Closed Bug 12958 Opened 25 years ago Closed 25 years ago

[CRASH]select text with first-letter behaves oddly

Categories

(Core :: Layout, defect, P3)

Product:
Core
Component:
Layout
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: buster, Assigned: mjudge)

References

(
URL
)

Details

open sample 0 in viewer
turn on edit mode
go to the line that has first-letter style, "First letter style is really..."
select all but the first 2 characters
delete
delete the second character ('i')
assert (usually *).
continue through the assert.
crash.

* if you don't assert deleting 'i', then delete 'F' after deleting 'i'.  This
always works.

stack:
nsDebug::Assertion(const char * 0x0242b974, const char * 0x0242b96c, const char
* 0x0242b934, int 512) line 176 + 13 bytes
nsContainerFrame::DeleteChildsNextInFlow(nsIPresContext & {...}, nsIFrame *
0x027ded40) line 512 + 32 bytes
nsFirstLetterFrame::Reflow(nsFirstLetterFrame * const 0x027de894, nsIPresContext
& {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned
int & 0) line 240
nsBlockReflowContext::ReflowBlock(nsIFrame * 0x027de890, const nsRect & {...},
int 1, int 0, int 1, nsMargin & {...}, unsigned int & 0) line 224 + 42 bytes
nsBlockFrame::ReflowFloater(nsBlockReflowState & {...}, nsPlaceholderFrame *
0x027de420, nsRect & {...}, nsMargin & {...}, nsMargin & {...}) line 4637 + 41
bytes
nsBlockReflowState::AddFloater(nsLineLayout & {...}, nsPlaceholderFrame *
0x027de420, int 0) line 4704
nsLineLayout::AddFloater(nsPlaceholderFrame * 0x027de420) line 438
nsLineLayout::ReflowFrame(nsIFrame * 0x027de420, nsIFrame * * 0x0012e248,
unsigned int & 0) line 868
nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineLayout &
{...}, nsLineBox * 0x027dfe60, nsIFrame * 0x027de420, unsigned char *
0x0012d904) line 3180 + 23 bytes
nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState & {...}, nsLineLayout &
{...}, nsLineBox * 0x027dfe60, int * 0x0012e150, unsigned char * 0x0012e038)
line 3070 + 28 bytes
nsBlockFrame::DoReflowInlineFramesAuto(nsBlockReflowState & {...}, nsLineBox *
0x027dfe60, int * 0x0012e150, unsigned char * 0x0012e038) line 3015 + 34 bytes
nsBlockFrame::ReflowInlineFrames(nsBlockReflowState & {...}, nsLineBox *
0x027dfe60, int * 0x0012e150) line 2963 + 24 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x027dfe60, int
* 0x0012e150, int 1) line 2257 + 20 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2000 + 30 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x027dedc4, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 1306 + 18 bytes
nsBlockReflowContext::ReflowBlock(nsIFrame * 0x027dedc0, const nsRect & {...},
int 1, int 240, int 0, nsMargin & {...}, unsigned int & 0) line 224 + 42 bytes
nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox *
0x027f5bc0, int * 0x0012e6cc) line 2774 + 56 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x027f5bc0, int
* 0x0012e6cc, int 1) line 2208 + 20 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2000 + 30 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x02793454, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 1306 + 18 bytes
nsBlockReflowContext::ReflowBlock(nsIFrame * 0x02793450, const nsRect & {...},
int 1, int 0, int 1, nsMargin & {...}, unsigned int & 0) line 224 + 42 bytes
nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox *
0x027931e0, int * 0x0012ec48) line 2774 + 56 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x027931e0, int
* 0x0012ec48, int 1) line 2208 + 20 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2000 + 30 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x02793a74, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 1306 + 18 bytes
nsAreaFrame::Reflow(nsAreaFrame * const 0x02793a74, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 344 + 25 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x02793a70, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 439 + 28 bytes
RootFrame::Reflow(RootFrame * const 0x027920d4, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 330
nsContainerFrame::ReflowChild(nsIFrame * 0x027920d0, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 439 + 28 bytes
nsScrollFrame::Reflow(nsScrollFrame * const 0x02791154, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 606
nsContainerFrame::ReflowChild(nsIFrame * 0x02791150, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 439 + 28 bytes
ViewportFrame::Reflow(ViewportFrame * const 0x025c77a4, nsIPresContext & {...},
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0)
line 516
nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x0295b6c0,
nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsSize & {...},
nsIRenderingContext & {...}) line 140
PresShell::ProcessReflowCommands(PresShell * const 0x025bfb80) line 1229
PresShell::ExitReflowLock(PresShell * const 0x025bfb80) line 581
PresShell::ContentChanged(PresShell * const 0x025bfb88, nsIDocument *
0x0250dc70, nsIContent * 0x027ba40c, nsISupports * 0x00000000) line 1603
nsDocument::ContentChanged(nsDocument * const 0x0250dc70, nsIContent *
0x027ba40c, nsISupports * 0x00000000) line 1540
nsGenericDOMDataNode::SetText(const unsigned short * 0x0295b720, int 3, int 1)
line 927
nsTextNode::SetText(nsTextNode * const 0x027ba410, const unsigned short *
0x0295b720, int 3, int 1) line 66 + 26 bytes
nsGenericDOMDataNode::ReplaceData(unsigned int 3, unsigned int 1, const nsString
& {...}) line 377 + 33 bytes
nsGenericDOMDataNode::DeleteData(unsigned int 3, unsigned int 1) line 326 + 20
bytes
nsTextNode::DeleteData(nsTextNode * const 0x027ba400, unsigned int 3, unsigned
int 1) line 51 + 22 bytes
DeleteTextTxn::Do(DeleteTextTxn * const 0x0295b810) line 67 + 40 bytes
EditAggregateTxn::Do(EditAggregateTxn * const 0x0295a8c0) line 56 + 12 bytes
nsTransactionItem::Do() line 102 + 18 bytes
nsTransactionManager::BeginTransaction(nsITransaction * 0x0295a8c0) line 1038 +
11 bytes
nsTransactionManager::Do(nsTransactionManager * const 0x0280c830, nsITransaction
* 0x0295a8c0) line 134 + 18 bytes
nsEditor::Do(nsEditor * const 0x0280a5c0, nsITransaction * 0x0295a8c0) line 341
+ 30 bytes
nsEditor::DeleteSelectionImpl(nsEditor * const 0x0280a5c0,
nsIEditor::ESelectionCollapseDirection eDeletePrevious) line 3807 + 16 bytes
nsHTMLEditor::DeleteSelection(nsHTMLEditor * const 0x0280a5c0,
nsIEditor::ESelectionCollapseDirection eDeletePrevious) line 835 + 19 bytes
nsHTMLEditorLog::DeleteSelection(nsHTMLEditorLog * const 0x0280a5c0,
nsIEditor::ESelectionCollapseDirection eDeletePrevious) line 155 + 13 bytes
nsTextEditorKeyListener::KeyPress(nsIDOMEvent * 0x0295a9d0) line 273
nsEventListenerManager::HandleEvent(nsIPresContext & {...}, nsEvent *
0x0012fcb8, nsIDOMEvent * * 0x0012fa40, unsigned int 3, nsEventStatus &
nsEventStatus_eIgnore) line 763 + 17 bytes
nsDocument::HandleDOMEvent(nsDocument * const 0x0250dc70, nsIPresContext &
{...}, nsEvent * 0x0012fcb8, nsIDOMEvent * * 0x0012fa40, unsigned int 1,
nsEventStatus & nsEventStatus_eIgnore) line 2316
nsHTMLHtmlElement::HandleDOMEvent(nsHTMLHtmlElement * const 0x0251c88c,
nsIPresContext & {...}, nsEvent * 0x0012fcb8, nsIDOMEvent * * 0x00000000,
unsigned int 1, nsEventStatus & nsEventStatus_eIgnore) line 186 + 41 bytes
Status: NEW → ASSIGNED
Target Milestone: M12
*** Bug 16072 has been marked as a duplicate of this bug. ***
Assignee: kipp → mjudge
Status: ASSIGNED → NEW
Summary: delete text with first letter crashes → select text with first-letter behaves oddly
Finally, fixed. I reworked the frame construction code to properly tear down and
then reconstruct first-letter frames when editing is occuring. The test no
longer crashes.

However, selection in first-letter situations is now (sigh) horribly broken...

so I'm reassigning to mjudge to deal with that new issue.

In the old code the content object for the first-letter frame was the block. I
thought that this was necessary to get the style right; I was wrong. So now the
letter frame has the proper content object (in both in-flow and floating
situations). For some reason this change has broken the selection logic.
Attempting to select the sect that is a continuation of the letter-frame's
character doesn't work (well it doesn't display properly, but the selection ends
up in the right place in the content - go figure).
QA Contact: petersen → sujay
Summary: select text with first-letter behaves oddly → [CRASH]select text with first-letter behaves oddly
changing QA contact to Sujay, since this is an editor issue, adding [CRASH] to
summary. Sujay -- can you give this a try and see if it still crashes?
sample 0 doesn't come up in mozilla....
Blocks: 18471
Status: NEW → ASSIGNED
this is fixed. tadaa
If fixed is checked in, could you please mark Resolved/Fixed?  Thanks!
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
yes, it is fixed and I verified the fix using 1999111108 build on win95, marking
verified.
Blocks: 18951
No longer blocks: 18471
No longer blocks: 18951
You need to log in before you can comment on or make changes to this bug.