mozilla hangs on certain mathml pages

RESOLVED FIXED in mozilla0.9.9

Status

()

Core
MathML
--
critical
RESOLVED FIXED
16 years ago
16 years ago

People

(Reporter: Dawn Endico, Assigned: rbs)

Tracking

({crash})

Trunk
mozilla0.9.9
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

16 years ago
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8+) Gecko/20020213

Mozilla hang for me when i follow several
of the links on this page
<http://pear.math.pitt.edu/Calculus/week3/3_1.mhtml>

in particular, these
http://pear.math.pitt.edu/Calculus/week3/3_1li9.xml#QQ1-10-9
http://pear.math.pitt.edu/Calculus/week3/3_1li10.xml#QQ1-11-10

I'm using today's nightly build on linux. I don't have
the mathml fonts installed. I was trying to find a good
example page that had lots of mathml but which look ok
for people without math fonts. I'd like to link from such
a page from the "what's new" section of the 0.9.9 
release notes.

I'm not able to get a trace yet.
(Assignee)

Comment 1

16 years ago
The crash site:

void nsTableFrame::InsertCol(nsIPresContext&  aPresContext,
                             nsTableColFrame& aColFrame,
                             PRInt32          aColIndex)
{
>>mColFrames.InsertElementAt(&aColFrame, aColIndex); <============ crash
  [...]
}

The debugger showed that the vptr of mColFrames is null (i.e., the whole thing 
is invalid). Tracing, I noted that the problem is originating from the fact that 
the table frame construction code wasn't considering <mtr> as a table-row, and 
was instead creating a foreign foreign frame for it. Looking up in the style 
context of that <mtr>, I noted indeed that it was been resolved as an inline 
frame rather than as a table-row frame... 

Paul, do you have CSS rules in your stylesheet that apply and/or override <mtr>?

Here is a stack trace from visiting:
http://pear.math.pitt.edu/Calculus/week3/3_1li10.xml#QQ1-11-10

nsVoidArray::InsertElementAt(void * 0x035286f8, int 0) line 408 + 10 bytes
nsTableFrame::InsertCol(nsIPresContext & {...}, nsTableColFrame & {...}, int 0) 
line 804
nsTableColGroupFrame::AddColsToTable(nsTableColGroupFrame * const 0x03528684, 
nsIPresContext & {...}, int 0, int 1, nsIFrame * 0x035286f8, nsIFrame * 
0x035286f8) line 131
nsTableFrame::CreateAnonymousColFrames(nsIPresContext & {...}, 
nsTableColGroupFrame & {...}, int 1, nsTableColType eColAnonymousCell, int 1, 
nsIFrame * 0x00000000, nsIFrame * * 0x0012e130) line 1076
nsTableFrame::CreateAnonymousColFrames(nsIPresContext & {...}, int 1, 
nsTableColType eColAnonymousCell, int 1, nsIFrame * 0x00000000) line 984
nsTableFrame::InsertRows(nsIPresContext & {...}, nsTableRowGroupFrame & {...}, 
nsVoidArray & {...}, int 0, int 1) line 1231
nsTableFrame::InsertRowGroups(nsIPresContext & {...}, nsIFrame * 0x0350b944, 
nsIFrame * 0x0350b944) line 1407
nsTableFrame::AppendRowGroups(nsIPresContext & {...}, nsIFrame * 0x0350b944) 
line 1304
nsTableFrame::SetInitialChildList(nsTableFrame * const 0x034e10e4, 
nsIPresContext * 0x041a6730, nsIAtom * 0x00000000 {???}, nsIFrame * 0x0350b944) 
line 482
nsCSSFrameConstructor::ConstructTableFrame(nsIPresShell * 0x041aec70, 
nsIPresContext * 0x041a6730, nsFrameConstructorState & {...}, nsIContent * 
0x04551f20, nsIFrame * 0x034e0d38, nsIStyleContext * 0x034e0e48, nsTableCreator 
& {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x034e0e7c, nsIFrame * & 
0x034e10e4, int & 0) line 2327
nsCSSFrameConstructor::ConstructMathMLFrame(nsIPresShell * 0x041aec70, 
nsIPresContext * 0x041a6730, nsFrameConstructorState & {...}, nsIContent * 
0x04551f20, nsIFrame * 0x034e0bac, nsIAtom * 0x02362ee0 {"mtable"}, int 9, 
nsIStyleContext * 0x034e00dc, nsFrameItems & {...}) line 6630 + 62 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x041aec70, 
nsIPresContext * 0x041a6730, nsFrameConstructorState & {...}, nsIContent * 
0x04551f20, nsIFrame * 0x034e0bac, nsIAtom * 0x02362ee0 {"mtable"}, int 9, 
nsIStyleContext * 0x034e00dc, nsFrameItems & {...}, int 0) line 7039 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x041aec70, nsIPresContext 
* 0x041a6730, nsFrameConstructorState & {...}, nsIContent * 0x04551f20, nsIFrame 
* 0x034e0bac, nsFrameItems & {...}) line 6916 + 56 bytes
nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x041aec70, nsIPresContext 
* 0x041a6730, nsFrameConstructorState & {...}, nsIContent * 0x04557b80, nsIFrame 
* 0x034e0bac, int 1, nsFrameItems & {...}, int 0, nsTableCreator * 0x00000000) 
line 11997 + 66 bytes
nsCSSFrameConstructor::ConstructMathMLFrame(nsIPresShell * 0x041aec70, 
nsIPresContext * 0x041a6730, nsFrameConstructorState & {...}, nsIContent * 
0x04557b80, nsIFrame * 0x034b106c, nsIAtom * 0x02361bc0 {"math"}, int 9, 
nsIStyleContext * 0x034e00a8, nsFrameItems & {...}) line 6696 + 41 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x041aec70, 
nsIPresContext * 0x041a6730, nsFrameConstructorState & {...}, nsIContent * 
0x04557b80, nsIFrame * 0x034b106c, nsIAtom * 0x02361bc0 {"math"}, int 9, 
nsIStyleContext * 0x034e00a8, nsFrameItems & {...}, int 0) line 7039 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x041aec70, nsIPresContext 
* 0x041a6730, nsFrameConstructorState & {...}, nsIContent * 0x04557b80, nsIFrame 
* 0x034b106c, nsFrameItems & {...}) line 6916 + 56 bytes
nsCSSFrameConstructor::ProcessBlockChildren(nsIPresShell * 0x041aec70, 
nsIPresContext * 0x041a6730, nsFrameConstructorState & {...}, nsIContent * 
0x041cf3b0, nsIFrame * 0x034b106c, int 1, nsFrameItems & {...}, int 1) line 
13277 + 57 bytes
nsCSSFrameConstructor::ConstructBlock(nsIPresShell * 0x041aec70, nsIPresContext 
* 0x041a6730, nsFrameConstructorState & {...}, const nsStyleDisplay * 
0x034b0fd0, nsIContent * 0x041cf3b0, nsIFrame * 0x034b0e04, nsIStyleContext * 
0x034b0f9c, nsIFrame * 0x034b106c) line 13225 + 36 bytes
nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x041aec70, 
nsIPresContext * 0x041a6730, nsFrameConstructorState & {...}, const 
nsStyleDisplay * 0x034b0fd0, nsIContent * 0x041cf3b0, nsIFrame * 0x034b0e04, 
nsIStyleContext * 0x034b0f9c, nsFrameItems & {...}) line 6212 + 43 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x041aec70, 
nsIPresContext * 0x041a6730, nsFrameConstructorState & {...}, nsIContent * 
0x041cf3b0, nsIFrame * 0x034b0e04, nsIAtom * 0x022d75c0 {"body"}, int 3, 
nsIStyleContext * 0x034b0f9c, nsFrameItems & {...}, int 0) line 7060 + 45 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x041aec70, nsIPresContext 
* 0x041a6730, nsFrameConstructorState & {...}, nsIContent * 0x041cf3b0, nsIFrame 
* 0x034b0e04, nsFrameItems & {...}) line 6916 + 56 bytes
nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x041aec70, nsIPresContext 
* 0x041a6730, nsFrameConstructorState & {...}, nsIContent * 0x041cf460, nsIFrame 
* 0x034b0e04, int 1, nsFrameItems & {...}, int 1, nsTableCreator * 0x00000000) 
line 11997 + 66 bytes
nsCSSFrameConstructor::ConstructDocElementFrame(nsIPresShell * 0x041aec70, 
nsIPresContext * 0x041a6730, nsFrameConstructorState & {...}, nsIContent * 
0x041cf460, nsIFrame * 0x0350b134, nsIStyleContext * 0x03397f44, nsIFrame * & 
0x034b0e04) line 3243
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x041ac0a0, 
nsIPresContext * 0x041a6730, nsIContent * 0x00000000, nsIContent * 0x041cf460, 
int 0, nsILayoutHistoryState * 0x00000000, int 0) line 8554
StyleSetImpl::ContentInserted(StyleSetImpl * const 0x041ac170, nsIPresContext * 
0x041a6730, nsIContent * 0x00000000, nsIContent * 0x041cf460, int 0) line 1446
PresShell::InitialReflow(PresShell * const 0x041aec70, int 12735, int 7605) line 
2631
nsXMLContentSink::StartLayout() line 963
nsXMLContentSink::DidBuildModel(nsXMLContentSink * const 0x0419a170, int 0) line 
396
nsExpatDriver::DidBuildModel(nsExpatDriver * const 0x041a9f20, unsigned int 0, 
int 1, nsIParser * 0x0419a2a0, nsIContentSink * 0x0419a170) line 842 + 23 bytes
nsParser::DidBuildModel(unsigned int 0) line 1385 + 41 bytes
nsParser::ResumeParse(int 1, int 1, int 1) line 1906
nsParser::ContinueParsing() line 1495 + 19 bytes
CSSLoaderImpl::Cleanup(URLKey & {...}, SheetLoadData * 0x041bf600) line 813
CSSLoaderImpl::SheetComplete(nsICSSStyleSheet * 0x00000000, SheetLoadData * 
0x041bf600) line 920
CSSLoaderImpl::ParseSheet(nsIUnicharInputStream * 0x041b9d60, SheetLoadData * 
0x041bf600, int & 1, nsICSSStyleSheet * & 0x041bbec0) line 955
CSSLoaderImpl::DidLoadStyle(nsIStreamLoader * 0x041bf470, nsString * 0x041be820 
{" 
/* start css.sty */
.cmr-8{font-size:66%;}
.cmr-6{font-size:50%;}
.cmmi-12{font-style: italic;}
.cmmi-8{font-size:66%;font-s"}, SheetLoadData * 
0x041bf600, unsigned int 0) line 990 + 27 bytes
SheetLoadData::OnStreamComplete(SheetLoadData * const 0x041bf600, 
nsIStreamLoader * 0x041bf470, nsISupports * 0x00000000, unsigned int 0, unsigned 
int 2303, const char * 0x03502658) line 747
nsStreamLoader::OnStopRequest(nsStreamLoader * const 0x041bf474, nsIRequest * 
0x041bf170, nsISupports * 0x00000000, unsigned int 0) line 163
nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x041ba640, 
nsIRequest * 0x041bf170, nsISupports * 0x00000000, unsigned int 0) line 25
nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x041bf174, nsIRequest * 
0x041be1e4, nsISupports * 0x00000000, unsigned int 0) line 2454
nsOnStopRequestEvent::HandleEvent() line 213
nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x041bc064) line 116
PL_HandleEvent(PLEvent * 0x041bc064) line 590 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x004a0aa0) line 520 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x00380916, unsigned int 49496, unsigned int 0, 
long 4852384) line 1071 + 9 bytes
USER32! 77e148dc()
USER32! 77e14aa7()
USER32! 77e266fd()
nsAppShellService::Run(nsAppShellService * const 0x004b5d40) line 308
main1(int 1, char * * 0x00444ea0, nsISupports * 0x00000000) line 1285 + 32 bytes
main(int 1, char * * 0x00444ea0) line 1625 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e992a6()
(Assignee)

Comment 2

16 years ago
Works for me locally when I replace
   <?xml-stylesheet type="text/css" href="../mathml.css">
with a more recent mathml.css.

(The document is using the old way before the DOCTYPE standardization.)
(Assignee)

Comment 3

16 years ago
Created attachment 69487 [details] [diff] [review]
patch to bullet-proof the code against this type of crash

...also fixed an incorrect calling sequence of SetInitialChildList() on the
frames that wrap the table code to emulate the inline mtable. (The calling
sequence has to be made in a bottom-up manner to honor the nsIFrame API.)
(Assignee)

Comment 4

16 years ago
r=karnaze? sr=attinasi?
Severity: normal → critical
Status: NEW → ASSIGNED
Keywords: crash
OS: Linux → All
Hardware: PC → All
Target Milestone: --- → mozilla0.9.9

Comment 5

16 years ago
Comment on attachment 69487 [details] [diff] [review]
patch to bullet-proof the code against this type of crash

r=karnaze. rbs, Viewer's regression testing capability had been broken for
about 2 months and was fixed this morning after realizing that (bug 125426).
Attachment #69487 - Flags: review+

Comment 6

16 years ago
Comment on attachment 69487 [details] [diff] [review]
patch to bullet-proof the code against this type of crash

sr=attinasi
Attachment #69487 - Flags: superreview+
(Assignee)

Comment 7

16 years ago
Patch checked in. Now if mathml.css isn't being applied, <mtable> and its 
related tags will just be treated as inline frames, and the table code won't 
kick off.
Status: ASSIGNED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.