Closed
Bug 105928
Opened 23 years ago
Closed 17 years ago
Crash on startup if userContent.css has "* { overflow: auto }" or "* { overflow: scroll }"
Categories
(Core :: Layout, defect, P1)
Tracking
()
RESOLVED
DUPLICATE
of bug 164617
Future
People
(Reporter: bzbarsky, Assigned: attinasi)
References
Details
(Keywords: crash)
Attachments
(1 file)
668 bytes,
application/vnd.mozilla.xul+xml
|
Details |
Linux build 2001-10-19 from cvs. Steps to reproduce: 1) edit chrome/userContent.css in your profile directory 2) add "* { overflow: auto }" 3) Save and exit 4) Start the browser ('mozilla about:blank' will do, but it does not seem to matter what the start page is) Expected results: Browser starts fine Actual results: Browser opens profile manager, lets you choose a profile, then goes into infinite loop, blows the stack, and crashes. The same results happen if "overflow: scroll" is used. The sidebar is closed, so what's being rendered here? about:blank? The loop is being spawned by StyleSetImpl::ConstructRootFrame (that's the last non-loop function on the stack). Adding the same style rule to a page's style sheet, btw, does not lead to behavior like this. end of trace (showing loop): #14 0x41c1943a in nsCSSFrameConstructor::ConstructFrameInternal (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bdc668, aParentFrame=0x8bd4898, aTag=0x81ee4d8, aNameSpaceID=7, aStyleContext=0x8bdb6dc, aFrameItems=@0xbfe03104, aXBLBaseTag=0) at nsCSSFrameConstructor.cpp:6979 #15 0x41c192e8 in nsCSSFrameConstructor::ConstructFrame (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bdc668, aParentFrame=0x8bd4898, aFrameItems=@0xbfe03104) at nsCSSFrameConstructor.cpp:6942 #16 0x41c1485c in nsCSSFrameConstructor::CreateAnonymousFrames (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aParent=0x8bdb3b8, aDocument=0x8884570, aParentFrame=0x8bd4898, aChildItems=@0xbfe03104) at nsCSSFrameConstructor.cpp:5004 #17 0x41c16719 in nsCSSFrameConstructor::BuildGfxScrollFrame (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bdb3b8, aDocument=0x8884570, aParentFrame=0x8bd4718, aStyleContext=0x8bd47d0, aIsRoot=0, aNewFrame=@0xbfe0310c, aAnonymousFrames=@0xbfe03104, aScrollPortFrame=0x8bdb620) at nsCSSFrameConstructor.cpp:5924 #18 0x41c162fd in nsCSSFrameConstructor::BeginBuildingScrollFrame (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bdb3b8, aContentStyle=0x8bd47d0, aParentFrame=0x8bd4718, aScrolledPseudo=0x81eb370, aDocument=0x8884570, aIsRoot=0, aNewFrame=@0xbfe033d0, aScrolledChildStyle=@0xbfe03170, aScrollableFrame=@0xbfe03174, aScrollPortFrame=0x0) at nsCSSFrameConstructor.cpp:5721 #19 0x41c1659d in nsCSSFrameConstructor::BuildScrollFrame (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bdb3b8, aContentStyle=0x8bd47d0, aScrolledFrame=0x8bd4804, aParentFrame=0x8bd4718, aNewFrame=@0xbfe033d0, aScrolledContentStyle=@0xbfe03424, aScrollPortFrame=0x0) at nsCSSFrameConstructor.cpp:5869 #20 0x41c15528 in nsCSSFrameConstructor::ConstructXULFrame (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bdb3b8, aParentFrame=0x8bd4718, aTag=0x81ef938, aNameSpaceID=7, aStyleContext=0x8bd47d0, aFrameItems=@0xbfe03734, aXBLBaseTag=0, aHaltProcessing=@0xbfe034d0) at nsCSSFrameConstructor.cpp:5336 #21 0x41c19838 in nsCSSFrameConstructor::ConstructFrameInternal (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bdb3b8, aParentFrame=0x8bd4718, aTag=0x81ef938, aNameSpaceID=7, aStyleContext=0x8bd47d0, aFrameItems=@0xbfe03734, aXBLBaseTag=0) at nsCSSFrameConstructor.cpp:7037 #22 0x41c192e8 in nsCSSFrameConstructor::ConstructFrame (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bdb3b8, aParentFrame=0x8bd4718, aFrameItems=@0xbfe03734) at nsCSSFrameConstructor.cpp:6942 #23 0x41c28acf in nsCSSFrameConstructor::ProcessChildren (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bda898, aFrame=0x8bd4718, aCanHaveGeneratedContent=0, aFrameItems=@0xbfe03734, aParentIsBlock=0, aTableCreator=0x0) at nsCSSFrameConstructor.cpp:11480 #24 0x41c15ec8 in nsCSSFrameConstructor::ConstructXULFrame (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bda898, aParentFrame=0x8bd4650, aTag=0x81efec8, aNameSpaceID=7, aStyleContext=0x8bd461c, aFrameItems=@0xbfe03be8, aXBLBaseTag=0, aHaltProcessing=@0xbfe03984) at nsCSSFrameConstructor.cpp:5623 #25 0x41c19838 in nsCSSFrameConstructor::ConstructFrameInternal (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bda898, aParentFrame=0x8bd4650, aTag=0x81efec8, aNameSpaceID=7, aStyleContext=0x8bd461c, aFrameItems=@0xbfe03be8, aXBLBaseTag=0) at nsCSSFrameConstructor.cpp:7037 #26 0x41c192e8 in nsCSSFrameConstructor::ConstructFrame (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bda898, aParentFrame=0x8bd4650, aFrameItems=@0xbfe03be8) at nsCSSFrameConstructor.cpp:6942 #27 0x41c28acf in nsCSSFrameConstructor::ProcessChildren (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bda628, aFrame=0x8bd4650, aCanHaveGeneratedContent=0, aFrameItems=@0xbfe03be8, aParentIsBlock=0, aTableCreator=0x0) at nsCSSFrameConstructor.cpp:11480 #28 0x41c15ec8 in nsCSSFrameConstructor::ConstructXULFrame (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bda628, aParentFrame=0x8bd4460, aTag=0x81ee4d8, aNameSpaceID=7, aStyleContext=0x8bd45e8, aFrameItems=@0xbfe04038, aXBLBaseTag=0, aHaltProcessing=@0xbfe03e38) at nsCSSFrameConstructor.cpp:5623 #29 0x41c19838 in nsCSSFrameConstructor::ConstructFrameInternal (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bda628, aParentFrame=0x8bd4460, aTag=0x81ee4d8, aNameSpaceID=7, aStyleContext=0x8bd45e8, aFrameItems=@0xbfe04038, aXBLBaseTag=0) at nsCSSFrameConstructor.cpp:7037 #30 0x41c192e8 in nsCSSFrameConstructor::ConstructFrame (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bda628, aParentFrame=0x8bd4460, aFrameItems=@0xbfe04038) at nsCSSFrameConstructor.cpp:6942 #31 0x41c1485c in nsCSSFrameConstructor::CreateAnonymousFrames (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aParent=0x8bda390, aDocument=0x8884570, aParentFrame=0x8bd4460, aChildItems=@0xbfe04038) at nsCSSFrameConstructor.cpp:5004 #32 0x41c16719 in nsCSSFrameConstructor::BuildGfxScrollFrame (this=0x889f5a8, aPresShell=0x889f660, aPresContext=0x889ee30, aState=@0xbfffe900, aContent=0x8bda390, aDocument=0x8884570, aParentFrame=0x8bd42e0, aStyleContext=0x8bd4398, aIsRoot=0, aNewFrame=@0xbfe04040, aAnonymousFrames=@0xbfe04038, aScrollPortFrame=0x8bd452c) at nsCSSFrameConstructor.cpp:5924
Assignee | ||
Comment 1•23 years ago
|
||
Ech. So we want a scrollframe around everything? I don't think the GfxScrollFrame can handle that... cc'ing evaughan for his scrolling insights. Clearly, we need to at least be robust enough to handle this perfectly legitimate and superficially harmless CSS.
Reporter | ||
Comment 2•23 years ago
|
||
Again, the interesting thing is that the same rule in an author sheet does not lead to a crash. It's just the user sheet that's a problem.
Updated•23 years ago
|
Target Milestone: --- → mozilla1.0.1
Assignee | ||
Comment 3•23 years ago
|
||
Moving Mozilla 1.01 bugs to 'future' milestone with priority P1 I will be pulling bugs from 'future' milestones when scheduling later work.
Priority: -- → P1
Target Milestone: mozilla1.0.1 → Future
Comment 4•22 years ago
|
||
I can prevent the crash by adding scrollbar * { overflow: hidden !important; } in xul.css, so I guess the first question is, why is the rule in userContent.css being applied to scrollbars?
Reporter | ||
Comment 5•22 years ago
|
||
That's bug 164617
Comment 6•22 years ago
|
||
So is this a dupe of bug 164617? If universal selectors apply to scrollbars then * { overflow: auto } will inevitably cause an infinite regress.
Comment 8•22 years ago
|
||
By the definitions on <http://bugzilla.mozilla.org/bug_status.html#severity> and <http://bugzilla.mozilla.org/enter_bug.cgi?format=guided>, crashing and dataloss bugs are of critical or possibly higher severity. Only changing open bugs to minimize unnecessary spam. Keywords to trigger this would be crash, topcrash, topcrash+, zt4newcrash, dataloss.
Severity: normal → critical
bug 164617 says userContent.css but this bug's summary says userChrome.css.
Comment 10•21 years ago
|
||
The summary says userChrome.css, but comment 0 says chrome/userContent.css. Can the reporter clarify?
Reporter | ||
Comment 11•21 years ago
|
||
Yeah, this was userContent.css. If userChrome.css blows things up, I don't think we care that much....
Summary: Crash on startup if userChrome.css has "* { overflow: auto }" or "* { overflow: scroll }" → Crash on startup if userContent.css has "* { overflow: auto }" or "* { overflow: scroll }"
Comment 12•19 years ago
|
||
I extracted the minimum code from my application that crashes my browser Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6 Reproducible always.
Reporter | ||
Updated•17 years ago
|
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•