Closed
Bug 1032450
Opened 10 years ago
Closed 10 years ago
crash in nsHTMLReflowState::ComputeContainingBlockRectangle(nsPresContext*, nsHTMLReflowState const*, int&, int&)
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
RESOLVED
FIXED
mozilla33
People
(Reporter: martijn.martijn, Assigned: MatsPalmgren_bugz)
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(3 files, 1 obsolete file)
Bug 794693 had a similar crash stack. This crash happens when font inflation is turned on, e.g. when the value of the font.size.inflation.minTwips preference is something else than the default. This bug was filed from the Socorro interface and is report bp-d087f760-cfa6-4f7a-a09b-23e5d2140630. ============================================================= 0 XUL nsHTMLReflowState::ComputeContainingBlockRectangle(nsPresContext*, nsHTMLReflowState const*, int&, int&) layout/generic/nsHTMLReflowState.h 1 XUL nsHTMLReflowState::InitConstraints(nsPresContext*, int, int, nsMargin const*, nsMargin const*, nsIAtom*) layout/generic/nsHTMLReflowState.cpp 2 XUL nsHTMLReflowState::Init(nsPresContext*, int, int, nsMargin const*, nsMargin const*) layout/generic/nsHTMLReflowState.cpp 3 XUL nsFontInflationData::UpdateWidth(nsHTMLReflowState const&) layout/generic/nsHTMLReflowState.cpp 4 XUL nsFontInflationData::UpdateFontInflationDataWidthFor(nsHTMLReflowState const&) layout/generic/nsFontInflationData.cpp 5 XUL nsHTMLReflowState::InitResizeFlags(nsPresContext*, nsIAtom*) layout/generic/nsHTMLReflowState.cpp 6 XUL nsHTMLReflowState::Init(nsPresContext*, int, int, nsMargin const*, nsMargin const*) layout/generic/nsHTMLReflowState.cpp 7 XUL nsFrame::DoLayout(nsBoxLayoutState&) layout/generic/nsHTMLReflowState.cpp 8 XUL nsIFrame::Layout(nsBoxLayoutState&) layout/xul/nsBox.cpp 9 XUL nsStackLayout::Layout(nsIFrame*, nsBoxLayoutState&) layout/xul/nsStackLayout.cpp
|
Assignee | |
Comment 1•10 years ago
|
||
We're setting up a nsHTMLReflowState for a nsTableFrame when we crash. The parent state, for an nsOuterTableFrame, has mDummyParentReflowState == true; and its mCBReflowState == null which we copy in InitCBReflowState(): http://mxr.mozilla.org/mozilla-central/source/layout/generic/nsHTMLReflowState.cpp#412 Then we call InitConstraints(): http://mxr.mozilla.org/mozilla-central/source/layout/generic/nsHTMLReflowState.cpp#1912 with parentReflowState != null, and mFlags.mDummyParentReflowState == false, so we fall into the else block where we use mCBReflowState which is null.
|
|
Assignee | |
Comment 2•10 years ago
|
||
I think this might work - make a table reflow state have mDummyParentReflowState=true if its parent reflow state has that. Then we'll take the then-branch in InitConstraints(). https://tbpl.mozilla.org/?tree=Try&rev=d3219591b1a9
|
|
Assignee | |
Comment 3•10 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=86be8e80e69d https://tbpl.mozilla.org/?tree=Try&rev=d3219591b1a9
Assignee: nobody → mats
Attachment #8448354 -
Attachment is obsolete: true
Attachment #8448871 -
Flags: review?(roc)
Attachment #8448871 -
Flags: review?(roc) → review+
|
|
Assignee | |
Comment 4•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/4a67b3d41033
Flags: in-testsuite+
OS: Mac OS X → All
|
||
Comment 5•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/4a67b3d41033
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
You need to log in
before you can comment on or make changes to this bug.
Description
•