Closed Bug 89101 Opened 23 years ago Closed 23 years ago

position:fixed form crash [@ gklayout::NS_NewPresShell]

Categories

(Core :: Layout, defect, P2)

Product:
Core
Component:
Layout
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.3

People

(Reporter: caustin, Assigned: waterson)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(3 files)

testcase
267 bytes, text/html
Details
Dr. Watson log, TB32483095Z
30.39 KB, text/plain
Details
fieldset's outer and inner should each always have a space manager
1.26 KB, patch
Details | Diff | Splinter Review 
Open the testcase.

Actual results:  *crash*

Expected results:  *crash*
Attached file testcase 

    
  
Keywords: crash, 
          
            testcase

    
    

    
  
Uhhh.  No, you don't expect a crash.  I meant *not crash*.  :)

    
  
Summary: position:fixed form crash → position:fixed form crash [@ gklayout::NS_NewPresShell]

    
    

    
  


  

    
    

    
  
Over to Layout.
Assignee: asa → karnaze
Component: Browser-General → Layout
QA Contact: doronr → petersen

    
    

    
  
I get this Stack trace with win2k build 20010702.. (CVS debug)

A part of that stack:
nsBlockReflowState::GetAvailableSpace(int 0) line 324 + 20 bytes
nsBlockReflowState::GetAvailableSpace() line 55
nsBlockFrame::PrepareResizeReflow(nsBlockReflowState & {...}) line 1623
nsBlockFrame::PrepareInitialReflow(nsBlockReflowState & {...}) line 1456
nsBlockFrame::Reflow(nsBlockFrame * const 0x04da6b3c, nsIPresContext * 
0x03cd6590, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 728 + 15 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x04da6b3c, nsIPresContext * 
0x03cd6590, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, 
int 0, unsigned int 0, unsigned int & 0) line 724 + 31 bytes
nsFieldSetFrame::Reflow(nsFieldSetFrame * const 0x04da6f50, nsIPresContext * 
0x03cd6590, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 459
ViewportFrame::ReflowFixedFrame(nsIPresContext * 0x03cd6590, const 
nsHTMLReflowState & {...}, nsIFrame * 0x04da6f50, int 1, unsigned int & 0) line 
362 + 37 bytes
ViewportFrame::IncrementalReflow(nsIPresContext * 0x03cd6590, const 
nsHTMLReflowState & {...}) line 457
ViewportFrame::Reflow(ViewportFrame * const 0x04da38f0, nsIPresContext * 
0x03cd6590, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 505
nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x03d4fdd0, 
nsIPresContext * 0x03cd6590, nsHTMLReflowMetrics & {...}, const nsSize & {...}, 
nsIRenderingContext & {...}) line 145
PresShell::ProcessReflowCommand(nsVoidArray & {...}, int 1, nsHTMLReflowMetrics 
& {...}, nsSize & {...}, nsIRenderingContext & {...}) line 5830
PresShell::ProcessReflowCommands(int 1) line 5885

    
    

    
  
I see this on Linux with a build from 2001-07-03 as well.

In an optimized build I crash in nsLineLayout::ReflowFrame()

In a debug build, I crash with:

#0  0x41aaa943 in nsBlockReflowState::GetAvailableSpace (this=0xbfffe7a0, aY=0)
    at nsBlockReflowState.cpp:324
#1  0x41c9608a in nsBlockReflowState::GetAvailableSpace (this=0xbfffe7a0)
    at nsBlockReflowState.h:54
#2  0x41a9f540 in nsBlockFrame::PrepareResizeReflow (this=0x8818320,
aState=@0xbfffe7a0)
    at nsBlockFrame.cpp:1618
#3  0x41a9f0a6 in nsBlockFrame::PrepareInitialReflow (this=0x8818320,
aState=@0xbfffe7a0)
    at nsBlockFrame.cpp:1455
#4  0x41a9d9f4 in nsBlockFrame::Reflow (this=0x8818320, aPresContext=0x85f56d8, 
    aMetrics=@0xbfffebf0, aReflowState=@0xbfffeb04, aStatus=@0xbfffee04)
    at nsBlockFrame.cpp:728

(gdb) frame 0
#0  0x41aaa943 in nsBlockReflowState::GetAvailableSpace (this=0xbfffe7a0, aY=0)
    at nsBlockReflowState.cpp:324
324       mSpaceManager->GetTranslation(wx, wy);
(gdb) p mSpaceManager
$1 = (nsISpaceManager *) 0x0


ccing waterson -- looks like his code.
OS: Windows 2000 → All
Hardware: PC → All

    
    

    
  
ok, i'll take a look.
Assignee: karnaze → waterson
Priority: -- → P2
Target Milestone: --- → mozilla0.9.3

    
  
Status: NEW → ASSIGNED

    
    

    
  
The problem was that <fieldset> was not setting itself up properly to contain
floaters in the fixed-positioning case. I think that <fieldset> should never
allow floaters to spill outside of it, so the above patch sets a space manager
on the ``outer'' block frame (which contains the legend and deals with the
border) and the ``inner'' area frame (which contains the fieldset contents).
Setting a space manager on the outer frame handles the (admittedly bizarre) case
where something in the legend was floated.

    
  
Keywords: patch

    
    

    
  
sr=attinasi

    
    

    
  
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

    
    

    
  
In the branch or trunk or both?


    
    

    
  
bonsai sez trunk-only.

    
    

    
  
Marking verified fixed in the Sept 06 build (2001-09-06-03).
Status: RESOLVED → VERIFIED

    
    

    
  
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/5a6def05ccbc
Flags: in-testsuite+
Crash Signature: [@ gklayout::NS_NewPresShell]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: