Closed
Bug 1199131
Opened 7 years ago
Closed 7 years ago
Crash when click on a SELECT wich has at least 1 OPTION with background-attachment:fixed and a background
Categories
(Core :: Layout, defect)
Tracking
()
People
(Reporter: yves, Assigned: tnikkel)
References
Details
(4 keywords)
Crash Data
Attachments
(3 files)
|
313 bytes,
text/html
|
Details | |
|
10.75 KB,
patch
|
mstange
:
review+
lizzard
:
approval-mozilla-aurora+
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
|
10.71 KB,
patch
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:40.0) Gecko/20100101 Firefox/40.0 Build ID: 20150812163655 Steps to reproduce: Clicked (on our intranet) on a SELECT who had 2 OPTION with background-attachment:fixed and a background. Never happened before the bug probably came with firefox 40. It crashed on Windows 7 Windows Xp Kunbuntu 14.4 It works on Yosemite 10.10.4 Small crash sample attached. Actual results: Firefox crashes Expected results: The select opens and I can choose an option (and the background image is displayed)
Confirmed! (not sure about Component) Win7_64bit, Nightly 43.0a1 32bit ID 20150826030211 Funny thing: in e10s mode it doesn't even crash the tab
Severity: normal → critical
Status: UNCONFIRMED → NEW
status-firefox40:
--- → affected
status-firefox41:
--- → affected
status-firefox42:
--- → affected
status-firefox43:
--- → affected
status-firefox-esr38:
--- → unaffected
Component: Untriaged → CSS Parsing and Computation
Ever confirmed: true
Keywords: regression,
regressionwindow-wanted
Product: Firefox → Core
(In reply to Yves Mich from comment #0) > It works on > Yosemite 10.10.4 Oops i didn't check FF version it was Firefox 39.0.
|
||
Comment 3•7 years ago
|
||
bp-8e8b598d-3665-4af6-bef4-5c6192150827
Crash Signature: [@ mozilla::PaintedLayerDataTree::IsClippedWithRespectToParentAnimatedGeometryRoot(nsIFrame const*, mozilla::gfx::IntRectTyped<T>*)]
|
|
||
Comment 4•7 years ago
|
||
Pushlog: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=4d6d69f0f499&tochange=d0fc7202b4cb Regressed by:Bug 1148855
|
|
||
Comment 5•7 years ago
|
||
[Tracking Requested - why for this release]:
tracking-firefox40:
--- → ?
tracking-firefox41:
--- → ?
tracking-firefox42:
--- → ?
tracking-firefox43:
--- → ?
Tracking since this is a regression. Too late for 40 though.
Firefox 40.0.3 on OSX 10.9.5 is unaffected. (no crash and the background is displayed)
(In reply to arni2033 from comment #1) > Confirmed! (not sure about Component) Win7_64bit, Nightly 43.0a1 32bit ID 20150826030211 With HWA off everything works fine (I just checked).
It is getting too late to fix this in FF41 given that we don't have a patch ready. Let's try to get this fixed in 42. Also it works fine with hardware acceleration turned off, which is good and therefore not blocking 41 release.
|
||
Comment 10•7 years ago
|
||
Also, it works fine with HWA on and OMTC off (layers.offmainthreadcomposition.enabled -> false).
|
||
Comment 11•7 years ago
|
||
Oh no! This bug completely slipped past me. Sorry!
Assignee: nobody → mstange
Status: NEW → ASSIGNED
Flags: needinfo?(mstange)
|
||
Comment 12•7 years ago
|
||
Markus, any news on this bug? We shipped 2 release with this crash but there is still time to fix it in 42 (gtb of beta 6 next monday)
Flags: needinfo?(mstange)
|
||
Updated•7 years ago
|
Crash Signature: [@ mozilla::PaintedLayerDataTree::IsClippedWithRespectToParentAnimatedGeometryRoot(nsIFrame const*, mozilla::gfx::IntRectTyped<T>*)] → [@ mozilla::PaintedLayerDataTree::IsClippedWithRespectToParentAnimatedGeometryRoot(nsIFrame const*, mozilla::gfx::IntRectTyped<T>*)]
[@ mozilla::PaintedLayerDataTree::IsClippedWithRespectToParentAnimatedGeometryRoot]
|
|
||
Comment 13•7 years ago
|
||
Bug 1156238 will probably fix this. I don't know whether it will be ready for 42.
Flags: needinfo?(mstange)
|
|
||
Comment 14•7 years ago
|
||
OK, too late for 42 then.
|
Assignee | |
Comment 15•7 years ago
|
||
The patches for bug 1156238 got fairly involved with multiple rounds of try server failures and debugging. So I think it might be a good idea to go with a more limited patch for uplift in case I missed anything. This is basically my first patch for bug 1156238 but the should fix to viewport stuff is done much better.
Assignee: mstange → tnikkel
Attachment #8682437 -
Flags: review?(mstange)
|
|
||
Updated•7 years ago
|
Attachment #8682437 -
Flags: review?(mstange) → review+
|
|
Assignee | |
Comment 16•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=55ae82906e1d
|
|
Assignee | |
Comment 17•7 years ago
|
||
Comment on attachment 8682437 [details] [diff] [review] patch for uplift Note that this patch did not, and will not land on m-c as it is a modified version of the patches for bug 1156238 (which did land on m-c) for uplift to be less invasive. Approval Request Comment [Feature/regressing bug #]: bug 1148855 [User impact if declined]: crash if a select dropdown uses a background-attachment: fixed background [Describe test coverage new/current, TreeHerder]: reftests generally cover any mistakes that would be made in changing this code [Risks and why]: this is a less invasive and less risky version of the patches for bug 1156238 [String/UUID change made/needed]: none
Attachment #8682437 -
Flags: approval-mozilla-beta?
Attachment #8682437 -
Flags: approval-mozilla-aurora?
status-firefox44:
--- → affected
Comment on attachment 8682437 [details] [diff] [review] patch for uplift Crash fix, more conservative approach sounds good for uplift. Approved for aurora and beta. If we see obvious regressions let's back this out please.
Attachment #8682437 -
Flags: approval-mozilla-beta?
Attachment #8682437 -
Flags: approval-mozilla-beta+
Attachment #8682437 -
Flags: approval-mozilla-aurora?
Attachment #8682437 -
Flags: approval-mozilla-aurora+
|
||
Comment 20•7 years ago
|
||
this cause problems for uplift on beta : grafting 313487:4c724629d939 "Bug 1199131 - Crash when click on a SELECT wich has at least 1 OPTION with background-attachment:fixed and a background. r=mstange, a=lizzard" (aurora tip) merging layout/base/FrameLayerBuilder.cpp warning: conflicts during merge. merging layout/base/FrameLayerBuilder.cpp incomplete! (edit conflicts, then use 'hg resolve --mark') could you take a look, thanks!
Flags: needinfo?(tnikkel)
|
|
Assignee | |
Comment 21•7 years ago
|
||
A few lines had changed nearby, but they have no effect on this patch. Here is a patch that applies to beta.
Flags: needinfo?(tnikkel) → needinfo?(cbook)
|
|
||
Comment 22•7 years ago
|
||
(In reply to Timothy Nikkel (:tn) from comment #21) > Created attachment 8684860 [details] [diff] [review] > patch for beta > > A few lines had changed nearby, but they have no effect on this patch. Here > is a patch that applies to beta. thanks, landed in beta as https://hg.mozilla.org/releases/mozilla-beta/rev/c6d927b2b229
Flags: needinfo?(cbook)
|
|
||
Comment 23•7 years ago
|
||
| bugherderuplift | ||
https://hg.mozilla.org/releases/mozilla-b2g44_v2_5/rev/4c724629d939
status-b2g-v2.5:
--- → fixed
|
|
Assignee | |
Comment 24•7 years ago
|
||
This should be fixed everywhere (well central, beta, aurora) now.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•