Closed
Bug 178855
Opened 22 years ago
Closed 22 years ago
crash when calling this XML url
Categories
(Core :: Layout: Tables, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla1.3alpha
People
(Reporter: dewildt, Assigned: karnaze)
References
()
Details
(Keywords: crash, Whiteboard: [PATCH])
Attachments
(2 files)
112 bytes,
text/xml
|
Details | |
2.14 KB,
patch
|
dbaron
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b) Gecko/20021107 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b) Gecko/20021107 Mozilla crashes when calling the URL http://www.xmlguru.de/html/_d/03demo/demo11.xml talkback ID : TB13630462K Reproducible: Always Steps to Reproduce: 1. call http://www.xmlguru.de/html/_d/03demo/demo11.xml Actual Results: Crash Expected Results: Show xml page I used a fresh install with a new created user without any additional plugins etc. This bug also exists in Mozilla 1.2b (Is this a dup of bug 174709 ?)
Reporter | ||
Updated•22 years ago
|
Summary: crash when calling the url → crash when calling this XML url
Comment 1•22 years ago
|
||
confirmed on Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2b) Gecko/20021107. the problem is with the xsl file (http://www.xmlguru.de/html/_d/03demo/demo11.xsl). when the line to include the xsl file is not included, the xml file opens fine.
Comment 2•22 years ago
|
||
Marking confirmed using Win2k 1106 cvs. Not a dupe of 174709 it looks like. Here's the stack: nsIFrame::GetFrameState(unsigned int * 0x0012e610) line 795 + 6 bytes nsCSSFrameConstructor::CreatePlaceholderFrameFor(nsIPresShell * 0x0510e1a8, nsIPresContext * 0x04bd4578, nsIFrameManager * 0x04fa46e0, nsIContent * 0x0523dbc0, nsIFrame * 0x00000000, nsIStyleContext * 0x0492e070, nsIFrame * 0x050fed3c, nsIFrame * * 0x0012e69c) line 4025 nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x0510e1a8, nsIPresContext * 0x04bd4578, nsFrameConstructorState & {...}, const nsStyleDisplay * 0x050feec8, nsIContent * 0x0523dbc0, int 0x00000003, nsIAtom * 0x03105fd0, nsIFrame * 0x050fed3c, nsIStyleContext * 0x0492e070, nsFrameItems & {...}) line 6713 nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x0510e1a8, nsIPresContext * 0x04bd4578, nsFrameConstructorState & {...}, nsIContent * 0x0523dbc0, nsIFrame * 0x050fed3c, nsIAtom * 0x03105fd0, int 0x00000003, nsIStyleContext * 0x0492e070, nsFrameItems & {...}, int 0x00000000) line 7441 + 53 bytes nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x0510e1a8, nsIPresContext * 0x04bd4578, nsFrameConstructorState & {...}, nsIContent * 0x0523dbc0, nsIFrame * 0x050fed3c, nsFrameItems & {...}) line 7292 + 56 bytes nsCSSFrameConstructor::ConstructDocElementTableFrame(nsIPresShell * 0x0510e1a8, nsIPresContext * 0x04bd4578, nsIContent * 0x0523dbc0, nsIFrame * 0x050fed3c, nsIFrame * & 0x00000000, nsILayoutHistoryState * 0x00000000) line 3269 nsCSSFrameConstructor::ConstructDocElementFrame(nsIPresShell * 0x0510e1a8, nsIPresContext * 0x04bd4578, nsFrameConstructorState & {...}, nsIContent * 0x0523dbc0, nsIFrame * 0x050fed3c, nsIStyleContext * 0x04f54f98, nsIFrame * & 0x00000000) line 3432 + 43 bytes nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x043c5f48, nsIPresContext * 0x04bd4578, nsIContent * 0x00000000, nsIContent * 0x0523dbc0, int 0x00000000, nsILayoutHistoryState * 0x00000000, int 0x00000000) line 8980 StyleSetImpl::ContentInserted(StyleSetImpl * const 0x0450b620, nsIPresContext * 0x04bd4578, nsIContent * 0x00000000, nsIContent * 0x0523dbc0, int 0x00000000) line 1531 PresShell::InitialReflow(PresShell * const 0x0510e1a8, int 0x00004eb1, int 0x00003c4b) line 2796 nsXMLContentSink::StartLayout() line 1298 nsXMLContentSink::OnTransformDone(nsXMLContentSink * const 0x043509b4, unsigned int 0x00000000, nsIDOMDocument * 0x04ad6ab4) line 523 txMozillaXMLOutput::SignalTransformEnd() line 762 txMozillaXMLOutput::endDocument() line 205 txXSLTProcessor::transform(ProcessorState * 0x0012f5bc) line 1654 txMozillaXSLTProcessor::TransformDocument(txMozillaXSLTProcessor * const 0x05153328, nsIDOMNode * 0x0434dc6c, nsIDOMNode * 0x050ae6c4, nsITransformObserver * 0x043509b4, nsIDOMDocument * * 0x043ac8f8) line 383 + 12 bytes nsTransformMediator::TryToTransform() line 107 + 86 bytes nsTransformMediator::SetStyleSheetContentModel(nsTransformMediator * const 0x043ac8d8, nsIDOMNode * 0x050ae6c4) line 144 nsXSLContentSink::DidBuildModel(nsXSLContentSink * const 0x04a36fe8, int 0x00000000) line 134 nsExpatDriver::DidBuildModel(nsExpatDriver * const 0x04c0cc30, unsigned int 0x00000000, int 0x00000001, nsIParser * 0x04c59be0, nsIContentSink * 0x04a36fe8) line 972 + 23 bytes nsParser::DidBuildModel(unsigned int 0x00000000) line 1262 + 41 bytes nsParser::ResumeParse(int 0x00000001, int 0x00000001, int 0x00000001) line 1811 nsParser::OnStopRequest(nsParser * const 0x04c59be4, nsIRequest * 0x04c107d0, nsISupports * 0x00000000, unsigned int 0x00000000) line 2432 + 21 bytes nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x04c0cba0, nsIRequest * 0x04c107d0, nsISupports * 0x00000000, unsigned int 0x00000000) line 66 nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x04c107d4, nsIRequest * 0x04fa4944, nsISupports * 0x00000000, unsigned int 0x00000000) line 3020 nsOnStopRequestEvent::HandleEvent() line 213 nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x04a928fc) line 116 PL_HandleEvent(PLEvent * 0x04a928fc) line 644 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00f314a8) line 574 + 9 bytes _md_EventReceiverProc(HWND__ * 0x02780160, unsigned int 0x0000c0da, unsigned int 0x00000000, long 0x00f314a8) line 1335 + 9 bytes USER32! 77e3a290() USER32! 77e145b1() USER32! 77e15b1d() nsAppShellService::Run(nsAppShellService * const 0x031137d0) line 472 main1(int 0x00000001, char * * 0x002c6d90, nsISupports * 0x002c6df8) line 1541 + 32 bytes main(int 0x00000001, char * * 0x002c6d90) line 1902 + 37 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77e9ca90()
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 3•22 years ago
|
||
This rips out the irrelevant xslt...
Comment 4•22 years ago
|
||
The testcase in its entirety: <table style="position: absolute;" xmlns="http://www.w3.org/1999/xhtml"> <tr> <td>a test</td> </tr> </table> (note that the <table> is the root element). The table frame construction code does not seem to deal well: (gdb) frame #0 nsIFrame::GetFrameState (this=0x0, aResult=0xbfffdfd8) at /home/bzbarsky/mozilla/debug/mozilla/layout/svg/base/src/../../../base/public/nsIFrame.h:795 795 *aResult = mState; (gdb) p this $1 = (nsIFrame *) 0x0 (gdb) frame 1 #1 0x41fd11a2 in nsCSSFrameConstructor::CreatePlaceholderFrameFor (this=0x87d3cc0, aPresShell=0x87d3d90, aPresContext=0x87c1448, aFrameManager=0x87d4f60, aContent=0x879aa20, aFrame=0x0, aStyleContext=0x87e84e0, aParentFrame=0x87dc664, aPlaceholderFrame=0xbfffe1a8) at /home/bzbarsky/mozilla/debug/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp:4039 4039 aFrame->GetFrameState(&frameState); (gdb) p aFrame $2 = (nsIFrame *) 0x0 (gdb) frame 2 #2 0x41fd7e47 in nsCSSFrameConstructor::ConstructFrameByDisplayType (this=0x87d3cc0, aPresShell=0x87d3d90, aPresContext=0x87c1448, aState=@0xbfffe370, aDisplay=0x87dc76c, aContent=0x879aa20, aNameSpaceID=3, aTag=0x816f298, aParentFrame=0x87dc664, aStyleContext=0x87e84e0, aFrameItems=@0xbfffe368) at /home/bzbarsky/mozilla/debug/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp:6725 6725 newFrame, aStyleContext, adjParentFrame, &placeholderFrame); (gdb) p newFrame $3 = (nsIFrame *) 0x0 This last part is in the "nearly_done:" section of ConstructFrameByDisplayType and in particular after the ConstructTableFrame call.... for some reason ConstructTableFrame is returning a null pointer. Perhaps this is because we coopted the table outer frame and made it a canvas frame instead? (just a thought)
Assignee: heikki → table
Component: XML → Layout: Tables
OS: Windows 2000 → All
QA Contact: ian → amar
This feels like a duplicate of an old bug about tables being the root. Perhaps the solution here, rather than making tables support being the root frame (which I think there's already some code to do), is to put a dummy block around the root element's frame when that frame is not a block?
Comment 6•22 years ago
|
||
Yeah... I've been considering doing something like that anyway... right now the root content's frame is a CanvasFrame; we should be giving it a "real" frame too.
Assignee | ||
Comment 7•22 years ago
|
||
taking
Assignee: table → karnaze
Priority: -- → P2
Whiteboard: [PATCH]
Target Milestone: --- → mozilla1.3alpha
Assignee | ||
Comment 8•22 years ago
|
||
The patch fixes the crash, the testcase (because it has no positional coordinates) and contains XXX comments regarding how to fully support a positioned table which is the doc root (we could open another for that).
Assignee | ||
Updated•22 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Updated•22 years ago
|
Attachment #105920 -
Flags: superreview?(bzbarsky)
Attachment #105920 -
Flags: review?(dbaron)
Updated•22 years ago
|
Attachment #105920 -
Flags: superreview?(bzbarsky) → superreview+
Comment on attachment 105920 [details] [diff] [review] patch to fix the crash r=dbaron
Attachment #105920 -
Flags: review?(dbaron) → review+
Assignee | ||
Comment 10•22 years ago
|
||
fixed on trunk.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•