Closed
Bug 108940
Opened 23 years ago
Closed 23 years ago
Crash on every page with position:fixed - Trunk [@ nsView::SetVisibility]
Categories
(Core Graveyard :: GFX, defect)
Core Graveyard
GFX
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla0.9.6
People
(Reporter: matthew, Assigned: roc)
References
()
Details
(Keywords: crash, topcrash)
Crash Data
Attachments
(2 files, 1 obsolete file)
6.73 KB,
text/plain
|
Details | |
1.77 KB,
patch
|
kmcclusk
:
review+
attinasi
:
superreview+
|
Details | Diff | Splinter Review |
Any page using position:fixed is crashing. :( One example, w3c fixed menu: www.w3.org/Style/Examples/007/menus.html Talkback IDs: TB37708287E TB37708179Z TB37708147W TB37708011M TB37707982X
Comment 1•23 years ago
|
||
Over to viewmanager: #0 nsViewManager::GetMouseEventGrabber (this=0x0) at nsViewManager.h:386 #1 0x420b40dd in nsView::SetVisibility (this=0x88e1070, aVisibility=nsViewVisibility_kHide) at nsView.cpp:674 #2 0x420c847d in nsZPlaceholderView::nsZPlaceholderView (this=0x88e1070, aParent=0x87a9858) at nsViewManager.h:102 #3 0x420bfb86 in nsViewManager::InsertZPlaceholder (this=0x8136348, aParent=0x87a9858, aChild=0x88c65b0, aZIndex=1) at nsViewManager.cpp:2021 #4 0x41d87780 in nsHTMLContainerFrame::CreateViewForFrame (aPresContext=0x87abbc8, aFrame=0x88c01a8, aStyleContext=0x88c0114, aContentParentFrame=0x88bfb0c, aForce=1) at nsHTMLContainerFrame.cpp:619 #5 0x41e37ad3 in nsCSSFrameConstructor::ConstructFrameByDisplayType (this=0x88ed178, aPresShell=0x88eb170, aPresContext=0x87abbc8, aState=@0xbfffe604, aDisplay=0x88c0148, aContent=0x87aa920, aParentFrame=0x88bfb0c, aStyleContext=0x88c0114, aFrameItems=@0xbfffe6cc) at nsCSSFrameConstructor.cpp:6110 (gdb) frame 0 #0 nsViewManager::GetMouseEventGrabber (this=0x0) at nsViewManager.h:386 386 nsView* GetMouseEventGrabber() const { return mMouseGrabber; } (gdb) p mMouseGrabber Cannot access memory at address 0x34
Assignee: attinasi → kmcclusk
Status: UNCONFIRMED → NEW
Component: Layout → Compositor
Ever confirmed: true
Keywords: crash
OS: Windows 2000 → All
Hardware: PC → All
Comment 2•23 years ago
|
||
Updated•23 years ago
|
Target Milestone: --- → mozilla0.9.6
Comment 3•23 years ago
|
||
Comment 4•23 years ago
|
||
The problem is the nsZPlaceholderView contructor calls nsView::SetVisibility to initialize it's visibility. SetVisibility was accessing it's viewmanager member variable which hadn't been set yet.
Comment 5•23 years ago
|
||
Comment on attachment 56940 [details] [diff] [review] Patch to check for null viewmanger when setting visibility on the view sr=attinasi - but wouldn't it be better to juggle the order of calls around so that the viewManager *is* set before the SetVisibility call is made, and then ASSERT that mViewManager is not null?
Attachment #56940 -
Flags: superreview+
Comment 6•23 years ago
|
||
The call to SetVisibility is done in the constructor to set it's initial value. The viewmanager member variable is not set until the nsView::init method is called. I could explicitly set the visibility member of the view instead of calling the SetVisibility method, but I thought it would be better just protect the SetVisibility against having a null viewmanager.
Comment 7•23 years ago
|
||
With that patch the crash goes away but is replaced with continuous assertions: ###!!! ASSERTION: mViewManager is null!: 'mViewManager', file nsView.cpp, line 632 ###!!! Break: at file nsView.cpp, line 632 see eg http://web.mit.edu/bzbarsky/www/ Also, could you not just test mViewManager instead of |nsnull != mViewManager| ?
Comment 8•23 years ago
|
||
bug 108934 is another crash in which mViewManager is null. Combined with the assertions, that makes me think there is a deeper problem here somewhere...
No longer blocks: 108934
Comment 9•23 years ago
|
||
Should we try backing out Robert's changes from last night (locally)? http://bonsai.mozilla.org/showcheckins.cgi?person=roc%2B%25cs.cmu.edu&treeid=SeaMonkey
No longer blocks: 108934
Updated•23 years ago
|
Comment 10•23 years ago
|
||
I backed out Robert's changes from last night locally and this crash and the crash in 108934 go away: cvs update -j3.80 -j3.79 mozilla/view/src/nsViewManager.h cvs update -j3.210 -j3.209 mozilla/view/src/nsViewManager.cpp cvs update -j3.57 -j3.56 mozilla/view/src/nsView.h cvs update -j3.142 -j3.141 mozilla/view/src/nsView.cpp cvs update -j3.57 -j3.56 mozilla/view/src/nsScrollingView.h cvs update -j3.144 -j3.143 mozilla/view/src/nsScrollingView.cpp cvs update -j3.9 -j3.8 mozilla/view/src/nsScrollPortView.h cvs update -j3.22 -j3.21 mozilla/view/src/nsScrollPortView.cpp cvs update -j3.56 -j3.55 mozilla/view/public/nsIViewManager.h cvs update -j3.60 -j3.59 mozilla/view/public/nsIView.h It may be caused by the part of the patch that removes the implementations for the nsIView methods that ZPlaceholderFrame's used to have and uses the nsView's implementations instead.
Comment 11•23 years ago
|
||
Reassigning to Robert to give him a chance to look at this.
Comment 12•23 years ago
|
||
*** Bug 108934 has been marked as a duplicate of this bug. ***
Blocks: 104864
Assignee | ||
Comment 13•23 years ago
|
||
Urk.
Assignee | ||
Comment 14•23 years ago
|
||
Thanks for backing this out. I am an idiot.
Comment 15•23 years ago
|
||
Um... it's not backed out. Kevin just _tried_ backing it out in his tree. This bug is still present as of right now on the trunk.
Comment 16•23 years ago
|
||
*** Bug 109038 has been marked as a duplicate of this bug. ***
Comment 17•23 years ago
|
||
Are bugs 109055 and 109057 dupes of this?
Comment 18•23 years ago
|
||
*** Bug 109057 has been marked as a duplicate of this bug. ***
Comment 19•23 years ago
|
||
dup of bug 108651?
Comment 20•23 years ago
|
||
*** Bug 109068 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 21•23 years ago
|
||
Oh. Wow. Alright, let me fix it pronto.
Assignee | ||
Comment 22•23 years ago
|
||
This is it ... no crash, no assertion failures. Ready for review.
Attachment #56940 -
Attachment is obsolete: true
Assignee | ||
Comment 23•23 years ago
|
||
That patch fixes all testcases in all dups so far.
Comment 24•23 years ago
|
||
Comment on attachment 57083 [details] [diff] [review] Fix up nsZPlaceholderView creation and destruction sr=attinasi
Attachment #57083 -
Flags: superreview+
Comment 25•23 years ago
|
||
Comment on attachment 57083 [details] [diff] [review] Fix up nsZPlaceholderView creation and destruction r=kmcclusk@netscpe.com
Attachment #57083 -
Flags: review+
Comment 26•23 years ago
|
||
Adding Trunk [@ nsView::SetVisibility] for tracking, this is currently a topcrasher with MozillaTrunk builds.
Keywords: crash
Summary: Crash on every page with position:fixed → Crash on every page with position:fixed - Trunk [@ nsView::SetVisibility]
Assignee | ||
Comment 28•23 years ago
|
||
Fix checked in.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
*** Bug 109097 has been marked as a duplicate of this bug. ***
Comment 30•23 years ago
|
||
*** Bug 109206 has been marked as a duplicate of this bug. ***
Comment 31•23 years ago
|
||
*** Bug 109270 has been marked as a duplicate of this bug. ***
Updated•16 years ago
|
Product: Core → Core Graveyard
Updated•13 years ago
|
Crash Signature: [@ nsView::SetVisibility]
You need to log in
before you can comment on or make changes to this bug.
Description
•