Closed
Bug 112696
Opened 23 years ago
Closed 23 years ago
Runtime Error Crash after changing display of link
Categories
(Core :: CSS Parsing and Computation, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 105619
People
(Reporter: crsaila, Assigned: dbaron)
References
()
Details
(Keywords: crash)
Attachments
(1 file)
|
4.60 KB,
text/plain
|
Details |
If fixed at the above try
<http://www.ontariosciencecentre.ca/foobar/navigation/>
Error Msg:
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: C:\Program Files\Mozilla\mozilla.exe
R6025
- pure virtual call
which then repeats and crashes the browser (no Talkback), when clicking on any
of the yellow rectangles in the menu in attempt set hidden DIVs to display: block.
Traced the apparent cause of the crash to this style sheet line:
A.firstLevel, A.secondLevel, A.thirdLevel { display: block; border: 1px outset
#FFF; font: 10px arial; text-decoration: none; }
Changing it to:
A.firstLevel, A.secondLevel, A.thirdLevel { display: block; border: 1px outset
#FFF; font-size: 10px; font-family: arial; color: #000; text-decoration: none; }
...stops the crashing.
This seems to only affect Win32-based builds of Mozilla 0.9.6
(tested on Win2K, and Win98)
|
||
Comment 2•23 years ago
|
||
I see this on the /foobar/navigation page with a CVS build from Dec 1. Over to
strings based on stack:
#0 0x402361c2 in nsAString::Cut (this=0x43600008, cutStart=0, cutLength=14)
at nsAString.cpp:461
#1 0x4023ffa6 in nsStr::StrAppend (aDest=@0x872619c, aSource=@0x874d1dc,
anOffset=0,
aCount=141427136) at nsStr.cpp:198
#2 0x4023fea3 in nsStr::StrAssign (aDest=@0x872619c, aSource=@0x874d1dc,
anOffset=0,
aCount=141427136) at nsStr.cpp:173
#3 0x40243ec4 in nsString::nsString (this=0x8726198, aString=@0x874d1d8)
at nsString2.cpp:94
#4 0x40030da6 in nsFont::nsFont (this=0x8726198, aOther=@0x874d1d8) at
nsFont.cpp:69
#5 0x40f8e988 in nsFontMetricsGTK::Init (this=0x8726038, aFont=@0x874d1d8,
aLangGroup=0x8257e78, aContext=0x85f6630) at nsFontMetricsGTK.cpp:1144
#6 0x40030824 in nsFontCache::GetMetricsFor (this=0x862e148, aFont=@0x874d1d8,
aLangGroup=0x8257e78, aMetrics=@0xbfffe9f8) at nsDeviceContext.cpp:675
#7 0x4002f991 in DeviceContextImpl::GetMetricsFor (this=0x85f6630,
aFont=@0x874d1d8,
aLangGroup=0x8257e78, aMetrics=@0xbfffe9f8) at nsDeviceContext.cpp:307
#8 0x41de56e5 in nsTextFrame::TextStyle::TextStyle (this=0xbfffe9e8,
aPresContext=0x86c5ed8, aRenderingContext=@0x8722e78, sc=0x875dae4)
at nsTextFrame.cpp:545
#9 0x41c372ca in nsTextFrame::Paint (this=0x874cfec, aPresContext=0x86c5ed8,
aRenderingContext=@0x8722e78, aDirtyRect=@0xbfffea70,
aWhichLayer=eFramePaintLayer_Overlay, aFlags=0) at nsTextFrame.cpp:1415
(gdb) frame 0
#0 0x402361c2 in nsAString::Cut (this=0x43600008, cutStart=0, cutLength=14)
at nsAString.cpp:461
461 size_type myLength = this->Length();
(gdb) p this
$1 = (nsAString *) 0x43600008
(gdb) p this->Length()
Cannot access memory at address 0x1c
Assignee: dbaron → scc
Status: UNCONFIRMED → NEW
Component: Style System → String
Ever confirmed: true
Keywords: crash
OS: Windows 2000 → All
QA Contact: ian → jaggernaut
|
|
||
Comment 3•23 years ago
|
||
|
Assignee | |
Comment 4•23 years ago
|
||
This is not a string bug. It's someone else passing in a corrupt string,
perhaps due to a corrupt style context obtained from a deleted frame (and thus
could be a duplicate of bug 105619.
|
|
Assignee | |
Comment 5•23 years ago
|
||
.
Assignee: scc → dbaron
Component: String → Style System
QA Contact: jaggernaut → ian
|
||
Comment 6•23 years ago
|
||
confirming.
clicking any link at <http://www.ontariosciencecentre.ca/foobar/navigation/>
results in immediate crash. all Moz windows die, Dr.Watson, TalkBack.
Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.6+) Gecko/20011211
TB491673E
TB491455H
This looks like Bug 105619, but this build doesn't crash for me at www.iht.com.
|
|
Assignee | |
Comment 7•23 years ago
|
||
This seems to be due to a valid style context, with the inherit font bit set,
having a pointer to a corrupt nsStyleFont in its mInheritedData. The parent
does not have the inherit font bit set and has a null mFontData. (Both parent
and child point to the same visibility data, text data, and UI data. The child
has the following bits set: font, color, text, visibility, UI. The parent also
has a null mColorData and the child's color data looks trashed (alpha is
non-zero, non-0xFF), although it's hard to tell.
|
|
Assignee | |
Comment 8•23 years ago
|
||
The child style context points to the root rule node. The parent style context
points to a rule node with a rule that is a CSSStyleRuleImpl.
|
|
Assignee | |
Comment 9•23 years ago
|
||
This still sounds really similar to bug 105619.
|
|
Assignee | |
Comment 10•23 years ago
|
||
This page is now 404. I'm guessing this would have been fixed by bug 105619
anyway. I don't crash when browsing around http://www.ontariosciencecentre.ca/ .
*** This bug has been marked as a duplicate of 105619 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•