Closed Bug 1461124 Opened 8 years ago Closed 1 year ago

Crash in nsLineBreaker::FlushCurrentWord via nsTextFrame::ReflowText replying to email, infinite recursion in block/inline reflow

Categories

(Core :: Layout: Text and Fonts, defect, P3)

Product:
Core
Component:
Layout: Text and Fonts
Platform:
x86
Windows
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: wsmwk, Unassigned)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: [tbird crash])

Crash Data

#45 crash for 52.7.0. According to stats, users on average crash twice The typical bug comment is "replying to mail" This bug was filed from the Socorro interface and is report bp-17b83321-d1b9-4e2b-9572-c20360180425. (fpd) ============================================================= Top 10 frames of crashing thread: 0 xul.dll nsLineBreaker::FlushCurrentWord dom/base/nsLineBreaker.cpp:60 1 xul.dll nsLineBreaker::AppendText dom/base/nsLineBreaker.cpp:366 2 xul.dll BuildTextRunsScanner::SetupBreakSinksForTextRun layout/generic/nsTextFrame.cpp:2617 3 xul.dll BuildTextRunsScanner::BuildTextRunForFrames layout/generic/nsTextFrame.cpp:2391 4 xul.dll BuildTextRunsScanner::FlushFrames layout/generic/nsTextFrame.cpp:1629 5 xul.dll BuildTextRunsScanner::ScanFrame layout/generic/nsTextFrame.cpp:1903 6 xul.dll BuildTextRunsScanner::ScanFrame layout/generic/nsTextFrame.cpp:1913 7 xul.dll BuildTextRuns layout/generic/nsTextFrame.cpp:1530 8 xul.dll nsTextFrame::EnsureTextRun layout/generic/nsTextFrame.cpp:2832 9 xul.dll nsTextFrame::ReflowText layout/generic/nsTextFrame.cpp:9053 =============================================================
See Also: → 520028
Firefox case is bp-0381d423-12c2-48ad-89ba-c29fb0180509. This is stack overflow by reflow.
Component: General → Layout: Text
Product: Thunderbird → Core
Note that this may not really be a text-specific problem; the root issue is infinite recursion in block/inline reflow, and it just happens that we're looking at a text frame when the stack runs out. See also the discussion in bug 1403656, which may be the same underlying cause.
Priority: -- → P3
See Also: → 1403656
(In reply to Jonathan Kew (:jfkthame) from comment #2) > Note that this may not really be a text-specific problem; the root issue is > infinite recursion in block/inline reflow, and it just happens that we're > looking at a text frame when the stack runs out. > > See also the discussion in bug 1403656, which may be the same underlying cause. Indeed the Mac crashes I sampled in crazy old bug 520028 are also via nsTextFrame::ReflowText
URL: https://support.mozilla.org/en-US/que...
Depends on: 1403656
OS: Windows 10 → Windows
See Also: 1403656
Summary: Crash in nsLineBreaker::FlushCurrentWord replying to email → Crash in nsLineBreaker::FlushCurrentWord via nsTextFrame::ReflowText replying to email

bp-0be886e6-b903-4196-bd8f-928f80200422 68.7.0

Summary: Crash in nsLineBreaker::FlushCurrentWord via nsTextFrame::ReflowText replying to email → Crash in nsLineBreaker::FlushCurrentWord via nsTextFrame::ReflowText replying to email, infinite recursion in block/inline reflow
Whiteboard: [tbird crash]

By my reckoning, version 78 crash rate is lower than 60 and 68.

Firefox bp-2b3e68bc-4977-40aa-8e2b-94ae60210219 EXCEPTION_ACCESS_VIOLATION_READ
TB 78 bp-2436f320-4d06-4228-ae63-807c80210219 EXCEPTION_STACK_OVERFLOW
TB 60 bp-19cf74f5-0dbe-4dae-a10f-330d50210219 EXCEPTION_STACK_OVERFLOW

QA Whiteboard: qa-not-actionable

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.

Severity: critical → S3

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.