Closed Bug 1298704 Opened 8 years ago Closed 8 years ago

Crash in nsBlockFrame::GetMinISize - stack overflow caused by AccessibleCaretEventHub::Reflow callback

Categories

(Core :: DOM: Selection, defect)

Product:
Core
Component:
DOM: Selection
Platform:
x86
Windows 10
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla51
Tracking Flags:
Tracking Status
firefox51 --- fixed

People

(Reporter: MatsPalmgren_bugz, Assigned: TYLin)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1298704 - Use flag to avoid calling AccessibleCaretEventHub::Reflow() recursively.
58 bytes, text/x-review-board-request
MatsPalmgren_bugz
: review+
Details
This bug was filed from the Socorro interface and is report bp-7d0aed6a-35aa-41b9-bc61-9b3892160826. ============================================================= It looks like AccessibleCaret causes infinite recursion through flushing layout.
Flags: needinfo?(tlin)
Assignee: nobody → tlin
Blocks: AccessibleCaret, 1244402
Flags: needinfo?(tlin)
Comment on attachment 8785831 [details] Bug 1298704 - Use flag to avoid calling AccessibleCaretEventHub::Reflow() recursively. https://reviewboard.mozilla.org/r/74902/#review72792 ::: layout/base/AccessibleCaretEventHub.h:135 (Diff revision 1) > bool mInitialized = false; > > + // Flag to avoid calling Reflow() callback recursively. > + bool mIsInReflowCallback = false; Nit: perhaps we should move both these bool members to after 'mActiveTouchId' instead? (to avoid spilling due to alignment). ::: layout/base/AccessibleCaretEventHub.cpp:686 (Diff revision 1) > > NS_IMETHODIMP > AccessibleCaretEventHub::ReflowInterruptible(DOMHighResTimeStamp aStart, > DOMHighResTimeStamp aEnd) > { > - if (!mInitialized) { > + // Defer the error checking in Reflow(). s/in/to/
Comment on attachment 8785831 [details] Bug 1298704 - Use flag to avoid calling AccessibleCaretEventHub::Reflow() recursively. https://reviewboard.mozilla.org/r/74902/#review72796
Attachment #8785831 - Flags: review?(mats) → review+
Comment on attachment 8785831 [details] Bug 1298704 - Use flag to avoid calling AccessibleCaretEventHub::Reflow() recursively. https://reviewboard.mozilla.org/r/74902/#review72792 > Nit: perhaps we should move both these bool members to after 'mActiveTouchId' instead? (to avoid spilling due to alignment). Before applying my patch, `sizeof(AccessibleCaretEventHub)` is 128 on my machine. Though adding the flag to after `mInitialized` does not increase its size, but moving both bool members to after `mActiveTouchId` reduces the size from 128 to 120. Yeh!
Pushed by tlin@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e11d9697af59 Use flag to avoid calling AccessibleCaretEventHub::Reflow() recursively. r=mats
https://hg.mozilla.org/mozilla-central/rev/e11d9697af59
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox51: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: