Closed Bug 14701 Opened 25 years ago Closed 25 years ago

crash in nsTableFrame::GetTableFrame

Categories

(Core :: Layout: Tables, defect, P3)

Product:
Core
Component:
Layout: Tables
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: alecf, Assigned: karnaze)

Details

I was using the Search window, and I tried one or two searches using different
search engines, then it crashed. I THINK this was while clicking on one of the
resulting search icons... Open up the search window (off the toolbar in
apprunner) and do a search on a few sites, it was one of the icons on the bottom
row.

Stack trace:
(gdb) where
#0  0x2 in ?? ()
#1  0x40c23df2 in nsTableRowFrame::Paint (this=0x9023a78,
    aPresContext=@0x8cab8e0, aRenderingContext=@0x90aaee0,
    aDirtyRect=@0xbfffe09c, aWhichLayer=eFramePaintLayer_Underlay)
    at nsTableRowFrame.cpp:428
#2  0x40b116d5 in PresShell::Paint (this=0x8cd4c88, aView=0x9023af8,
    aRenderingContext=@0x90aaee0, aDirtyRect=@0xbfffe09c)
    at nsPresShell.cpp:1954
#3  0x41014043 in nsView::Paint (this=0x9023af8, rc=@0x90aaee0,
    rect=@0xbfffe09c, aPaintFlags=128, aResult=@0xbfffe270) at nsView.cpp:280
#4  0x4101c887 in nsViewManager::RenderView (this=0x8cf42b8, aView=0x9023af8,
    aRC=@0x90aaee0, aDamageRect=@0xbfffe2f0, aGlobalRect=@0x8d7d4ec,
    aResult=@0xbfffe270) at nsViewManager.cpp:1255
#5  0x4101b8f3 in nsViewManager::RenderViews (this=0x8cf42b8,
    aRootView=0x8def200, aRC=@0x90aaee0, aRect=@0xbfffe344,
    aResult=@0xbfffe33c) at nsViewManager.cpp:900
#6  0x4101a78c in nsViewManager::Refresh (this=0x8cf42b8, aView=0x8def200,
    aContext=0x90aaee0, rect=0xbfffe3d8, aUpdateFlags=1)
    at nsViewManager.cpp:521
#7  0x4101d075 in nsViewManager::DispatchEvent (this=0x8cf42b8,
    aEvent=0xbfffe56c, aStatus=@0xbfffe418) at nsViewManager.cpp:1577
#8  0x41013a8d in HandleEvent (aEvent=0xbfffe56c) at nsView.cpp:62
#9  0x4048f089 in nsWidget::DispatchEvent (this=0x8def268, aEvent=0xbfffe56c,
    aStatus=@0xbfffe4b0) at nsWidget.cpp:1095
#10 0x4048eed9 in nsWidget::DispatchWindowEvent (this=0x8def268,
    event=0xbfffe56c) at nsWidget.cpp:1009
#11 0x404921b9 in nsWindow::OnPaint (this=0x8def268, event=@0xbfffe56c)
    at nsWindow.cpp:427
#12 0x404928a7 in nsWindow::OnDrawSignal (this=0x8def268, aArea=0xbfffe940)
    at nsWindow.cpp:813
#13 0x40492860 in nsWindow::DrawSignal (aArea=0xbfffe940, aData=0x8def268)
    at nsWindow.cpp:797
#14 0x40600485 in ?? () from /usr/lib/libgtk-1.2.so.0
#15 0x405c565d in ?? () from /usr/lib/libgtk-1.2.so.0
#16 0x405c4ab2 in ?? () from /usr/lib/libgtk-1.2.so.0
#17 0x405c2c05 in ?? () from /usr/lib/libgtk-1.2.so.0
#18 0x405f6688 in ?? () from /usr/lib/libgtk-1.2.so.0
#19 0x4058fae8 in ?? () from /usr/lib/libgtk-1.2.so.0
#20 0x40600485 in ?? () from /usr/lib/libgtk-1.2.so.0
#21 0x405c496b in ?? () from /usr/lib/libgtk-1.2.so.0
#22 0x405c2c05 in ?? () from /usr/lib/libgtk-1.2.so.0
#23 0x405f6688 in ?? () from /usr/lib/libgtk-1.2.so.0
#24 0x4048e962 in nsWidget::Invalidate (this=0x8cd4858, aRect=@0x8cd48dc,
    aIsSynchronous=1) at nsWidget.cpp:692
#25 0x4048e9e4 in nsWidget::Update (this=0x8cd4858) at nsWidget.cpp:712
#26 0x4101cb3a in nsViewManager::Composite (this=0x8cf42b8)
    at nsViewManager.cpp:1336
#27 0x40bdf944 in ApplyRenderingChangeToTree (aPresContext=0x8cab8e0,
    aFrame=0x0) at nsCSSFrameConstructor.cpp:6491
#28 0x40bdfbb9 in nsCSSFrameConstructor::ProcessRestyledFrames (
    this=0x8cd4c40, aChangeList=@0xbfffee44, aPresContext=0x8cab8e0)
    at nsCSSFrameConstructor.cpp:6570
#29 0x40be012a in nsCSSFrameConstructor::ContentStatesChanged (this=0x8cd4c40,
    aPresContext=0x8cab8e0, aContent1=0x8f1ad60, aContent2=0x0)
    at nsCSSFrameConstructor.cpp:6686
#30 0x40c8e19b in StyleSetImpl::ContentStatesChanged (this=0x8cd4bf8,
    aPresContext=0x8cab8e0, aContent1=0x8f1ad60, aContent2=0x0)
    at nsStyleSet.cpp:906
#31 0x40b10d39 in PresShell::ContentStatesChanged (this=0x8cd4c88,
    aDocument=0x8cedbc0, aContent1=0x8f1ad60, aContent2=0x0)
    at nsPresShell.cpp:1691
#32 0x407e8558 in ?? ()
   from /home1/alecf/xpc/mozilla/dist/bin/components/librdf.so
#33 0x40add4cc in nsEventStateManager::SetContentState (this=0x8de4ae8,
    aContent=0x0, aState=1) at nsEventStateManager.cpp:1402
#34 0x40adb67c in nsEventStateManager::PostHandleEvent (this=0x8de4ae8,
    aPresContext=@0x8cab8e0, aEvent=0xbffff200, aTargetFrame=0x8f9e748,
    aStatus=@0xbffff12c, aView=0x8cd47f0) at nsEventStateManager.cpp:420
#35 0x40b11de2 in PresShell::HandleEvent (this=0x8cd4c88, aView=0x8cd47f0,
    aEvent=0xbffff200, aEventStatus=@0xbffff12c) at nsPresShell.cpp:2091
#36 0x4101505e in nsView::HandleEvent (this=0x8cd47f0, event=0xbffff200,
    aEventFlags=28, aStatus=@0xbffff12c, aHandled=@0xbffff0c0)
    at nsView.cpp:827
#37 0x4101d33a in nsViewManager::DispatchEvent (this=0x8cf42b8,
    aEvent=0xbffff200, aStatus=@0xbffff12c) at nsViewManager.cpp:1665
#38 0x41013a8d in HandleEvent (aEvent=0xbffff200) at nsView.cpp:62
#39 0x4048f089 in nsWidget::DispatchEvent (this=0x8cd4858, aEvent=0xbffff200,
    aStatus=@0xbffff1c4) at nsWidget.cpp:1095
#40 0x4048eed9 in nsWidget::DispatchWindowEvent (this=0x8cd4858,
    event=0xbffff200) at nsWidget.cpp:1009
#41 0x4048f116 in nsWidget::DispatchMouseEvent (this=0x8cd4858,
    aEvent=@0xbffff200) at nsWidget.cpp:1122
#42 0x4048fce0 in nsWidget::OnButtonReleaseSignal (this=0x8cd4858,
    aGdkButtonEvent=0x87b5d14) at nsWidget.cpp:1724
#43 0x404905c8 in nsWidget::ButtonReleaseSignal (aWidget=0x8cd4a40,
    aGdkButtonEvent=0x87b5d14, aData=0x8cd4858) at nsWidget.cpp:2163
#44 0x40600229 in ?? () from /usr/lib/libgtk-1.2.so.0
#45 0x405c565d in ?? () from /usr/lib/libgtk-1.2.so.0
#46 0x405c4ab2 in ?? () from /usr/lib/libgtk-1.2.so.0
#47 0x405c2c05 in ?? () from /usr/lib/libgtk-1.2.so.0
#48 0x405f79d8 in ?? () from /usr/lib/libgtk-1.2.so.0
#49 0x40598b22 in ?? () from /usr/lib/libgtk-1.2.so.0
#50 0x40597d7a in ?? () from /usr/lib/libgtk-1.2.so.0
#51 0x406400fb in ?? () from /usr/lib/libgdk-1.2.so.0
#52 0x4066da86 in ?? () from /usr/lib/libglib-1.2.so.0
#53 0x4066e041 in ?? () from /usr/lib/libglib-1.2.so.0
#54 0x4066e1e1 in ?? () from /usr/lib/libglib-1.2.so.0
#55 0x405977a9 in ?? () from /usr/lib/libgtk-1.2.so.0
#56 0x4047f4a1 in nsAppShell::Run (this=0x810c6c8) at nsAppShell.cpp:379
#57 0x4035a99e in ?? () from /home1/alecf/xpc/mozilla/dist/bin/libnsappshell.so
#58 0x804a75e in main1 (argc=2, argv=0xbffff844) at nsAppRunner.cpp:591
#59 0x804a960 in main (argc=2, argv=0xbffff844) at nsAppRunner.cpp:702
#60 0x40226cb3 in ?? () from /lib/libc.so.6

(gdb) frame 1
#1  0x40c23df2 in nsTableRowFrame::Paint (this=0x9023a78,
    aPresContext=@0x8cab8e0, aRenderingContext=@0x90aaee0,
    aDirtyRect=@0xbfffe09c, aWhichLayer=eFramePaintLayer_Underlay)
    at nsTableRowFrame.cpp:428
428	        rv = nsTableFrame::GetTableFrame(this, tableFrame);
(gdb) print this
$4 = (nsTableRowFrame *) 0xbfffdea0

Looks ok, not sure why it's crashing. strange that frame #0 is at address 0x2.
Assignee: troy → karnaze
Component: Layout → HTMLTables
Chris, stack trace shows tables. It looks a little odd, though, because it shows
the table row frame code being called directly by the the pres shell

That implies that the row has a view associated with it?
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → INVALID
Alec, I can't reproduce this bug based on the description. I did get the
following stack after trying to reproduce it, but it is not related to tables.
The original stack as reported should not even exist as Troy points out and
could indicate either (1) a lying VCC or (2) a bad cast or corrupted memory
elsewhere, or (3) if a tree widget is involved it may be giving a view to the
row (but then it would seem that the tree row would be in the stack instead).

If you can reproduce it, please reopen the bug.

NTDLL! DbgBreakPoint@0 address 0x77f76148
nsDebug::Break(const char * 0x015e103c, int 1214) line 155
nsDebug::Assertion(const char * 0x015e1078, const char * 0x015e106c, const char
* 0x015e103c, int 1214) line 181 + 13 bytes
nsGenericElement::Release(nsGenericElement * const 0x033eee38) line 1214 + 35
bytes
nsJSUtils::nsGenericResolve(JSContext * 0x02bc54e0, JSObject * 0x01fa5640, long
14537012) line 556 + 12 bytes
ResolveElement(JSContext * 0x02bc54e0, JSObject * 0x01fa5640, long 14537012)
line 165 + 17 bytes
_js_LookupProperty(JSContext * 0x02bc54e0, JSObject * 0x01fa5640, long 26031440,
JSObject * * 0x0012e9c4, JSProperty * * 0x0012e9bc, const char * 0x00592524,
unsigned int 1798) line 1636 + 24 bytes
js_GetProperty(JSContext * 0x02bc54e0, JSObject * 0x01fa5640, long 26031440,
long * 0x0012f05c) line 1798 + 35 bytes
js_Interpret(JSContext * 0x02bc54e0, long * 0x0012f1e4) line 2205 + 1055 bytes
js_Invoke(JSContext * 0x02bc54e0, unsigned int 1, unsigned int 2) line 687 + 13
bytes
js_InternalCall(JSContext * 0x02bc54e0, JSObject * 0x01f36e38, long 32730688,
unsigned int 1, long * 0x0012f364, long * 0x0012f31c) line 764 + 15 bytes
JS_CallFunction(JSContext * 0x02bc54e0, JSObject * 0x01f36e38, JSFunction *
0x02cd5d50, unsigned int 1, long * 0x0012f364, long * 0x0012f31c) line 2650 + 32
bytes
nsJSContext::CallFunction(nsJSContext * const 0x02bc5650, void * 0x01f36e38,
void * 0x02cd5d50, unsigned int 1, void * 0x0012f364, int * 0x0012f360) line 231
+ 39 bytes
nsJSEventListener::HandleEvent(nsIDOMEvent * 0x0342dd60) line 103 + 48 bytes
nsEventListenerManager::HandleEvent(nsIPresContext & {...}, nsEvent *
0x0012f8a0, nsIDOMEvent * * 0x0012f848, unsigned int 2, nsEventStatus &
nsEventStatus_eIgnore) line 646 + 21 bytes
RDFElementImpl::HandleDOMEvent(RDFElementImpl * const 0x02ce11b0, nsIPresContext
& {...}, nsEvent * 0x0012f8a0, nsIDOMEvent * * 0x0012f848, unsigned int 2,
nsEventStatus & nsEventStatus_eIgnore) line 2876
RDFElementImpl::HandleDOMEvent(RDFElementImpl * const 0x033b83a0, nsIPresContext
& {...}, nsEvent * 0x0012f8a0, nsIDOMEvent * * 0x0012f848, unsigned int 2,
nsEventStatus & nsEventStatus_eIgnore) line 2880 + 39 bytes
RDFElementImpl::HandleDOMEvent(RDFElementImpl * const 0x033ed780, nsIPresContext
& {...}, nsEvent * 0x0012f8a0, nsIDOMEvent * * 0x0012f848, unsigned int 2,
nsEventStatus & nsEventStatus_eIgnore) line 2880 + 39 bytes
nsGenericElement::HandleDOMEvent(nsIPresContext & {...}, nsEvent * 0x0012f8a0,
nsIDOMEvent * * 0x0012f848, unsigned int 1, nsEventStatus &
nsEventStatus_eIgnore) line 796 + 39 bytes
AnonymousElement::HandleDOMEvent(AnonymousElement * const 0x033eee2c,
nsIPresContext & {...}, nsEvent * 0x0012f8a0, nsIDOMEvent * * 0x00000000,
unsigned int 1, nsEventStatus & nsEventStatus_eIgnore) line 130 + 31 bytes
nsEventStateManager::CheckForAndDispatchClick(nsEventStateManager * const
0x02cfcc60, nsIPresContext & {...}, nsMouseEvent * 0x0012fbc8, nsEventStatus &
nsEventStatus_eIgnore) line 947 + 42 bytes
nsEventStateManager::PostHandleEvent(nsEventStateManager * const 0x02cfcc60,
nsIPresContext & {...}, nsGUIEvent * 0x0012fbc8, nsIFrame * 0x033f09c0,
nsEventStatus & nsEventStatus_eIgnore, nsIView * 0x02c1c990) line 418 + 24 bytes
PresShell::HandleEvent(PresShell * const 0x02c1c574, nsIView * 0x02c1c990,
nsGUIEvent * 0x0012fbc8, nsEventStatus & nsEventStatus_eIgnore) line 2091 + 43
bytes
nsView::HandleEvent(nsView * const 0x02c1c990, nsGUIEvent * 0x0012fbc8, unsigned
int 28, nsEventStatus & nsEventStatus_eIgnore, int & 0) line 828
nsViewManager::DispatchEvent(nsViewManager * const 0x02c1ce90, nsGUIEvent *
0x0012fbc8, nsEventStatus & nsEventStatus_eIgnore) line 1664
HandleEvent(nsGUIEvent * 0x0012fbc8) line 63
nsWindow::DispatchEvent(nsWindow * const 0x02c1c854, nsGUIEvent * 0x0012fbc8,
nsEventStatus & nsEventStatus_eIgnore) line 340 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fbc8) line 361
nsWindow::DispatchMouseEvent(unsigned int 301, nsPoint * 0x00000000) line 3226 +
21 bytes
ChildWindow::DispatchMouseEvent(unsigned int 301, nsPoint * 0x00000000) line
3444
nsWindow::ProcessMessage(unsigned int 514, unsigned int 0, long 3670507, long *
0x0012fde8) line 2453 + 24 bytes
nsWindow::WindowProc(HWND__ * 0x00020842, unsigned int 514, unsigned int 0, long
3670507) line 449 + 27 bytes
USER32! DispatchMessageWorker@8 + 135 bytes
USER32! DispatchMessageA@4 + 11 bytes
nsAppShell::Run() line 74
nsAppShellService::Run(nsAppShellService * const 0x00cfa900) line 462
main1(int 1, char * * 0x00c94ac0) line 591 + 12 bytes
main(int 1, char * * 0x00c94ac0) line 702 + 13 bytes
mainCRTStartup() line 338 + 17 bytes
ok, I'll take a whack it again...maybe it got fixed but thanks for taking a
look.
Status: RESOLVED → VERIFIED
Based on chris' comments, marking as verified invalid.
You need to log in before you can comment on or make changes to this bug.