Closed
Bug 117736
Opened 23 years ago
Closed 23 years ago
[PATCH] Trunk M098 Crash while loading the above url [@ nsTextFrame::MeasureText]
Categories
(Core :: Layout, defect, P1)
Tracking
()
VERIFIED
FIXED
mozilla0.9.9
People
(Reporter: pmac, Assigned: attinasi_layout)
References
()
Details
(Keywords: crash, topcrash)
Crash Data
Attachments
(1 file)
1.47 KB,
patch
|
shaver
:
review+
shaver
:
superreview+
attinasi
:
approval+
|
Details | Diff | Splinter Review |
Seen on windows 98 with jre 1.3.1 (2002-01-01-10-trunk). Works fine on linux
redhat 6.2 with jre 1.3.1 (2001-01-01-21-trunk).
1. Launch netscape.
2. Type this url: http://www.silvercreekonline.com
3. Click on "Click here for Virtual Tour 38".
Notice that it quits the browser about 3 out of 6 times.
Comment 1•23 years ago
|
||
Did you use a talkback-enabled build? Can you post the talkback id here?
Thanks
Severity: normal → critical
Keywords: crash
Summary: The browser quits while loading the above url → Crash while loading the above url
Incident ID 1146267
Stack Trace
nsTextFrame::MeasureText
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 4454]
nsTextFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp, line 5172]
nsLineLayout::ReflowFrame
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsLineLayout.cpp, line 1087]
nsBlockFrame::ReflowInlineFrame
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp, line 3766]
nsBlockFrame::DoReflowInlineFrames
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp, line 3647]
nsBlockFrame::DoReflowInlineFramesAuto
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp, line 3572]
nsBlockFrame::ReflowInlineFrames
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp, line 3517]
nsBlockFrame::ReflowLine
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp, line 2589]
nsBlockFrame::ReflowDirtyLines
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp, line 2179]
nsBlockFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp, line 846]
nsContainerFrame::ReflowChild
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 766]
CanvasFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsHTMLFrame.cpp, line 567]
nsBoxToBlockAdaptor::Reflow
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBoxToBlockAdaptor.cpp, line 843]
nsBoxToBlockAdaptor::DoLayout
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBoxToBlockAdaptor.cpp, line 606]
nsBox::Layout [d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBox.cpp, line 1051]
nsScrollBoxFrame::DoLayout
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsScrollBoxFrame.cpp, line 396]
nsBox::Layout [d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBox.cpp, line 1051]
nsContainerBox::LayoutChildAt
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsContainerBox.cpp, line 654]
nsGfxScrollFrameInner::LayoutBox
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 1059]
nsGfxScrollFrameInner::Layout
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 1170]
nsGfxScrollFrame::DoLayout
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 1067]
nsBox::Layout [d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBox.cpp, line 1051]
nsBoxFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp, line 953]
nsGfxScrollFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 776]
nsContainerFrame::ReflowChild
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 766]
ViewportFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsViewportFrame.cpp, line 574]
PresShell::InitialReflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 2717]
HTMLContentSink::StartLayout
[d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp,
line 3921]
HTMLContentSink::DidBuildModel
[d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp,
line 2757]
CNavDTD::DidBuildModel [d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp,
line 674]
nsParser::DidBuildModel
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 1388]
nsParser::Terminate [d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp,
line 1470]
nsHTMLDocument::StopDocumentLoad
[d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLDocument.cpp, line 956]
DocumentViewerImpl::Stop
[d:\builds\seamonkey\mozilla\content\base\src\nsDocumentViewer.cpp, line 1408]
nsDocShell::Stop [d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line
2313]
nsDocShell::Stop [d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line
2334]
nsDocShell::Destroy [d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp,
line 2470]
nsWebShell::Destroy [d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp,
line 1452]
nsHTMLFrameInnerFrame::~nsHTMLFrameInnerFrame
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsFrameFrame.cpp, line 668]
nsHTMLFrameInnerFrame::`scalar deleting destructor'
nsFrame::Destroy [d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrame.cpp,
line 472]
nsFrameList::DestroyFrames
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp, line 131]
nsContainerFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 140]
nsFrameList::DestroyFrames
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp, line 131]
nsContainerFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 140]
nsFrameList::DestroyFrames
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp, line 131]
nsContainerFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 140]
nsLineBox::DeleteLineList
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsLineBox.cpp, line 292]
nsBlockFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp, line 330]
nsFrameList::DestroyFrames
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp, line 131]
nsContainerFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 140]
nsFrameList::DestroyFrames
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp, line 131]
nsContainerFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 140]
nsBoxFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp, line 1181]
nsFrameList::DestroyFrames
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp, line 131]
nsContainerFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 140]
ViewportFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsViewportFrame.cpp, line 157]
FrameManager::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrameManager.cpp, line 509]
PresShell::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 1730]
DocumentViewerImpl::Destroy
[d:\builds\seamonkey\mozilla\content\base\src\nsDocumentViewer.cpp, line 1392]
DocumentViewerImpl::Show
[d:\builds\seamonkey\mozilla\content\base\src\nsDocumentViewer.cpp, line 1614]
PresShell::UnsuppressAndInvalidate
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 4802]
PresShell::UnsuppressPainting
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 4846]
PresShell::sPaintSuppressionCallback
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 2797]
I just tried again on windows 98 using (2002-02-03-06-trunk), "Click here for
Virtual Tour 38" while loading the applet, the browser was automatically quitted.
This one is a tropcrasher for M097 and the Trunk. I have reproduced it on
Win2000 by going to :
(874561) URL: http://www.cavedog.com/boneyards/by_totala/download.html
Wait a moment and the browser crashes without loading the page.
Updating summary and keywords for talkback tracking.
Keywords: topcrash
Summary: Crash while loading the above url → Trunk M097 Crash while loading the above url [@ nsTextFrame::MeasureText]
Stack trace is pointing to the problem of laying down a document that is being
torn down. I thought attinasi nailed this a while ago?
Clicking on the link in comment #4 (above) crashes the Trunk 2002010906 build.
Can we get a testcase or a fix out of this? :-]
Comment 7•23 years ago
|
||
From the stack, this looks like a layout bug.
--->layout
Assignee: joe.chou → attinasi
Component: OJI → Layout
QA Contact: pmac → petersen
Comment 8•23 years ago
|
||
Hmm. This is not crashing for me on a 1/4 build. I am on Win 2000.
Patty, can you try with NO java installed? I'm thinking it might be a java bug
since the page (tour #38) has a java app (http://tours.ipixmedia.com/A8CPNNVC.htm)
Sorry, I cannot repro it :(
It crashes on me after creating tons on webshells...
[...]
WEBSHELL+ = 3808
WEBSHELL+ = 3809
WEBSHELL+ = 3810
WEBSHELL+ = 3811
WEBSHELL+ = 3812
WEBSHELL+ = 3813
WEBSHELL+ = 3814
WEBSHELL+ = 3815
WEBSHELL+ = 3816
WEBSHELL+ = 3817
WEBSHELL+ = 3818
WEBSHELL+ = 3819
Comment 10•23 years ago
|
||
Here's some more Talkback data from Mozilla 0.9.7 crashes:
nsTextFrame::MeasureText 69
117736 NEW attinasi@netscape.com --- Fri 23:51
BBID range: 1292559 - 1755516
Min/Max Seconds since last crash: 11 - 497012
Min/Max Runtime: 864 - 824480
Crash data range: 2002-01-06 to 2002-01-16
Build ID range: 2001122109 to 2001122109
Keyword List : load(6),
Stack Trace:
nsTextFrame::MeasureText
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp line 4447]
nsTextFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsTextFrame.cpp line 5160]
nsLineLayout::ReflowFrame
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsLineLayout.cpp line 1087]
nsBlockFrame::ReflowInlineFrame
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp line 3688]
nsBlockFrame::DoReflowInlineFrames
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp line 3569]
nsBlockFrame::DoReflowInlineFramesAuto
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp line 3494]
nsBlockFrame::ReflowInlineFrames
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp line 3439]
nsBlockFrame::ReflowLine
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp line 2507]
nsBlockFrame::ReflowDirtyLines
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp line 2159]
nsBlockFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp line 826]
nsContainerFrame::ReflowChild
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp line 766]
CanvasFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsHTMLFrame.cpp line 570]
nsBoxToBlockAdaptor::Reflow
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBoxToBlockAdaptor.cpp line 843]
nsBoxToBlockAdaptor::DoLayout
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBoxToBlockAdaptor.cpp line 606]
nsBox::Layout
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBox.cpp line 1004]
nsScrollBoxFrame::DoLayout
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsScrollBoxFrame.cpp line 397]
nsBox::Layout
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBox.cpp line 1004]
nsBoxFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp line 954]
nsContainerFrame::ReflowChild
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp line 766]
ViewportFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsViewportFrame.cpp line 576]
PresShell::InitialReflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 2680]
HTMLContentSink::StartLayout
[d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp
line 3984]
HTMLContentSink::DidBuildModel
[d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLContentSink.cpp
line 2820]
CNavDTD::DidBuildModel
[d:\builds\seamonkey\mozilla\htmlparser\src\CNavDTD.cpp line 673]
nsParser::DidBuildModel
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp line 1388]
nsParser::Terminate
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp line 1470]
nsHTMLDocument::StopDocumentLoad
[d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLDocument.cpp line 877]
DocumentViewerImpl::Stop
[d:\builds\seamonkey\mozilla\content\base\src\nsDocumentViewer.cpp line 1351]
nsDocShell::Stop
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp line 2302]
nsDocShell::Stop
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp line 2323]
nsDocShell::Destroy
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp line 2459]
nsWebShell::Destroy
[d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp line 1462]
nsHTMLFrameInnerFrame::~nsHTMLFrameInnerFrame
[d:\builds\seamonkey\mozilla\layout\html\document\src\nsFrameFrame.cpp line 703]
nsHTMLFrameInnerFrame::`scalar deleting destructor'
nsFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrame.cpp line 472]
nsFrameList::DestroyFrames
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp line 131]
nsContainerFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp line 140]
nsFrameList::DestroyFrames
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp line 131]
nsContainerFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp line 140]
nsLineBox::DeleteLineList
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsLineBox.cpp line 292]
nsBlockFrame::Destroy
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsBlockFrame.cpp line 329]
nsFrameList::DestroyFrame
[d:\builds\seamonkey\mozilla\layout\base\src\nsFrameList.cpp line 217]
CanvasFrame::RemoveFrame
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsHTMLFrame.cpp line 370]
FrameManager::RemoveFrame
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrameManager.cpp line 946]
nsCSSFrameConstructor::ReconstructDocElementHierarchy
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 7275]
StyleSetImpl::ReconstructDocElementHierarchy
[d:\builds\seamonkey\mozilla\content\base\src\nsStyleSet.cpp line 1407]
PresShell::ReconstructFrames
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 5217]
PresShell::StyleSheetAdded
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 5234]
nsDocument::InsertStyleSheetAt
[d:\builds\seamonkey\mozilla\content\base\src\nsDocument.cpp line 1399]
CSSLoaderImpl::InsertSheetInDoc
[d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 1197]
CSSLoaderImpl::SheetComplete
[d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 900]
CSSLoaderImpl::ParseSheet
[d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 955]
CSSLoaderImpl::DidLoadStyle
[d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 991]
SheetLoadData::OnStreamComplete
[d:\builds\seamonkey\mozilla\content\html\style\src\nsCSSLoader.cpp line 751]
nsStreamLoader::OnStopRequest
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamLoader.cpp line 137]
nsStreamListenerTee::OnStopRequest
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamListenerTee.cpp line 25]
nsHttpChannel::OnStopRequest
[d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHttpChannel.cpp line 2386]
nsOnStopRequestEvent::HandleEvent
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsRequestObserverProxy.cpp line 213]
PL_HandleEvent
[d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 591]
PL_ProcessPendingEvents
[d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 524]
_md_EventReceiverProc
[d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 1072]
KERNEL32.DLL + 0x248f7 (0xbff848f7)
0x00688c02
0x00058f64
Source File :
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/layout/html/base/src/nsTextFrame.cpp
line : 4447
(1755516) URL: http://www.landsend.com/cd/fp/prod/0
(1755516) Comments: Clicked on "try it on"
(1749307) URL: www.FreeTradeZone.com
(1749307) Comments: clicking the "close tab" X while the page was loading.
(1746507) URL: slashdot.org
(1746507) Comments: lots of dropdown boxes seems to make mozilla go boom!
(1740403) URL: http://www.nwmusicmedia.com/frames.html?=body_band_pdxs_listing.html
(1740403) Comments: heading of page started loading repeatedly... crashed mozilla
(1719464) Comments: I had at least 20 browser windows open and I was switching between
them.
(1674272) URL: http://www.holly-shop.de
(1672710) URL: http://www.gnupg.org/frontends.html
(1672710) Comments: Clicked "GnomePGP". A new tab opened I realised that I've clicked
the wrong link closed the tab before anything was visible on it ==> crash.
(1643032) URL: www.atu.de
(1643032) Comments: while starting mozilla (connecting to 2 imap accounts one pop)
and loading my ebay.de i accessed http://www.atu.de and clicked the "splash"
picture to continue to main site. i'm not sure if any of the other action were
still in progress
(1628942) URL: www.gmx.net
(1570151) URL: http://www.murlock.org/mom/
(1566426) Comments: setting monospaced font size in preferences
(1522093) URL: http://www.mein-schlemmerfreund.de/index.php
(1516790) URL: http://top.addfreestats.com/cgi-bin/main.cgi?usr=00082153P001
(1516790) Comments: Clicking the link provided in the specified URL. When the page
got loaded Mozilla crashed.
(1513760) URL: http://images.google.com/
(1513760) Comments: I was searching for 'dak amputee' in Image Search with the family
filter turned off. I opened the one-legged naked woman in a new tab then closed
the tab and BOOM in gklayout.(I am d_yerrick@hotmail.com on mozilla. If any Bug
comes of this please
(1513760) Comments: CC me.)
(1513100) URL: postag.de
(1513022) URL: postag.de
(1511560) Comments: it's been making my whole display go funky...overwriting random
parts of the screen and stuff
(1480626) URL: astalavista.box
(1455660) URL: http://commcenter.net2phone.com/GLPPublish.asp?idpage=startdl
(1444178) Comments: nothing out of the ordinary
(1394363) URL: http://www.buffyguide.com
(1394363) Comments: Just tried to load the page. Poof!
(1360389) URL: www.gameoftheyear.com
(1297015) Comments: being redirected to a web-based help file from the PalmOS IDE
PilotMAG help menu
(1294042) Comments: searching for subject at google
(1292559) URL: www.latticesemi.com/products/ispPAL/index.cfm
(1292559) Comments: a page didn't not load fully and I hit refresh and the error happened.
It's happening with all flavors of Windows...
Comment 11•23 years ago
|
||
Using 2002012203 build on WINXP I crashed loading
http://www.cavedog.com/boneyards/by_totala/download.html
I did not crash loading http://www.silvercreekonline.com
Target Milestone: --- → mozilla0.9.9
Comment 12•23 years ago
|
||
*** Bug 121554 has been marked as a duplicate of this bug. ***
Comment 13•23 years ago
|
||
*** Bug 121533 has been marked as a duplicate of this bug. ***
Comment 14•23 years ago
|
||
Adding testcase keyword, since people have been able to reproduce this crash at:
http://www.cavedog.com/boneyards/by_totala/download.html
Keywords: testcase
Comment 15•23 years ago
|
||
M098 still crashes NT4 at http://www.cavedog.com/boneyards/by_totala/download.html
without loading the page.
Summary: Trunk M097 Crash while loading the above url [@ nsTextFrame::MeasureText] → Trunk M098 Crash while loading the above url [@ nsTextFrame::MeasureText]
Updated•23 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P1
Comment 17•23 years ago
|
||
Is it me or is http://www.cavedog.com/boneyards/by_totala/download.html totally
bogus on IE and Nav 4.x as well? I loaded it in Mozilla and is just eats a
bunch of memory, but looking at it I can see why I think - it is a recursive
frameset. Maybe there is a bug on that - I think we have to prevent nested
framesets to avoid crashing here.
I am not crashing on the http://www.silvercreekonline.com site at all, and
getting various levels of success and failure in the other URL's in the
talkbacks. I'll keep trying to get this stack but so far I have not gotten it
even once. (I am seeing some GIF decoder assertions on some URL's however, and
will let Pavlov know.)
Comment 18•23 years ago
|
||
In the case of the recursive frameset, we are simply running out of font
resources. We get some error / assert messages from RealizeFont:
NTDLL! 77fa018c()
nsDebug::Assertion(const char * 0x025fa3d4, const char * 0x005845c4, const char
* 0x025fa3a4, int 2416) line 291 + 13 bytes
nsDebug::Error(const char * 0x025fa3d4, const char * 0x025fa3a4, int 2416) line
458 + 22 bytes
nsFontMetricsWin::FindSubstituteFont(HDC__ * 0xdc01075b, unsigned int 97) line
2416 + 21 bytes
nsFontMetricsWin::FindFont(HDC__ * 0xdc01075b, unsigned int 97) line 3111 + 22 bytes
nsFontMetricsWin::RealizeFont() line 3221 + 20 bytes
nsFontMetricsWin::Init(nsFontMetricsWin * const 0x14d3a648, const nsFont &
{...}, nsIAtom * 0x02034568, nsIDeviceContext * 0x14cf6388) line 484
nsFontCache::GetMetricsFor(nsFontCache * const 0x14d3a5f0, const nsFont & {...},
nsIAtom * 0x02034568, nsIFontMetrics * & 0x00000000) line 670 + 27 bytes
DeviceContextImpl::GetMetricsFor(DeviceContextImpl * const 0x14cf6388, const
nsFont & {...}, nsIAtom * 0x02034568, nsIFontMetrics * & 0x00000000) line 303
ComputeLineHeight(nsIRenderingContext * 0x14d395f0, nsIStyleContext *
0x14ce7cfc) line 2179 + 63 bytes
nsHTMLReflowState::CalcLineHeight(nsIPresContext * 0x14cf65b8,
nsIRenderingContext * 0x14d395f0, nsIFrame * 0x14ce7d8c) line 2219 + 18 bytes
nsBlockReflowState::nsBlockReflowState(const nsHTMLReflowState & {...},
nsIPresContext * 0x14cf65b8, nsBlockFrame * 0x14ce7d8c, const
nsHTMLReflowMetrics & {...}, int 4194304) line 174 + 26 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x14ce7d8c, nsIPresContext *
0x14cf65b8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0) line 735
nsContainerFrame::ReflowChild(nsIFrame * 0x14ce7d8c, nsIPresContext *
0x14cf65b8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0,
int 0, unsigned int 0, unsigned int & 0) line 761 + 31 bytes
CanvasFrame::Reflow(CanvasFrame * const 0x14ce776c, nsIPresContext * 0x14cf65b8,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 561
nsBoxToBlockAdaptor::Reflow(nsBoxLayoutState & {...}, nsIPresContext *
0x14cf65b8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0, int 0, int 0, int 0, int 0, int 1) line 836
nsBoxToBlockAdaptor::DoLayout(nsBoxToBlockAdaptor * const 0x14ce7ba4,
nsBoxLayoutState & {...}) line 620 + 46 bytes
nsBox::Layout(nsBox * const 0x14ce7ba4, nsBoxLayoutState & {...}) line 1052
nsScrollBoxFrame::DoLayout(nsScrollBoxFrame * const 0x14ce78ac, nsBoxLayoutState
& {...}) line 395
nsBox::Layout(nsBox * const 0x14ce78ac, nsBoxLayoutState & {...}) line 1052
nsBoxFrame::Reflow(nsBoxFrame * const 0x14ce7874, nsIPresContext * 0x14cf65b8,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 991
nsContainerFrame::ReflowChild(nsIFrame * 0x14ce7874, nsIPresContext *
0x14cf65b8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0,
int 0, unsigned int 0, unsigned int & 0) line 761 + 31 bytes
ViewportFrame::Reflow(ViewportFrame * const 0x14ce7730, nsIPresContext *
0x14cf65b8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0) line 574
PresShell::InitialReflow(PresShell * const 0x14cf1920, int 0, int 0) line 2674
but then we plunder on and end up assuming that the mNormalFont in the TextStyle
struct is valid and crash with the stack already posted to the bug. I am
wallpapering the crash for now, and investigating the complexity of handling the
failure at the source (RBS - help!)
Comment 19•23 years ago
|
||
Looking like a problem with system exhaustion of font resources. The cavedog
page causes it because it is recursively loading the frames and the system is
bound to get exhausted at some time. The other sites listed in the talkbacks
are probably just the victims of general font leakage (a guess, but I cannot get
any other site to crash with this stack).
Assignee: attinasi → attinasi_layout
Status: ASSIGNED → NEW
Comment 20•23 years ago
|
||
Check out this patch - it just stops the crash byt checking for a null normal
font instead of assuming it is non-null. I defer to RBS on why the fallback is
failing in the font resolution, I am just not as intimate with that code as he
is.
Updated•23 years ago
|
Status: NEW → ASSIGNED
Summary: Trunk M098 Crash while loading the above url [@ nsTextFrame::MeasureText] → [PATCH] Trunk M098 Crash while loading the above url [@ nsTextFrame::MeasureText]
Comment 21•23 years ago
|
||
[...]
nsFontMetricsWin::Init(nsFontMetricsWin * const 0x14d3a648, const nsFont &
{...}, nsIAtom * 0x02034568, nsIDeviceContext * 0x14cf6388) line 484
nsFontCache::GetMetricsFor(nsFontCache * const 0x14d3a5f0, const nsFont & {...},
[...]
There are extreme circumstances where the font substitute fallback can fail
since there are fixed limits on the number of resources that GDI allows. But we
do have another last minute desperate fallback where we return any available
cached font rather than returning no font all (bug 109974).
http://lxr.mozilla.org/seamonkey/source/gfx/src/nsDeviceContext.cpp#639
That's why I am generally dubious about the usefullness of just wall papering
null fonts that come out -- although it has been observed that, due to bigger
architectural issues, these can happen in transient cases where the world is
being torn down without stopping layout first -- causing GFX to rely on dead
objects, or in recursive situations like this frameset that you alluded to. And
null checks have sometimes proved to have a positive palliative effect in such
cases.
Do you get the page to layout properly with the null checks?
Comment 22•23 years ago
|
||
The page has recursive framesets, so no, it never lays out properly as it never
stops loading, at least not in the 10 minutes I gave it. I could never get the
crash on any other page either.
Regarding the extreme fallback, where we get any font in the font cache: what I
am seeing is that the fontCache has NO fonts in it (mFontMetrics.Count() == 0),
so that code is failing too.
Comment 23•23 years ago
|
||
RBS: is the font cache per webshell? In the case where we cannot get a font at
all, and the font cache is empty, can we grab fonts from other webshells' font
caches? Even better, cna the font caches be shared across webshells? If I
understand this correctly, we are guaranteed to run out of font resources if
there are enough webshells, as the recursive frameset shows.
Comment 24•23 years ago
|
||
That's right. I was thinking of doing a little patch just to print out the grand
total number of fonts (but the smoketest blocker has spoiled all that). The zero
that you saw is a local zero -- in that particular font-cache.
In principle yes, it is possible to increase the sharing. There are some
bugzilla bugs about that (e.g., bug 91956). They need some thinking to decide
who should own what and the associated impact, e.g., the effect of the
underlying DC (i.e., likely something for the Future).
Comment 25•23 years ago
|
||
So, can we get this wallpaper reviewed, and then deal with the improved sharing
of fonts across webshells later?
Comment 26•23 years ago
|
||
r=rbs
Comment 27•23 years ago
|
||
Comment on attachment 68592 [details] [diff] [review]
wallpaper to prevent the crash when a font cannot be realized
sr=shaver, and recording rbs's r= via the patch manager (tsk, tsk!).
So, uh, when's "later" for solving this properly?
Attachment #68592 -
Flags: superreview+
Attachment #68592 -
Flags: review+
Comment 28•23 years ago
|
||
Thanks Mike.
Judging from bug 91956, when is not known (no milestone set) the real fix will
be devised.
Opening a 'perf' bug for sharing the font cache across webshells may be a good
way to go - bug 91956 covers the execution costs, the new one could cover the
memory benefits. But, they are really the same issue, so I'll hold off on
opening it.
Comment 30•23 years ago
|
||
Comment on attachment 68592 [details] [diff] [review]
wallpaper to prevent the crash when a font cannot be realized
a=asa (migrating from comment)
Attachment #68592 -
Flags: approval+
Comment 31•23 years ago
|
||
Fix in:
/cvsroot/mozilla/layout/html/base/src/nsTextFrame.cpp,v <-- nsTextFrame.cpp
new revision: 1.358; previous revision: 1.357
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 32•23 years ago
|
||
re: "later"
It occurred to me that perhaps there could be an "ultimate fallback font" that
is a single, sharable/static dummy font that does nothing, e.g, has a null DC --
i.e., depends on no device context, returns 0 for GetWitdh, draws nothing, etc.
This way, people may not have to test for a null font everywhere. (It would be a
nightmare if the entire application has to be wallpapered against null fonts).
Comment 33•23 years ago
|
||
Under Windows, isn't the System font something like this- I believe it can
render almost any low-memory situation.
Comment 34•23 years ago
|
||
verified fixed. talkback shows this last crashed with builds from 2/25.
Status: RESOLVED → VERIFIED
Comment 35•23 years ago
|
||
*** Bug 129486 has been marked as a duplicate of this bug. ***
Comment 36•23 years ago
|
||
*** Bug 121444 has been marked as a duplicate of this bug. ***
Comment 37•23 years ago
|
||
Updating summary for future reference with nsInlineFrame::ReflowFrames |
nsInlineFrame::ReflowInlineFrame, the stack signatures from duped bug 121444.
Summary: [PATCH] Trunk M098 Crash while loading the above url [@ nsTextFrame::MeasureText] → [PATCH] Trunk M098 Crash while loading the above url [@ nsTextFrame::MeasureText | nsInlineFrame::ReflowFrames | nsInlineFrame::ReflowInlineFrame]
Comment 38•23 years ago
|
||
The font leakage crashes at nsTextFrame::MeasureText have gone away (per
Talkback data) following the fix on 2-25. However, the crashes resulting from
recursive framesets continue in M099 and the Trunk.
Reopening the bug for that issue: bug 121444. (Removing signatures
nsInlineFrame::ReflowFrames & nsInlineFrame::ReflowInlineFrame from the
summary.)
Summary: [PATCH] Trunk M098 Crash while loading the above url [@ nsTextFrame::MeasureText | nsInlineFrame::ReflowFrames | nsInlineFrame::ReflowInlineFrame] → [PATCH] Trunk M098 Crash while loading the above url [@ nsTextFrame::MeasureText]
Updated•14 years ago
|
Crash Signature: [@ nsTextFrame::MeasureText]
You need to log in
before you can comment on or make changes to this bug.
Description
•