Closed
Bug 96561
Opened 23 years ago
Closed 22 years ago
[CSS+Table] Crash entering www.zmspgda.republika.pl
Categories
(Core :: Layout, defect, P1)
Tracking
()
RESOLVED
DUPLICATE
of bug 113235
Future
People
(Reporter: piskozub, Assigned: karnaze)
References
()
Details
(Keywords: crash, testcase)
Attachments
(3 files)
Mozilla builds 2001081603 and CVS build (about 2001082216) - both on WindowsME - crash every time entering the URL.
Reporter | ||
Updated•23 years ago
|
Reporter | ||
Comment 1•23 years ago
|
||
Talkback numbers: TB34397494Q TB34375384M
Summary: Crash entering zmspgda.republika.pl → Crash entering www.zmspgda.republika.pl
Reporter | ||
Comment 2•23 years ago
|
||
I've meda a testcase. It seems this happens only in quirks mode (changing DOCTYPE to one rendered in strict/stadards mode heals the crash). What is needed is the change of color of the link when hovered over: A:link { color:rgb(100,0,0); } A:hover { color:rgb(0,100,0); } and a link inside a table with embedded HR and the link text in H1 (all the elements seem necessary): <TABLE> <TR> <TD VALIGN="middle" ALIGN="center"> <A HREF="http://foo"> <HR> <H1> Any text </H1> </A> </TD> </TR> </TABLE> Strange, isn't it?
Keywords: testcase
Summary: Crash entering www.zmspgda.republika.pl → [CSS+Table] Crash entering www.zmspgda.republika.pl
Reporter | ||
Comment 3•23 years ago
|
||
Reporter | ||
Comment 4•23 years ago
|
||
Reporter | ||
Comment 5•23 years ago
|
||
I'll risk -> Layout as this is a problem on the Table-CSS intersection.
Component: Browser-General → Layout
Reporter | ||
Comment 8•23 years ago
|
||
Talkback # for the testcase crash TB34421731E
Assignee | ||
Comment 9•23 years ago
|
||
It looks like an inline or text frame has been deleted but is being de-referenced. Reassigning to waterson. ApplyRenderingChangeToTree(nsIPresContext * 0x022cbde0, nsIFrame * 0x0119e844, nsIViewManager * 0x00000000) line 9688 nsCSSFrameConstructor::ProcessRestyledFrames(nsCSSFrameConstructor * const 0x022cdc30, nsStyleChangeList & {...}, nsIPresContext * 0x022cbde0) line 9877 + 15 bytes nsCSSFrameConstructor::ContentStatesChanged(nsCSSFrameConstructor * const 0x022cdc30, nsIPresContext * 0x022cbde0, nsIContent * 0x02ad4f60, nsIContent * 0x00000000) line 9996 StyleSetImpl::ContentStatesChanged(StyleSetImpl * const 0x022cdf20, nsIPresContext * 0x022cbde0, nsIContent * 0x02ad4f60, nsIContent * 0x02ad32e0) line 1216 PresShell::ContentStatesChanged(PresShell * const 0x02302918, nsIDocument * 0x022b2dc0, nsIContent * 0x02ad4f60, nsIContent * 0x02ad32e0) line 4933 + 49 bytes nsDocument::ContentStatesChanged(nsDocument * const 0x022b2dc0, nsIContent * 0x02ad4f60, nsIContent * 0x02ad32e0) line 1594 nsEventStateManager::SetContentState(nsEventStateManager * const 0x02321128, nsIContent * 0x02ad4f60, int 4) line 3534 nsGenericHTMLElement::HandleDOMEventForAnchors(nsIContent * 0x02ad4f60, nsIPresContext * 0x022cbde0, nsEvent * 0x0012f158, nsIDOMEvent * * 0x0012f0a4, unsigned int 2, nsEventStatus * 0x0012f1a0) line 1365 nsHTMLAnchorElement::HandleDOMEvent(nsHTMLAnchorElement * const 0x02ad4f60, nsIPresContext * 0x022cbde0, nsEvent * 0x0012f158, nsIDOMEvent * * 0x0012f0a4, unsigned int 2, nsEventStatus * 0x0012f1a0) line 393 nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x02ad4a90, nsIPresContext * 0x022cbde0, nsEvent * 0x0012f158, nsIDOMEvent * * 0x0012f0a4, unsigned int 1, nsEventStatus * 0x0012f1a0) line 1708 + 53 bytes nsEventStateManager::GenerateMouseEnterExit(nsIPresContext * 0x022cbde0, nsGUIEvent * 0x0012fa00) line 2127 nsEventStateManager::PreHandleEvent(nsEventStateManager * const 0x02321128, nsIPresContext * 0x022cbde0, nsEvent * 0x0012fa00, nsIFrame * 0x0119eec0, nsEventStatus * 0x0012f8f4, nsIView * 0x023555e0) line 355 PresShell::HandleEventInternal(nsEvent * 0x0012fa00, nsIView * 0x023555e0, unsigned int 1, nsEventStatus * 0x0012f8f4) line 5645 + 43 bytes PresShell::HandleEvent(PresShell * const 0x02302914, nsIView * 0x023555e0, nsGUIEvent * 0x0012fa00, nsEventStatus * 0x0012f8f4, int 0, int & 1) line 5576 + 25 bytes nsView::HandleEvent(nsView * const 0x023555e0, nsGUIEvent * 0x0012fa00, unsigned int 8, nsEventStatus * 0x0012f8f4, int 0, int & 1) line 377 nsView::HandleEvent(nsView * const 0x02355dd0, nsGUIEvent * 0x0012fa00, unsigned int 8, nsEventStatus * 0x0012f8f4, int 0, int & 1) line 350 nsView::HandleEvent(nsView * const 0x022cc500, nsGUIEvent * 0x0012fa00, unsigned int 28, nsEventStatus * 0x0012f8f4, int 1, int & 1) line 350 nsViewManager::DispatchEvent(nsViewManager * const 0x022cca70, nsGUIEvent * 0x0012fa00, nsEventStatus * 0x0012f8f4) line 2056 HandleEvent(nsGUIEvent * 0x0012fa00) line 68 nsWindow::DispatchEvent(nsWindow * const 0x02355c94, nsGUIEvent * 0x0012fa00, nsEventStatus & nsEventStatus_eIgnore) line 728 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fa00) line 749 nsWindow::DispatchMouseEvent(unsigned int 300, nsPoint * 0x00000000 {x=??? y=???}) line 4262 + 21 bytes ChildWindow::DispatchMouseEvent(unsigned int 300, nsPoint * 0x00000000 {x=??? y=???}) line 4514 nsWindow::ProcessMessage(unsigned int 512, unsigned int 0, long 7864918, long * 0x0012fe2c) line 3198 + 24 bytes nsWindow::WindowProc(HWND__ * 0x000a079e, unsigned int 512, unsigned int 0, long 7864918) line 996 + 27 bytes USER32! 77e148dc() USER32! 77e14aa7() USER32! 77e266fd() main(int 1, char * * 0x006440e0) line 157 + 11 bytes mainCRTStartup() line 338 + 17 bytes
Assignee: karnaze → waterson
Updated•23 years ago
|
Whiteboard: [need talkback retrieval]
Updated•23 years ago
|
Target Milestone: --- → Future
Updated•23 years ago
|
Status: NEW → ASSIGNED
Comment 10•22 years ago
|
||
WFM 2002032803/Win2K Piskozub: Can you reproduce this bug with a latest build?
Assignee | ||
Comment 11•22 years ago
|
||
I crashed with a 4/4/2 Win2k debug at the url. The test case worked. IsCanvasFrame(nsIFrame * 0x0458a434) line 2411 + 39 bytes nsCSSRendering::FindBackground(nsIPresContext * 0x04333d60, nsIFrame * 0x0458a434, const nsStyleBackground * * 0x0012e5c0, int * 0x0012e5b8) line 2542 + 9 bytes ApplyRenderingChangeToTree(nsIPresContext * 0x04333d60, nsIFrame * 0x0458a434, nsIViewManager * 0x00000000) line 9825 + 21 bytes nsCSSFrameConstructor::ProcessRestyledFrames(nsCSSFrameConstructor * const 0x040a8658, nsStyleChangeList & {...}, nsIPresContext * 0x04333d60) line 10022 + 15 bytes nsCSSFrameConstructor::ContentStatesChanged(nsCSSFrameConstructor * const 0x040a8658, nsIPresContext * 0x04333d60, nsIContent * 0x04499c98, nsIContent * 0x00000000, nsIAtom * 0x00000000 {???}) line 10176
Comment 12•22 years ago
|
||
Ah, I'm crashing now with 2002040903/Win2K on testcase, but I have to move several times over both links -> TB5025999K, TB5026011W and TB5026064Q.
OS: Windows ME → All
Assignee | ||
Comment 13•22 years ago
|
||
I can't get the test case to fail no matter how many times I mouse over the links. The url fails easily.
Assignee | ||
Comment 14•22 years ago
|
||
Taking the bug.
Assignee: waterson → karnaze
Status: ASSIGNED → NEW
Priority: -- → P1
Assignee | ||
Comment 15•22 years ago
|
||
Mousing over the link produces the following stack. nsCOMPtr<nsIBox>::assign_from_helper(const nsCOMPtr_helper & {...}, const nsID & {...}) line 922 + 18 bytes nsCOMPtr<nsIBox>::nsCOMPtr<nsIBox>(const nsQueryInterface & {...}) line 566 nsCSSFrameConstructor::StyleChangeReflow(nsIPresContext * 0x02ea39c0, nsIFrame * 0x01abf604, nsIAtom * 0x00000000 {???}) line 10076 nsCSSFrameConstructor::ProcessRestyledFrames(nsCSSFrameConstructor * const 0x02ea4240, nsStyleChangeList & {...}, nsIPresContext * 0x02ea39c0) line 10213 nsCSSFrameConstructor::ContentStatesChanged(nsCSSFrameConstructor * const 0x02ea4240, nsIPresContext * 0x02ea39c0, nsIContent * 0x02f01b20, nsIContent * 0x00000000, int 4) line 10379 StyleSetImpl::ContentStatesChanged(StyleSetImpl * const 0x02ea4560, nsIPresContext * 0x02ea39c0, nsIContent * 0x02f01b20, nsIContent * 0x00000000, int 4) line 1563 PresShell::ContentStatesChanged(PresShell * const 0x02ebc188, nsIDocument * 0x02e7f450, nsIContent * 0x02f01b20, nsIContent * 0x00000000, int 4) line 5111 + 53 bytes nsDocument::ContentStatesChanged(nsDocument * const 0x02e7f450, nsIContent * 0x02f01b20, nsIContent * 0x00000000, int 4) line 2049 nsEventStateManager::SetContentState(nsEventStateManager * const 0x02ed61f8, nsIContent * 0x02f014e0, int 4) line 3636
Assignee | ||
Comment 16•22 years ago
|
||
The patch in bug 113235 fixes this by avoiding a reframe.
Status: NEW → ASSIGNED
Depends on: 113235
Assignee | ||
Comment 17•22 years ago
|
||
*** This bug has been marked as a duplicate of 113235 ***
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
No longer depends on: 113235
Resolution: --- → DUPLICATE
Whiteboard: [FIXED_ON_TRUNK]
Assignee | ||
Updated•22 years ago
|
Whiteboard: [FIXED_ON_TRUNK]
You need to log in
before you can comment on or make changes to this bug.
Description
•