Closed
Bug 1398937
Opened 7 years ago
Closed 7 years ago
Crash in nsFirstLetterFrame::CreateContinuationForFloatingParent
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1398581
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox55 | --- | unaffected |
| firefox56 | --- | unaffected |
| firefox57 | --- | fixed |
People
(Reporter: philipp, Unassigned)
Details
(Keywords: crash, regression)
Crash Data
This bug was filed from the Socorro interface and is report bp-7f2ebc62-ddd1-4e22-9420-7088d0170911. ============================================================= Crashing Thread (0) Frame Module Signature Source 0 xul.dll nsFirstLetterFrame::CreateContinuationForFloatingParent(nsPresContext*, nsIFrame*, nsIFrame**, bool) layout/generic/nsFirstLetterFrame.cpp:318 1 xul.dll CreateContinuation layout/base/nsBidiPresUtils.cpp:649 2 xul.dll nsBidiPresUtils::ResolveParagraph(BidiParagraphData*) layout/base/nsBidiPresUtils.cpp:929 3 xul.dll nsBidiPresUtils::Resolve(nsBlockFrame*) layout/base/nsBidiPresUtils.cpp:767 4 xul.dll nsBlockFrame::ResolveBidi() layout/generic/nsBlockFrame.cpp:7564 5 xul.dll nsBlockFrame::GetMinISize(gfxContext*) layout/generic/nsBlockFrame.cpp:732 6 xul.dll nsLayoutUtils::IntrinsicForAxis(mozilla::PhysicalAxis, gfxContext*, nsIFrame*, nsLayoutUtils::IntrinsicISizeType, mozilla::Maybe<mozilla::LogicalSize> const&, unsigned int, int) layout/base/nsLayoutUtils.cpp:5300 7 xul.dll nsLayoutUtils::IntrinsicForContainer(gfxContext*, nsIFrame*, nsLayoutUtils::IntrinsicISizeType, unsigned int) layout/base/nsLayoutUtils.cpp:5435 8 xul.dll nsPlaceholderFrame::AddInlineMinISize(gfxContext*, nsIFrame::InlineMinISizeData*) layout/generic/nsPlaceholderFrame.cpp:78 9 xul.dll nsContainerFrame::DoInlineIntrinsicISize(gfxContext*, nsIFrame::InlineIntrinsicISizeData*, nsLayoutUtils::IntrinsicISizeType) layout/generic/nsContainerFrame.cpp:795 10 xul.dll nsBlockFrame::GetMinISize(gfxContext*) layout/generic/nsBlockFrame.cpp:770 11 xul.dll nsFrame::ShrinkWidthToFit(gfxContext*, int, nsIFrame::ComputeSizeFlags) layout/generic/nsFrame.cpp:5800 12 xul.dll nsContainerFrame::ComputeAutoSize(gfxContext*, mozilla::WritingMode, mozilla::LogicalSize const&, int, mozilla::LogicalSize const&, mozilla::LogicalSize const&, mozilla::LogicalSize const&, nsIFrame::ComputeSizeFlags) layout/generic/nsContainerFrame.cpp:843 13 xul.dll nsFrame::ComputeSize(gfxContext*, mozilla::WritingMode, mozilla::LogicalSize const&, int, mozilla::LogicalSize const&, mozilla::LogicalSize const&, mozilla::LogicalSize const&, nsIFrame::ComputeSizeFlags) layout/generic/nsFrame.cpp:5059 14 xul.dll FloatMarginISize layout/generic/BlockReflowInput.cpp:694 15 xul.dll mozilla::BlockReflowInput::FlowAndPlaceFloat(nsIFrame*) layout/generic/BlockReflowInput.cpp:759 16 xul.dll mozilla::BlockReflowInput::AddFloat(nsLineLayout*, nsIFrame*, int) layout/generic/BlockReflowInput.cpp:629 17 xul.dll nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) layout/generic/nsLineLayout.cpp:961 18 xul.dll nsInlineFrame::ReflowInlineFrame(nsPresContext*, mozilla::ReflowInput const&, nsInlineFrame::InlineReflowInput&, nsIFrame*, nsReflowStatus&) layout/generic/nsInlineFrame.cpp:797 19 xul.dll nsInlineFrame::ReflowFrames(nsPresContext*, mozilla::ReflowInput const&, nsInlineFrame::InlineReflowInput&, mozilla::ReflowOutput&, nsReflowStatus&) layout/generic/nsInlineFrame.cpp:680 20 xul.dll nsFirstLineFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) layout/generic/nsInlineFrame.cpp:1212 21 xul.dll nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) layout/generic/nsLineLayout.cpp:921 22 xul.dll nsBlockFrame::ReflowInlineFrame(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) layout/generic/nsBlockFrame.cpp:4218 23 xul.dll nsBlockFrame::DoReflowInlineFrames(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) layout/generic/nsBlockFrame.cpp:4014 24 xul.dll nsBlockFrame::ReflowInlineFrames(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) layout/generic/nsBlockFrame.cpp:3888 25 xul.dll nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) layout/generic/nsBlockFrame.cpp:2871 26 xul.dll nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) layout/generic/nsBlockFrame.cpp:2407 27 xul.dll nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) layout/generic/nsBlockFrame.cpp:1233 28 xul.dll nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) layout/generic/nsContainerFrame.cpp:932 29 xul.dll nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) layout/generic/nsCanvasFrame.cpp:753 30 xul.dll nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) layout/generic/nsContainerFrame.cpp:932 31 xul.dll nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput*, bool, bool, mozilla::ReflowOutput*, bool) layout/generic/nsGfxScrollFrame.cpp:548 32 xul.dll nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput*, mozilla::ReflowOutput const&) layout/generic/nsGfxScrollFrame.cpp:660 33 xul.dll nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) layout/generic/nsGfxScrollFrame.cpp:1036 34 xul.dll nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) layout/generic/nsContainerFrame.cpp:976 35 xul.dll mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) layout/generic/ViewportFrame.cpp:332 36 xul.dll mozilla::PresShell::DoReflow(nsIFrame*, bool) layout/base/PresShell.cpp:9404 37 xul.dll mozilla::PresShell::ProcessReflowCommands(bool) layout/base/PresShell.cpp:9577 38 xul.dll mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) layout/base/PresShell.cpp:4205 39 xul.dll nsIPresShell::FlushPendingNotifications(mozilla::ChangesToFlush) layout/base/nsIPresShell.h:566 ... these cross-platform crashes in the content process started popping up in 57 nightly. the build where a crash report was submitted from was 57.0a1 build 20170906100107.
|
||
Comment 1•7 years ago
|
||
First report was in 20170906100107. Low volume crash so far. ni to Jet, should we block on this for 57?
Flags: needinfo?(bugs)
|
||
Comment 2•7 years ago
|
||
Seems easy enough to null-check the nsFirstLetterFrame* here: https://hg.mozilla.org/mozilla-central/annotate/d53ba311ca2f/layout/base/nsBidiPresUtils.cpp#l649 tn: WDYT?
Flags: needinfo?(bugs) → needinfo?(tnikkel)
|
||
Comment 3•7 years ago
|
||
parent->IsLetterFrame() guarantees that do_QueryFrame will succeed at that point, so letterFrame can't be null there. However, parent->IsFloating() only checks the style: http://searchfox.org/mozilla-central/rev/6326724982c66aaeaf70bb7c7ee170f7a38ca226/layout/generic/nsIFrameInlines.h#47 so it doesn't guarantee the frame is actually an out-of-flow frame because we ignore the style in some places where we don't allow out-of-flow frames. GetPlaceholderFrame() only returns non-null for actual out-of-flow frames: http://searchfox.org/mozilla-central/rev/6326724982c66aaeaf70bb7c7ee170f7a38ca226/layout/generic/nsFirstLetterFrame.cpp#317 (BTW, the assertion in that method is also wrongly using IsFloating()) It's odd that it's a regression though. Perhaps we used to only allow :first-letter in places where we also allow out-of-flow frames, so that the style check would be enough? and now we don't? I'm not aware of any changes to this part of the code lately though. A regression-window for build 20170906100107 to a few days before might help...
Flags: needinfo?(tnikkel)
Keywords: regressionwindow-wanted
|
|
||
Comment 4•7 years ago
|
||
Oh, there's also a nsFirstLetterFrame::IsFloating() http://searchfox.org/mozilla-central/rev/6326724982c66aaeaf70bb7c7ee170f7a38ca226/layout/generic/nsFirstLetterFrame.h#35 so the assertion is actually correct, sort of...
|
|
||
Comment 5•7 years ago
|
||
| irrelevant | ||
Hmm, the crash-data URLs for this signature contains several pointing to a testcase attached to bug 1398581 (which I don't have access to -- can someone who has CC me please?)
Flags: needinfo?(bugs)
|
|
||
Comment 6•7 years ago
|
||
| irrelevant | ||
(Nevermind, I do have access to it, I just wasn't logged in in that session.)
Flags: needinfo?(bugs)
|
|
||
Comment 7•7 years ago
|
||
I'm pretty sure this is a dupe of bug 1398581.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•7 years ago
|
Keywords: regressionwindow-wanted
You need to log in
before you can comment on or make changes to this bug.
Description
•