Closed Bug 17296 Opened 25 years ago Closed 25 years ago

Crash when frameset reflow is re-entered. (edge case)

Categories

(Core :: Layout: Images, Video, and HTML Frames, defect, P3)

Product:
Core
Component:
Layout: Images, Video, and HTML Frames
Platform:
Other
Linux
Type:
defect

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: dp, Assigned: pollmann)

References

(
URL
)

Details

(Keywords: crash, verifyme) 

With http://webgroup/~dp/personal/finance as my home page, I get this core dump
on startup. I can visit this page normally ok.

Program received signal SIGSEGV, Segmentation fault.
0x40ea95b5 in nsHTMLFramesetFrame::ReflowPlaceChild (this=0x834e568, aChild=0x0,
aPresContext=@0x82e5e00, aReflowState=@0xbfff70bc, aOffset=@0xbfff7018,
aSize=@0xbfff6fac, aCellIndex=0x0) at nsFrameSetFrame.cpp:775
Current language:  auto; currently c++
(gdb) bt
#0  0x40ea95b5 in nsHTMLFramesetFrame::ReflowPlaceChild (this=0x834e568,
aChild=0x0, aPresContext=@0x82e5e00, aReflowState=@0xbfff70bc,
aOffset=@0xbfff7018, aSize=@0xbfff6fac, aCellIndex=0x0) at
nsFrameSetFrame.cpp:775
#1  0x40eaad49 in nsHTMLFramesetFrame::Reflow (this=0x834e568,
aPresContext=@0x82e5e00, aDesiredSize=@0xbfff708c, aReflowState=@0xbfff70bc,
aStatus=@0xbfff71c4) at nsFrameSetFrame.cpp:1158
#2  0x40ddea77 in nsLineLayout::ReflowFrame (this=0xbfff725c, aFrame=0x834e568,
aNextRCFrame=0xbfff7d64, aReflowStatus=@0xbfff71c4) at nsLineLayout.cpp:932
#3  0x40daea49 in nsBlockFrame::ReflowInlineFrame (this=0x834d190,
aState=@0xbfff7cd4, aLineLayout=@0xbfff725c, aLine=0x834e648, aFrame=0x834e568,
aLineReflowStatus=0xbfff7213 "") at nsBlockFrame.cpp:3629
#4  0x40dae762 in nsBlockFrame::DoReflowInlineFrames (this=0x834d190,
aState=@0xbfff7cd4, aLineLayout=@0xbfff725c, aLine=0x834e648,
aKeepReflowGoing=0xbfff7abc, aLineReflowStatus=0xbfff79bf "\002") at
nsBlockFrame.cpp:3521
#5  0x40dae593 in nsBlockFrame::DoReflowInlineFramesAuto (this=0x834d190,
aState=@0xbfff7cd4, aLine=0x834e648, aKeepReflowGoing=0xbfff7abc,
aLineReflowStatus=0xbfff79bf "\002") at nsBlockFrame.cpp:3466
#6  0x40dae386 in nsBlockFrame::ReflowInlineFrames (this=0x834d190,
aState=@0xbfff7cd4, aLine=0x834e648, aKeepReflowGoing=0xbfff7abc) at
nsBlockFrame.cpp:3415
#7  0x40dacbc5 in nsBlockFrame::ReflowLine (this=0x834d190, aState=@0xbfff7cd4,
aLine=0x834e648, aKeepReflowGoing=0xbfff7abc, aDamageDirtyArea=0) at
nsBlockFrame.cpp:2642
#8  0x40dac26e in nsBlockFrame::ReflowDirtyLines (this=0x834d190,
aState=@0xbfff7cd4) at nsBlockFrame.cpp:2402
#9  0x40daa840 in nsBlockFrame::Reflow (this=0x834d190, aPresContext=@0x82e5e00,
aMetrics=@0xbfff802c, aReflowState=@0xbfff7f8c, aStatus=@0xbfff82ec) at
nsBlockFrame.cpp:1476
#10 0x40da724c in nsAreaFrame::Reflow (this=0x834d190, aPresContext=@0x82e5e00,
aDesiredSize=@0xbfff802c, aReflowState=@0xbfff7f8c, aStatus=@0xbfff82ec) at
nsAreaFrame.cpp:285
#11 0x40db7b00 in nsContainerFrame::ReflowChild (this=0x834bfa8,
aKidFrame=0x834d190, aPresContext=@0x82e5e00, aDesiredSize=@0xbfff802c,
aReflowState=@0xbfff7f8c, aStatus=@0xbfff82ec) at nsContainerFrame.cpp:378
#12 0x40dcd154 in RootFrame::Reflow (this=0x834bfa8, aPresContext=@0x82e5e00,
aDesiredSize=@0xbfff8184, aReflowState=@0xbfff80dc, aStatus=@0xbfff82ec) at
nsHTMLFrame.cpp:325
#13 0x40db7b00 in nsContainerFrame::ReflowChild (this=0x834d840,
aKidFrame=0x834bfa8, aPresContext=@0x82e5e00, aDesiredSize=@0xbfff8184,
aReflowState=@0xbfff80dc, aStatus=@0xbfff82ec) at nsContainerFrame.cpp:378
#14 0x40dfe7c9 in ViewportFrame::Reflow (this=0x834d840,
aPresContext=@0x82e5e00, aDesiredSize=@0xbfff82f0, aReflowState=@0xbfff8244,
aStatus=@0xbfff82ec) at nsViewportFrame.cpp:514
#15 0x40de9a07 in PresShell::ResizeReflow (this=0x858a468, aWidth=9216,
aHeight=5285) at nsPresShell.cpp:1031
#16 0x40decfff in PresShell::ResizeReflow (this=0x858a468, aView=0x84f0eb8,
aWidth=9216, aHeight=5285) at nsPresShell.cpp:2254
#17 0x413630da in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/libraptorview.so
#18 0x413675a1 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/libraptorview.so
#19 0x41359fa4 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/libraptorview.so
#20 0x4053dd10 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libwidget_gtk.so
#21 0x4053da9c in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libwidget_gtk.so
#22 0x4053c5cb in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libwidget_gtk.so
#23 0x405307c2 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libwidget_gtk.so
#24 0x4054299b in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libwidget_gtk.so
#25 0x40542a20 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libwidget_gtk.so
#26 0x40fba9d6 in DocumentViewerImpl::SetBounds (this=0x8314fd0,
aBounds=@0xbfff85e4) at nsDocumentViewer.cpp:474
#27 0x40957bb9 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libraptorwebwidget.so
#28 0x40ea740a in nsHTMLFrameInnerFrame::Reflow (this=0x85816f8,
aPresContext=@0x82a7cc8, aDesiredSize=@0xbfff8814, aReflowState=@0xbfff8774,
aStatus=@0xbfffa024) at nsFrameFrame.cpp:905
#29 0x40db7b00 in nsContainerFrame::ReflowChild (this=0x855cfa0,
aKidFrame=0x85816f8, aPresContext=@0x82a7cc8, aDesiredSize=@0xbfff8814,
aReflowState=@0xbfff8774, aStatus=@0xbfffa024) at nsContainerFrame.cpp:378
#30 0x40ea56ff in nsHTMLFrameOuterFrame::Reflow (this=0x855cfa0,
aPresContext=@0x82a7cc8, aDesiredSize=@0xbfff9e3c, aReflowState=@0xbfff88a0,
aStatus=@0xbfffa024) at nsFrameFrame.cpp:356
#31 0x40f7f2b3 in nsBoxFrame::FlowChildAt (this=0x855b070, childFrame=0x855cfa0,
aPresContext=@0x82a7cc8, desiredSize=@0xbfff9e3c, aReflowState=@0xbfff8dc4,
aStatus=@0xbfffa024, aInfo=@0x855b0b4, aRedraw=@0xbfff8cb4, aReason=@0xbfff8c10)
at nsBoxFrame.cpp:1098
#32 0x40f7e721 in nsBoxFrame::FlowChildren (this=0x855b070,
aPresContext=@0x82a7cc8, aDesiredSize=@0xbfff9e3c, aReflowState=@0xbfff8dc4,
aStatus=@0xbfffa024, rect=@0xbfff8d70) at nsBoxFrame.cpp:696
#33 0x40f7e494 in nsBoxFrame::Reflow (this=0x855b070, aPresContext=@0x82a7cc8,
aDesiredSize=@0xbfff9e3c, aReflowState=@0xbfff8dc4, aStatus=@0xbfffa024) at
nsBoxFrame.cpp:527
#34 0x40f7f2b3 in nsBoxFrame::FlowChildAt (this=0x8559140, childFrame=0x855b070,
aPresContext=@0x82a7cc8, desiredSize=@0xbfff9e3c, aReflowState=@0xbfff92e8,
aStatus=@0xbfffa024, aInfo=@0x8559184, aRedraw=@0xbfff91d8, aReason=@0xbfff9134)
at nsBoxFrame.cpp:1098
#35 0x40f7e721 in nsBoxFrame::FlowChildren (this=0x8559140,
aPresContext=@0x82a7cc8, aDesiredSize=@0xbfff9e3c, aReflowState=@0xbfff92e8,
aStatus=@0xbfffa024, rect=@0xbfff9294) at nsBoxFrame.cpp:696
#36 0x40f7e494 in nsBoxFrame::Reflow (this=0x8559140, aPresContext=@0x82a7cc8,
aDesiredSize=@0xbfff9e3c, aReflowState=@0xbfff92e8, aStatus=@0xbfffa024) at
nsBoxFrame.cpp:527
#37 0x40f7f2b3 in nsBoxFrame::FlowChildAt (this=0x85569f8, childFrame=0x8559140,
aPresContext=@0x82a7cc8, desiredSize=@0xbfff9e3c, aReflowState=@0xbfff980c,
aStatus=@0xbfffa024, aInfo=@0x8556a3c, aRedraw=@0xbfff96fc, aReason=@0xbfff9658)
at nsBoxFrame.cpp:1098
#38 0x40f7e721 in nsBoxFrame::FlowChildren (this=0x85569f8,
aPresContext=@0x82a7cc8, aDesiredSize=@0xbfff9e3c, aReflowState=@0xbfff980c,
aStatus=@0xbfffa024, rect=@0xbfff97b8) at nsBoxFrame.cpp:696
#39 0x40f7e494 in nsBoxFrame::Reflow (this=0x85569f8, aPresContext=@0x82a7cc8,
aDesiredSize=@0xbfff9e3c, aReflowState=@0xbfff980c, aStatus=@0xbfffa024) at
nsBoxFrame.cpp:527
#40 0x40f7f2b3 in nsBoxFrame::FlowChildAt (this=0x850cbb0, childFrame=0x85569f8,
aPresContext=@0x82a7cc8, desiredSize=@0xbfff9e3c, aReflowState=@0xbfff9d9c,
aStatus=@0xbfffa024, aInfo=@0x850cd8c, aRedraw=@0xbfff9c20, aReason=@0xbfff9b7c)
at nsBoxFrame.cpp:1098
#41 0x40f7e721 in nsBoxFrame::FlowChildren (this=0x850cbb0,
aPresContext=@0x82a7cc8, aDesiredSize=@0xbfff9e3c, aReflowState=@0xbfff9d9c,
aStatus=@0xbfffa024, rect=@0xbfff9cdc) at nsBoxFrame.cpp:696
#42 0x40f7e494 in nsBoxFrame::Reflow (this=0x850cbb0, aPresContext=@0x82a7cc8,
aDesiredSize=@0xbfff9e3c, aReflowState=@0xbfff9d9c, aStatus=@0xbfffa024) at
nsBoxFrame.cpp:527
#43 0x40db7b00 in nsContainerFrame::ReflowChild (this=0x850b9b8,
aKidFrame=0x850cbb0, aPresContext=@0x82a7cc8, aDesiredSize=@0xbfff9e3c,
aReflowState=@0xbfff9d9c, aStatus=@0xbfffa024) at nsContainerFrame.cpp:378
#44 0x40dcd154 in RootFrame::Reflow (this=0x850b9b8, aPresContext=@0x82a7cc8,
aDesiredSize=@0xbfff9f94, aReflowState=@0xbfff9eec, aStatus=@0xbfffa024) at
nsHTMLFrame.cpp:325
#45 0x40db7b00 in nsContainerFrame::ReflowChild (this=0x850b970,
aKidFrame=0x850b9b8, aPresContext=@0x82a7cc8, aDesiredSize=@0xbfff9f94,
aReflowState=@0xbfff9eec, aStatus=@0xbfffa024) at nsContainerFrame.cpp:378
#46 0x40dfe7c9 in ViewportFrame::Reflow (this=0x850b970,
aPresContext=@0x82a7cc8, aDesiredSize=@0xbfffa14c, aReflowState=@0xbfffa028,
aStatus=@0xbfffa024) at nsViewportFrame.cpp:514
#47 0x40dce8f3 in nsHTMLReflowCommand::Dispatch (this=0x8355248,
aPresContext=@0x82a7cc8, aDesiredSize=@0xbfffa14c, aMaxSize=@0xbfffa130,
aRendContext=@0x8354338) at nsHTMLReflowCommand.cpp:137
#48 0x40dea7c6 in PresShell::ProcessReflowCommands (this=0x82c5648) at
nsPresShell.cpp:1430
#49 0x40de81e3 in PresShell::ExitReflowLock (this=0x82c5648) at
nsPresShell.cpp:669
#50 0x40debd32 in PresShell::AttributeChanged (this=0x82c5648,
aDocument=0x81c9e48, aContent=0x83ef7e8, aNameSpaceID=0, aAttribute=0x81c32f0,
aHint=-1) at nsPresShell.cpp:1836
#51 0x408688b4 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/librdf.so
#52 0x40841739 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/librdf.so
#53 0x4083cad0 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/librdf.so
#54 0x4041e7bf in ?? () from /home/dp/build.debug/mozilla/dist/bin/libjsdom.so
#55 0x400848ce in ?? () from /home/dp/build.debug/mozilla/dist/bin/libmozjs.so
#56 0x40093531 in ?? () from /home/dp/build.debug/mozilla/dist/bin/libmozjs.so
#57 0x4008492d in ?? () from /home/dp/build.debug/mozilla/dist/bin/libmozjs.so
#58 0x40093531 in ?? () from /home/dp/build.debug/mozilla/dist/bin/libmozjs.so
#59 0x4008492d in ?? () from /home/dp/build.debug/mozilla/dist/bin/libmozjs.so
#60 0x40084c48 in ?? () from /home/dp/build.debug/mozilla/dist/bin/libmozjs.so
#61 0x40059ff8 in ?? () from /home/dp/build.debug/mozilla/dist/bin/libmozjs.so
#62 0x403f050a in ?? () from /home/dp/build.debug/mozilla/dist/bin/libjsdom.so
#63 0x40429a85 in ?? () from /home/dp/build.debug/mozilla/dist/bin/libjsdom.so
#64 0x40d9e929 in nsEventListenerManager::HandleEvent (this=0x83f10d0,
aPresContext=@0x82a7cc8, aEvent=0xbfffc180, aDOMEvent=0xbfffc074, aFlags=7,
aEventStatus=@0xbfffc0ec) at nsEventListenerManager.cpp:1210
#65 0x408434ea in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/librdf.so
#66 0x40844940 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/librdf.so
#67 0x4084445e in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/librdf.so
#68 0x408416c7 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/librdf.so
#69 0x4083cad0 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/librdf.so
#70 0x41504efe in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/libmozbrwsr.so
#71 0x41505772 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/libmozbrwsr.so
#72 0x4095d363 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libraptorwebwidget.so
#73 0x409538ef in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libraptorwebwidget.so
#74 0x40953599 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libraptorwebwidget.so
#75 0x409013cf in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/libnecko.so
#76 0x41522831 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/libnecko_http.so
#77 0x41521cea in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/libnecko_http.so
#78 0x409546e0 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libraptorwebwidget.so
#79 0x40952e38 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libraptorwebwidget.so
#80 0x4095a10e in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libraptorwebwidget.so
#81 0x4095a591 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libraptorwebwidget.so
#82 0x4095b111 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libraptorwebwidget.so
#83 0x40959371 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libraptorwebwidget.so
#84 0x40ea7277 in nsHTMLFrameInnerFrame::Reflow (this=0x8351360,
aPresContext=@0x82e5e00, aDesiredSize=@0xbfffd734, aReflowState=@0xbfffd694,
aStatus=@0xbfffd8cc) at nsFrameFrame.cpp:875
#85 0x40db7b00 in nsContainerFrame::ReflowChild (this=0x8350b48,
aKidFrame=0x8351360, aPresContext=@0x82e5e00, aDesiredSize=@0xbfffd734,
aReflowState=@0xbfffd694, aStatus=@0xbfffd8cc) at nsContainerFrame.cpp:378
#86 0x40ea56ff in nsHTMLFrameOuterFrame::Reflow (this=0x8350b48,
aPresContext=@0x82e5e00, aDesiredSize=@0xbfffd800, aReflowState=@0xbfffd828,
aStatus=@0xbfffd8cc) at nsFrameFrame.cpp:356
#87 0x40db7b00 in nsContainerFrame::ReflowChild (this=0x834e568,
aKidFrame=0x8350b48, aPresContext=@0x82e5e00, aDesiredSize=@0xbfffd800,
aReflowState=@0xbfffd828, aStatus=@0xbfffd8cc) at nsContainerFrame.cpp:378
#88 0x40ea964f in nsHTMLFramesetFrame::ReflowPlaceChild (this=0x834e568,
aChild=0x8350b48, aPresContext=@0x82e5e00, aReflowState=@0xbfffdb3c,
aOffset=@0xbfffda98, aSize=@0xbfffdaa0, aCellIndex=0xbfffda34) at
nsFrameSetFrame.cpp:782
#89 0x40eaad76 in nsHTMLFramesetFrame::Reflow (this=0x834e568,
aPresContext=@0x82e5e00, aDesiredSize=@0xbfffdb0c, aReflowState=@0xbfffdb3c,
aStatus=@0xbfffdc44) at nsFrameSetFrame.cpp:1164
#90 0x40ddea77 in nsLineLayout::ReflowFrame (this=0xbfffdcdc, aFrame=0x834e568,
aNextRCFrame=0xbfffe7e4, aReflowStatus=@0xbfffdc44) at nsLineLayout.cpp:932
#91 0x40daea49 in nsBlockFrame::ReflowInlineFrame (this=0x834d190,
aState=@0xbfffe754, aLineLayout=@0xbfffdcdc, aLine=0x834e648, aFrame=0x834e568,
aLineReflowStatus=0xbfffdc93 "") at nsBlockFrame.cpp:3629
#92 0x40dae762 in nsBlockFrame::DoReflowInlineFrames (this=0x834d190,
aState=@0xbfffe754, aLineLayout=@0xbfffdcdc, aLine=0x834e648,
aKeepReflowGoing=0xbfffe53c, aLineReflowStatus=0xbfffe43f "\002") at
nsBlockFrame.cpp:3521
#93 0x40dae593 in nsBlockFrame::DoReflowInlineFramesAuto (this=0x834d190,
aState=@0xbfffe754, aLine=0x834e648, aKeepReflowGoing=0xbfffe53c,
aLineReflowStatus=0xbfffe43f "\002") at nsBlockFrame.cpp:3466
#94 0x40dae386 in nsBlockFrame::ReflowInlineFrames (this=0x834d190,
aState=@0xbfffe754, aLine=0x834e648, aKeepReflowGoing=0xbfffe53c) at
nsBlockFrame.cpp:3415
#95 0x40dacbc5 in nsBlockFrame::ReflowLine (this=0x834d190, aState=@0xbfffe754,
aLine=0x834e648, aKeepReflowGoing=0xbfffe53c, aDamageDirtyArea=0) at
nsBlockFrame.cpp:2642
#96 0x40dac26e in nsBlockFrame::ReflowDirtyLines (this=0x834d190,
aState=@0xbfffe754) at nsBlockFrame.cpp:2402
#97 0x40daa840 in nsBlockFrame::Reflow (this=0x834d190, aPresContext=@0x82e5e00,
aMetrics=@0xbfffeaac, aReflowState=@0xbfffea0c, aStatus=@0xbfffedd4) at
nsBlockFrame.cpp:1476
#98 0x40da724c in nsAreaFrame::Reflow (this=0x834d190, aPresContext=@0x82e5e00,
aDesiredSize=@0xbfffeaac, aReflowState=@0xbfffea0c, aStatus=@0xbfffedd4) at
nsAreaFrame.cpp:285
#99 0x40db7b00 in nsContainerFrame::ReflowChild (this=0x834bfa8,
aKidFrame=0x834d190, aPresContext=@0x82e5e00, aDesiredSize=@0xbfffeaac,
aReflowState=@0xbfffea0c, aStatus=@0xbfffedd4) at nsContainerFrame.cpp:378
#100 0x40dcd154 in RootFrame::Reflow (this=0x834bfa8, aPresContext=@0x82e5e00,
aDesiredSize=@0xbfffec04, aReflowState=@0xbfffeb5c, aStatus=@0xbfffedd4) at
nsHTMLFrame.cpp:325
#101 0x40db7b00 in nsContainerFrame::ReflowChild (this=0x834d840,
aKidFrame=0x834bfa8, aPresContext=@0x82e5e00, aDesiredSize=@0xbfffec04,
aReflowState=@0xbfffeb5c, aStatus=@0xbfffedd4) at nsContainerFrame.cpp:378
#102 0x40dfe7c9 in ViewportFrame::Reflow (this=0x834d840,
aPresContext=@0x82e5e00, aDesiredSize=@0xbfffedd8, aReflowState=@0xbfffed2c,
aStatus=@0xbfffedd4) at nsViewportFrame.cpp:514
#103 0x40de9456 in PresShell::InitialReflow (this=0x858a468, aWidth=9216,
aHeight=5285) at nsPresShell.cpp:951
#104 0x40e95e64 in HTMLContentSink::StartLayout (this=0x81daca0) at
nsHTMLContentSink.cpp:2680
#105 0x40e95771 in HTMLContentSink::CloseFrameset (this=0x81daca0,
aNode=@0xbfffefd4) at nsHTMLContentSink.cpp:2464
#106 0x4116e154 in CNavDTD::CloseFrameset (this=0x85b6368, aNode=@0xbfffefd4) at
CNavDTD.cpp:2565
#107 0x4116e7f2 in CNavDTD::CloseContainer (this=0x85b6368, aNode=@0xbfffefd4,
aTag=eHTMLTag_frameset, aClosedByStartTag=0) at CNavDTD.cpp:2717
#108 0x4116e96f in CNavDTD::CloseContainersTo (this=0x85b6368, anIndex=1,
aTag=eHTMLTag_frameset, aClosedByStartTag=0) at CNavDTD.cpp:2762
#109 0x4116ea4e in CNavDTD::CloseContainersTo (this=0x85b6368,
aTag=eHTMLTag_frameset, aClosedByStartTag=0) at CNavDTD.cpp:2784
#110 0x4116c311 in CNavDTD::HandleEndToken (this=0x85b6368, aToken=0x8334b20) at
CNavDTD.cpp:1488
#111 0x4116a831 in CNavDTD::HandleToken (this=0x85b6368, aToken=0x8334b20,
aParser=0x84fc2f0) at CNavDTD.cpp:656
#112 0x4116a208 in CNavDTD::BuildModel (this=0x85b6368, aParser=0x84fc2f0,
aTokenizer=0x82effb8, anObserver=0x0, aSink=0x81daca0) at CNavDTD.cpp:458
#113 0x41178cac in nsParser::BuildModel (this=0x84fc2f0) at nsParser.cpp:1038
#114 0x41178b58 in nsParser::ResumeParse (this=0x84fc2f0, aDefaultDTD=0x0,
aIsFinalChunk=0) at nsParser.cpp:949
#115 0x4117965a in nsParser::OnDataAvailable (this=0x84fc2f0, channel=0x85d8310,
aContext=0x0, pIStream=0x81af570, sourceOffset=0, aLength=347) at
nsParser.cpp:1376
#116 0x40954b7d in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libraptorwebwidget.so
#117 0x409557bc in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libraptorwebwidget.so
#118 0x41525eff in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/libnecko_http.so
#119 0x408eee61 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/libnecko.so
#120 0x408ee3fa in ?? () from
/home/dp/build.debug/mozilla/dist/bin/components/libnecko.so
#121 0x4019932b in ?? () from /home/dp/build.debug/mozilla/dist/bin/libplds3.so
#122 0x4019923c in ?? () from /home/dp/build.debug/mozilla/dist/bin/libplds3.so
#123 0x40157889 in nsEventQueueImpl::ProcessPendingEvents (this=0x80a0d60) at
nsEventQueue.cpp:190
#124 0x40527a56 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libwidget_gtk.so
#125 0x4052741f in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libwidget_gtk.so
#126 0x406b6d6a in ?? () from /usr/lib/libglib-1.2.so.0
#127 0x406b82c6 in ?? () from /usr/lib/libglib-1.2.so.0
#128 0x406b8801 in ?? () from /usr/lib/libglib-1.2.so.0
#129 0x406b8979 in ?? () from /usr/lib/libglib-1.2.so.0
#130 0x405e7f3a in ?? () from /usr/lib/libgtk-1.2.so.0
#131 0x40527f5f in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libwidget_gtk.so
#132 0x4039bcd1 in ?? () from
/home/dp/build.debug/mozilla/dist/bin/libnsappshell.so
#133 0x804b777 in main1 (argc=1, argv=0xbffffa34) at nsAppRunner.cpp:604
#134 0x804b9f9 in main (argc=1, argv=0xbffffa34) at nsAppRunner.cpp:694
#135 0x40295cb3 in ?? () from /lib/libc.so.6
(gdb)
Hardware: PC → Other
If it didn't happen on Friday, then there's a decent chance it's my fault in
which Eric I apologize in advance.
*** Bug 17295 has been marked as a duplicate of this bug. ***
Status: NEW → ASSIGNED
Hmm, I'm not getting a core dump in tonight's build... This must be caused by
secret code embedded in apprunner to prevent dp from daytrading.  :)
Okay, I'm not seeing the crash, but I am seeing strange behaviour when placing
the border frame on this page.  Looks like my territory.  :)
Please please, help me. It is time to buy. The market it down. There is interest
rate fears....

I am updating my tree to tip today. I will try to reproduce it and if I can,
will give show you the problem.

I hope you tried it on linux apprunner. Going to the url after startup will
pass. Only at startup I see the crash. Maybe that hint will help. Try:

	apprunner -url http://webgroup/~dp/personal/finance
Haha.  :)

Ah, I was using Linux apprunner, but I had set the homepage to be your finance
page using the preferences.  Maybe this caused the difference?  I'll try it your
way.  The crash looks like it was caused by a null border frame being passed
through reflow in the top routine on the stack  The odd thing is that it looks
like this is most likely due to an allocation failure.  Is this possible?  How
much RAM do you have on your machine?  (At any rate, I will add a check for null
after the allocation and before the usage.   :)  )
Setting home page or -url should both cause the coredump.

My machine has 192MB So I would be surprised if this is a memory failure.
Summary: Core dump on startup → Core dump on frameset reflow
Target Milestone: M13
Dp reports no longer seeing this bug in today's build.  I'm reducing the
priority, but am still concerned as to how it appeared/disappeared.

Yesterday Dp and I traced this down to a frameset reflow being reentered just as
the first child frame is placed (#89 and #1 on this stack trace).  The code is
definitely not reentrant, and this was causing the crash.
Summary: Core dump on frameset reflow → [CRASH] Core dump on frameset reflow
Marking [CRASH] although may be fixed already.
Target Milestone: M13 → M15
Because this is no longer crashing, I'm moving to M15 at which point I hope to
add the extra checks needed to ensure that frameset reflow is not re-entered!
Adding "crash" keyword to all known open crasher bugs.
Keywords: crash
Summary: [CRASH] Core dump on frameset reflow → Crash when frameset reflow is re-entered. (edge case)
It turns out the checks are already in place (reflow is not reentrant due to a
reflow lock now according to some of our layout gurus over here)  As such, and
seeing as how I can't reproduce this problem, I'm going to mark this one
WORKSFORME (fixed by someone else).  Thanks!
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
Keywords: verifyme
Verified works for me in the May 30th build (2000053108).
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
Component: Layout: HTML Frames → Layout: Images
Product: Core Graveyard → Core
You need to log in before you can comment on or make changes to this bug.