Closed
Bug 1293521
Opened 8 years ago
Closed 8 years ago
An Read Access Violation in xul!nsTextBoxFrame::CalculateTitleForWidth
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1293523
People
(Reporter: wangmei.S102, Unassigned)
Details
Attachments
(1 file)
725 bytes,
text/html
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
Steps to reproduce:
Run the attached file(A7.html).
Actual results:
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(588.a40): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=00000000 ecx=76e77eeb edx=00000000 esi=0000012c edi=00000000
eip=76e470b4 esp=0013a978 ebp=0013a9e4 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200246
ntdll!KiFastSystemCallRet:
76e470b4 c3 ret
0:000> .ecxr
eax=00000000 ebx=00000000 ecx=163acad0 edx=0013b238 esi=163acad0 edi=0013e87c
eip=5d8fabb6 esp=0013b060 ebp=0013b2f0 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246
xul!nsTextBoxFrame::CalculateTitleForWidth+0x2d:
5d8fabb6 8b4054 mov eax,dword ptr [eax+54h] ds:0023:00000054=????????
0:000> kb
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
0013b200 5d6985ab 0013e87c 000028c8 0013e648 xul!nsTextBoxFrame::CalculateTitleForWidth+0x2d [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nstextboxframe.cpp @ 628]
0013b264 5d698137 0013e87c 0013e648 163acad0 xul!nsTextBoxFrame::CalcDrawRect+0x9a [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nstextboxframe.cpp @ 1078]
0013b2f0 5d8c32ac 163acad0 0013e648 00000000 xul!nsTextBoxFrame::DoXULLayout+0x38 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nstextboxframe.cpp @ 966]
0013b5cc 5d8c1613 15f40960 157b2068 0013e648 xul!nsSprocketLayout::XULLayout+0xcec [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nssprocketlayout.cpp @ 484]
0013b738 5d68f8f9 157b2068 0013e648 00000000 xul!nsBoxFrame::DoXULLayout+0x46 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 913]
0013b824 5d8c1613 15f40f78 1575de70 0013e648 xul!nsStackLayout::XULLayout+0x1d1 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsstacklayout.cpp @ 342]
0013b990 5d8c32ac 1575de70 0013e648 00000000 xul!nsBoxFrame::DoXULLayout+0x46 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 913]
0013bc6c 5d8c1613 15f40960 1575da20 0013e648 xul!nsSprocketLayout::XULLayout+0xcec [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nssprocketlayout.cpp @ 484]
0013bdd8 5d8c32ac 1575da20 0013e648 00000000 xul!nsBoxFrame::DoXULLayout+0x46 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 913]
0013c0b4 5d8c1613 15f40960 157508a8 0013e648 xul!nsSprocketLayout::XULLayout+0xcec [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nssprocketlayout.cpp @ 484]
0013c220 5d8c32ac 157508a8 0013e648 00000001 xul!nsBoxFrame::DoXULLayout+0x46 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 913]
0013c4fc 5d8c1613 15f40960 157503e8 0013e648 xul!nsSprocketLayout::XULLayout+0xcec [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nssprocketlayout.cpp @ 484]
0013c668 5d66ddc8 157503e8 0013e648 00000744 xul!nsBoxFrame::DoXULLayout+0x46 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 913]
0013c67c 5d66dd5b 0013e648 157504e8 0013e648 xul!nsIFrame::XULLayout+0x17 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsbox.cpp @ 511]
0013c6b0 5d8f83a3 00000000 0013c6dc 0013e648 xul!nsXULScrollFrame::LayoutScrollArea+0x9d [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\generic\nsgfxscrollframe.cpp @ 4721]
0013c778 5dbd2ee7 0013e648 0013e648 15750460 xul!nsXULScrollFrame::XULLayout+0xe1 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\generic\nsgfxscrollframe.cpp @ 4912]
0013c788 5d8c32ac 15750460 0013e648 00000000 xul!nsXULScrollFrame::DoXULLayout+0x13 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\generic\nsgfxscrollframe.cpp @ 1494]
0013ca64 5d8c1613 15f40960 1570e588 0013e648 xul!nsSprocketLayout::XULLayout+0xcec [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nssprocketlayout.cpp @ 484]
0013cbd0 5d8c32ac 1570e588 0013e648 00000000 xul!nsBoxFrame::DoXULLayout+0x46 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 913]
0013ceac 5d8c1613 15f40960 1570da10 0013e648 xul!nsSprocketLayout::XULLayout+0xcec [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nssprocketlayout.cpp @ 484]
0013d018 5d8c32ac 1570da10 0013e648 00000000 xul!nsBoxFrame::DoXULLayout+0x46 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 913]
0013d2f4 5d8c1613 15f40960 156b5708 0013e648 xul!nsSprocketLayout::XULLayout+0xcec [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nssprocketlayout.cpp @ 484]
0013d460 5d8c32ac 156b5708 0013e648 00000000 xul!nsBoxFrame::DoXULLayout+0x46 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 913]
0013d73c 5d8c1613 15f40960 15674418 0013e648 xul!nsSprocketLayout::XULLayout+0xcec [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nssprocketlayout.cpp @ 484]
0013d8a8 5d8c32ac 15674418 0013e648 00000000 xul!nsBoxFrame::DoXULLayout+0x46 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 913]
0013db84 5d8c1613 15f40960 1566cea0 0013e648 xul!nsSprocketLayout::XULLayout+0xcec [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nssprocketlayout.cpp @ 484]
0013dcf0 5d68f8f9 1566cea0 0013e648 0000000c xul!nsBoxFrame::DoXULLayout+0x46 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 913]
0013dddc 5d8c1613 15f40f78 1566cdb8 0013e648 xul!nsStackLayout::XULLayout+0x1d1 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsstacklayout.cpp @ 342]
0013df4c 5db6efe0 1566cdb8 0013e648 0013e648 xul!nsBoxFrame::DoXULLayout+0x46 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 913]
0013df68 5d8c32ac 1566cdb8 00000000 00000000 xul!nsDeckFrame::DoXULLayout+0x21 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsdeckframe.cpp @ 214]
0013e244 5d8c1613 15f40960 14c02fb8 0013e648 xul!nsSprocketLayout::XULLayout+0xcec [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nssprocketlayout.cpp @ 484]
0013e3b0 5d68f8f9 14c02fb8 0013e648 00000000 xul!nsBoxFrame::DoXULLayout+0x46 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 913]
0013e49c 5d8c1613 15f40f78 14c02de0 0013e648 xul!nsStackLayout::XULLayout+0x1d1 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsstacklayout.cpp @ 342]
0013e608 5d68f02e 14c02de0 0013e648 14c02de0 xul!nsBoxFrame::DoXULLayout+0x46 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 913]
0013e6bc 5d68bf90 1519b000 0013e7f8 0013e748 xul!nsBoxFrame::Reflow+0x163 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\xul\nsboxframe.cpp @ 709]
0013e6e4 5d68c4ad 14c02de0 1519b000 0013e7f8 xul!nsContainerFrame::ReflowChild+0x47 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\generic\nscontainerframe.cpp @ 1070]
0013e850 5d8baff9 1519b000 0013ea08 0013e900 xul!ViewportFrame::Reflow+0x129 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\generic\nsviewportframe.cpp @ 315]
0013eae8 5d8db122 14c029d0 00000001 00000004 xul!PresShell::DoReflow+0x34b [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\base\nspresshell.cpp @ 9269]
0013eb44 5d80609e 00000001 00000001 12db9850 xul!PresShell::ProcessReflowCommands+0x9c [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\base\nspresshell.cpp @ 9436]
0013ec00 5d7541df 00000004 13660000 0013ee40 xul!PresShell::FlushPendingNotifications+0x20a [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\base\nspresshell.cpp @ 4098]
0013ee18 5ebaa2a0 a46a544f 01a8a808 16c27300 xul!nsRefreshDriver::Tick+0x27a [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\base\nsrefreshdriver.cpp @ 1786]
0013ee70 5de9bc82 00000000 00000000 5db9cf7c xul!nsRefreshDriver::DoTick+0x59 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\base\nsrefreshdriver.cpp @ 1388]
0013eea4 5db9ceb1 00000005 00000000 0013ef10 xul!nsRefreshDriver::FinishedWaitingForTransaction+0x2fec74 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\layout\base\nsrefreshdriver.cpp @ 1990]
0013eec0 5d76eb5a 0013ef00 0013eef8 0013ef10 xul!mozilla::layers::CompositorBridgeChild::RecvDidComposite+0x2a [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\gfx\layers\ipc\compositorbridgechild.cpp @ 405]
0013ef50 5d9e801e 0013f210 ffffffff 0013f210 xul!mozilla::layers::PCompositorBridgeChild::OnMessageReceived+0x182 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\obj-firefox\ipc\ipdl\pcompositorbridgechild.cpp @ 1015]
0013f174 5d9e9692 0013f210 5f423f78 15f49800 xul!mozilla::ipc::MessageChannel::DispatchAsyncMessage+0x97 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\ipc\glue\messagechannel.cpp @ 1654]
0013f1f4 5d9e8b11 0013f210 0013f260 18593be0 xul!mozilla::ipc::MessageChannel::DispatchMessageW+0xe4 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\ipc\glue\messagechannel.cpp @ 1595]
0013f228 5d6c6915 00a04464 00a7c0c0 0013f294 xul!mozilla::ipc::MessageChannel::OnMaybeDequeueOne+0xc7 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\ipc\glue\messagechannel.cpp @ 1561]
0013f294 5d76f09b 00a03820 5fc19501 0013f3ac xul!MessageLoop::DoWork+0x18d [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\ipc\chromium\src\base\message_loop.cc @ 444]
0013f2a4 5d9eb4b2 00a03820 00a45140 00a45130 xul!mozilla::ipc::DoWorkRunnable::Run+0x2a [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\ipc\glue\messagepump.cpp @ 228]
0013f3ac 5d9ead31 00a082b0 00000000 0013f3d3 xul!nsThread::ProcessNextEvent+0x276 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\xpcom\threads\nsthread.cpp @ 1000]
0013f3dc 5da56012 00a7c0c0 7afed3dd 00a04460 xul!mozilla::ipc::MessagePump::Run+0x72 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\ipc\glue\messagepump.cpp @ 98]
0013f414 5da55fe1 00a082b0 00000001 5d8b8900 xul!MessageLoop::RunHandler+0x20 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\ipc\chromium\src\base\message_loop.cc @ 224]
0013f434 5da631dc 0b7622c0 00000000 5da62f55 xul!MessageLoop::Run+0x19 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\ipc\chromium\src\base\message_loop.cc @ 204]
0013f440 5da62f55 00a04460 0b7622c0 5da62f0c xul!nsBaseAppShell::Run+0x32 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\widget\nsbaseappshell.cpp @ 158]
0013f44c 5da62f0c 00a04460 665b2da5 11e29f20 xul!nsAppShell::Run+0x24 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\widget\windows\nsappshell.cpp @ 262]
0013f45c 5da4a363 0b7622c0 80000000 0013f6c0 xul!nsAppStartup::Run+0x20 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\toolkit\components\startup\nsappstartup.cpp @ 285]
0013f640 5da4eb0c 00a04220 0013f808 0013f7c0 xul!XREMain::XRE_mainRun+0x4d4 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\toolkit\xre\nsapprunner.cpp @ 4347]
0013f664 5da4caa3 00000000 00247fe8 0013f800 xul!XREMain::XRE_main+0x1a0 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\toolkit\xre\nsapprunner.cpp @ 4451]
*** ERROR: Module load completed but symbols could not be loaded for firefox.exe
0013f7c0 00ea16ab 00000004 00247fe8 0013f808 xul!XRE_main+0x3e [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\toolkit\xre\nsapprunner.cpp @ 4560]
WARNING: Stack unwind information not available. Following frames may be wrong.
0013f848 5d7fe77a 00000000 3ff00000 0013f8d4 firefox+0x16ab
0013f88c 5d7fefeb 00000001 00000002 00000003 xul!base::StatisticsRecorder::RegisterOrDeleteDuplicate+0x97 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\ipc\chromium\src\base\histogram.cc @ 1237]
0013f934 5d8ba589 0000d63a 755de9cc 7559cdcf xul!`anonymous namespace'::HistogramGet+0x175 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\toolkit\components\telemetry\telemetry.cpp @ 1052]
0013f970 00ea7a72 00247fe8 00000001 00510f70 xul!mozilla::Telemetry::Accumulate+0xc8 [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\toolkit\components\telemetry\telemetry.cpp @ 3905]
0013fa0c 00ea10e6 00eb5190 00000000 00000000 firefox+0x7a72
0013fa24 00ea24c8 00247fe8 001eff50 001f1f70 firefox+0x10e6
00000000 00000000 00000000 00000000 00000000 firefox+0x24c8
Comment 1•8 years ago
|
||
Like in bug 1293523, could you give a link to a crash report? It might be similar.
Group: firefox-core-security → layout-core-security
Component: Untriaged → Layout: Text
Product: Firefox → Core
Comment 2•8 years ago
|
||
From the stack and registers, I think this is almost certainly the same as bug 1293523 -- we crash due to calling GetDrawTarget() on an nsRenderingContext that was constructed with a null thebes context.
Comment 3•8 years ago
|
||
The bug numbers differ by 2 and the text is the same -- I'm sure this was just a double-submit
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Group: layout-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•