)
Core
Layout
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
status1.9.2 | --- | beta1-fixed |
People
(Reporter: alice0775, Assigned: roc)
References
()
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(3 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a2pre) Gecko/20090903 Firefox/3.5.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a1pre) Gecko/20090903 Minefield/3.7a1pre ID:20090903063153 Minefield crashes with Crash Report When View > Page Style > No.Style on certain page. It does not crash unless you log in to the page. Reproducible: Always Steps to Reproduce: 1. Start Minefield with New Profile. 2. Login bugzilla.mozilla.org ( https://bugzilla.mozilla.org ) 3. Go URL https://bugzilla.mozilla.org/show_bug.cgi?id=514629 4. View > Page Style > No Style (You should log in to the bugzilla.mozilla.org) Actual Results: Minefield crashes with Crash Report. Expected Results: Should not crash. No Style should be applied. Crash Report of Minefield: http://crash-stats.mozilla.com/report/index/07a2fb58-5ba5-4fca-b60d-89b5f2090904?p=1 Namoroka 3.6a2pre crashes also. but the crash report is not same the above. Crash Report of Namoroka: http://crash-stats.mozilla.com/report/index/0cf3115c-2fd4-41f6-a053-d1a032090904?p=1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a2pre) Gecko/20090903 Namoroka/3.6a2pre ID:20090903051734
Reporter | ||
Updated•15 years ago
|
Version: unspecified → Trunk
Reporter | ||
Comment 1•15 years ago
|
||
Regression Window: Works: http://hg.mozilla.org/mozilla-central/rev/c575412d976a Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090623 Minefield/3.6a1pre ID:20090623050900 Crashes: http://hg.mozilla.org/mozilla-central/rev/5fe89f2c22f0 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090624 Minefield/3.6a1pre ID:20090624042426 Pushlog: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=c575412d976a&tochange=5fe89f2c22f0 PS: Shirotoko does not crashes. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4pre) Gecko/20090901 Shiretoko/3.5.4pre ID:20090901041619
Keywords: regression
Reporter | ||
Comment 2•15 years ago
|
||
View > Page Style > No Style Browser crashes.
Comment 3•15 years ago
|
||
bp-0cf3115c-2fd4-41f6-a053-d1a032090904 0 xul.dll nsTextControlFrame::CalcIntrinsicSize layout/forms/nsTextControlFrame.cpp:1290 1 xul.dll nsTextControlFrame::GetPrefSize layout/forms/nsTextControlFrame.cpp:1770 2 xul.dll nsBoxFrame::GetPrefWidth layout/xul/base/src/nsBoxFrame.cpp:649 3 xul.dll nsLayoutUtils::IntrinsicForContainer layout/base/nsLayoutUtils.cpp:1887 4 xul.dll nsFrame::AddInlineMinWidth layout/generic/nsFrame.cpp:2929 5 xul.dll nsBlockFrame::GetMinWidth layout/generic/nsBlockFrame.cpp:701 6 xul.dll xul.dll@0xa8accb The symbols for bp-07a2fb58-5ba5-4fca-b60d-89b5f2090904 are missing...
Summary: Crash [@xul.dll@0x1dc7c ] when View > Page Style > No.Style → Crash when View > Page Style > No.Style [@nsTextControlFrame::CalcIntrinsicSize(nsIRenderingContext*, nsSize&) ]
Reporter | ||
Comment 4•15 years ago
|
||
Browser Crashes on Linux as follows: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/dbd6f214769b Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2a2pre) Gecko/20090904 Namoroka/3.6a2pre ID:20090904033851 http://crash-stats.mozilla.com/report/index/2a4cd7bd-124d-4fb3-839b-5b26d2090905 http://hg.mozilla.org/mozilla-central/rev/2600b11db971 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.3a1pre) Gecko/20090904 Minefield/3.7a1pre ID:20090904224446 http://crash-stats.mozilla.com/report/index/b62d191b-b250-41a5-aa92-5e2502090905?p=1
Comment 5•15 years ago
|
||
(In reply to comment #4) > Browser Crashes on Linux as follows: > > http://hg.mozilla.org/releases/mozilla-1.9.2/rev/dbd6f214769b > Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2a2pre) Gecko/20090904 > Namoroka/3.6a2pre ID:20090904033851 > http://crash-stats.mozilla.com/report/index/2a4cd7bd-124d-4fb3-839b-5b26d2090905 > 0 libxul.so nsTextControlFrame::CalcIntrinsicSize layout/forms/nsTextControlFrame.cpp:1320 That line was introduced Bug 425253. http://hg.mozilla.org/releases/mozilla-1.9.2/annotate/tip/layout/forms/nsTextControlFrame.cpp#l1320 http://hg.mozilla.org/mozilla-central/rev/3d8dbcce108f
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows XP → All
Hardware: x86 → All
Comment 6•15 years ago
|
||
Backtrace of linux trunk build Also debug build says: WARNING: Someone passed native anonymous content directly into frame construction. Stop doing that!: file /mozilla/mozilla-central/layout/base/nsCSSFrameConstructor.cpp, line 6016 ###!!! ASSERTION: Child must be scrollable: 'scrollableFrame', file /mozilla/mozilla-central/layout/forms/nsTextControlFrame.cpp, line 1317
Updated•15 years ago
|
Attachment #398948 -
Attachment mime type: text/x-log → text/plain
Comment 7•15 years ago
|
||
Seem to be getting crash reports for this on 1.9.2 also.
Flags: blocking1.9.2?
Comment 8•15 years ago
|
||
Looks like GetFirstChild(nsnull) is returning NULL.
Comment 9•15 years ago
|
||
Triggered by http://hg.mozilla.org/mozilla-central/rev/c6c685aa0379
Blocks: 495385
Assignee | ||
Updated•15 years ago
|
Assignee: nobody → roc
Assignee | ||
Updated•15 years ago
|
Flags: blocking1.9.2? → blocking1.9.2+
Priority: -- → P2
Assignee | ||
Comment 10•15 years ago
|
||
What happens here is that choosing "No style" disables all author styles. This happens to include the "style" attribute set on the anonymous <div> of a text control. Disabling "style" means removing "white-space:pre" from the <div> which means (since bug 495385 was fixed) reconstruction of the <div>'s frame. And that fails because the <div> is native anonymous. We crash because no new child frame is created, but even if we didn't crash the text input would still be broken. And in fact pre-495385 I bet we'd still be broken because the style would be gone so the text input's white-space value would be "normal".
Assignee | ||
Comment 11•15 years ago
|
||
We need to not use the 'style' attribute here. This patch just uses classes instead.
Attachment #402316 -
Flags: review?(bzbarsky)
Assignee | ||
Updated•15 years ago
|
Whiteboard: [needs review]
Comment 12•15 years ago
|
||
Comment on attachment 402316 [details] [diff] [review] fix r=bzbarsky
Attachment #402316 -
Flags: review?(bzbarsky) → review+
Shouldn't we still be marking it native-anonymous?
Assignee | ||
Comment 14•15 years ago
|
||
nsCSSFrameConstructor::GetAnonymousContent marks it native-anonymous after nsTextControlFrame::CreateAnonymousContent returns. The only reason we needed to mark it native-anonymous early was to get correct handling of the 'style' attribute.
Whiteboard: [needs review] → [needs landing]
Assignee | ||
Comment 15•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/e5ff8bfef784
Status: NEW → RESOLVED
Closed: 15 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Whiteboard: [needs landing] → [needs 192 landing]
Comment 16•15 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/f07481284c5f
status1.9.2:
--- → beta1-fixed
Whiteboard: [needs 192 landing]
Updated•13 years ago
|
Crash Signature: [@nsTextControlFrame::CalcIntrinsicSize(nsIRenderingContext*, nsSize&) ]
You need to log in
before you can comment on or make changes to this bug.
Description
•