Closed Bug 186752 Opened 22 years ago Closed 22 years ago

crashes [@ nsCSSRendering::PaintBackgroundWithSC]

Categories

(Core :: CSS Parsing and Computation, defect)

Product:
Core
Component:
CSS Parsing and Computation
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.3beta

People

(Reporter: dbaron, Assigned: caillon)

References

(
URL
)

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(2 obsolete files) 

Crashes are showing up in talkback at nsCSSRendering::PaintBackgroundWithSC . 
The only URL given (a number of times) is http://www.otmar.ch .  The date fits a
regression from bug 46814.
URL: http://www.otmar.chhttp://www.otmar.ch/
Severity: normal → critical
Keywords: crash
crashes with yesterdays and todays nightly on WIN98
Sometimes, not always, DocWatson came up, logs available on request.
Website crashed while loading,
it didn´t crash when loading images was disabled, but crashed when it was
allowed again after site was loaded.

Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3b) Gecko/20021225

TB15482177G contains preceding 5 talkback numbers
Attached patch diff -w fix (obsolete) — Splinter Review 
We crash because there is no root scrollable frame.  I'm not sure exactly why,
but this patch fixes it (diff -w only).
I'll see if I can figure out why there is no root scrollable frame in this case
tomorrow.  It is probably just some layout quirk I am not aware of yet.  Though
if you have an idea off hand, David, let me know.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.3beta
TB15482861E  
http://www.w3.org/Style/CSS/
website crashed when loading of images was allowed.
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3b) Gecko/20021225
http://www.albinoblacksheep.com/
crash when loading of images allowed
TB15483731M
Blocks: 186782
No longer blocks: 186782
*** Bug 186782 has been marked as a duplicate of this bug. ***
Blocks: 186833
No longer blocks: 186833
*** Bug 186833 has been marked as a duplicate of this bug. ***
http://www.w3.org/Style/CSS/ is driving me nuts.  It crashes before I can even
scroll.
Comment on attachment 110130 [details] [diff] [review]
diff -w fix

I just landed the null check.  I didn't get any free time to figure out what's
really going on here, and might not until 2003.  Leaving open pending that
investigation.
Attachment #110130 - Attachment is obsolete: true
confirming chrash at the w3-link with:
Mozilla/5.0    Gecko/20021226
(Macintosh; U; PPC Mac OS X Mach-O; da-DK; rv:1.3b; MultiZilla v1.1.33 (a))
Flags: blocking1.3b?
*** Bug 186895 has been marked as a duplicate of this bug. ***
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3b) Gecko/20021227
TB15531548M 
http://www.w3.org/Style/CSS/
website crashed when loading of images was allowed.
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3b) Gecko/20021227
TB15532213M 
http://www.w3.org/Style/CSS/
loaded website and others, then allowed loading of images ==> CRASH

no crash, but still not perfect:
http://www.otmar.ch
If wildly hovered and clicked, and got some sourcecode instead of rendered
display in some regions of the screen.
Don´t know so much about HTML and CSS to explore in more detail.

no crash, but seems CSS is corrupt:
http://www.albinoblacksheep.com/
1st column gets wider when I hover over it´s links, but resizes when I leave.
mid column only gets wider when hovering over links, resizes on reload only.
3rd column: don´t know if it is displayed as wanted.
http://www.albinoblacksheep.com/ is the only site that seems to be giving me
problems now.  It messes with my tabs.  None of them are crashing me, though.

The problem as listed seems to be fixed.

Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021227 Phoenix/0.5
Attached patch Null check before CallQI (obsolete) — Splinter Review 
I just blindly copied code from dbaron's review (bug 46814 comment 24) without
giving it a second though (my fault).  do_QI null-checked but CallQI does not. 
I need to explicitly add that here.  This fixes the w3.org crash.
Attachment #110247 - Flags: superreview?(dbaron)
Attachment #110247 - Flags: review?(dbaron)
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3a) Gecko/20021227 Phoenix/0.5

http://www.w3.org/Style/CSS/ also crashed when loading of images was allowed.

Can´t give Talkback, but info from DocWatson WATSON70.WLG ( more on request )
Trap 0e - 0000 invalid page fault
eception code c0000005 (access violation)
exception address 006fd17a (phoenix.exe:.txt+0x2fc17a)

Can´t copy&paste, but send whole log, if wanted.


So with todays checkin, Phoenix and Mozilla still crash on this website.
But if I disable loading of images, load w3.org/Style/CSS/, 
save page as "Webpage, Complete", 
I can load the local stored file online or offline, without a crash, with
loading of images enabled.

some Talkbacks: TB15536500E, TB15536710Q,TB15536892G,TB15541473K,TB15541673Y

Yes we know that w3.org/Style/CSS crashes.  You've only mentioned it three times
in the last eight hours.
Comment on attachment 110247 [details] [diff] [review]
Null check before CallQI

r+sr=dbaron if you move the declaration of scrollableFrame inside the if.
Attachment #110247 - Flags: superreview?(dbaron)
Attachment #110247 - Flags: superreview+
Attachment #110247 - Flags: review?(dbaron)
Attachment #110247 - Flags: review+
I need scrollableFrame later on, outside of the if.
Then do you need to initialize it to null?
Comment on attachment 110247 [details] [diff] [review]
Null check before CallQI

Landed, as-is.
Attachment #110247 - Attachment is obsolete: true
Whoops, didn't see your last comment before I posted.  We will attempt to get it
at least once.  Either via the QI, or at |scrollableFrame =
GetRootScrollableFrame(aPresContext, rootFrame);|  Both places will set the
scrollableFrame to nsnull if all else fails, but I can add the explicit
initialization if you like.
no crashes with this signature showing in talkback summary since 12-28. if the
patch is staying as is, could this be marked FIXED?
Okay, after doing some debugging and reading through nsCSSFrameConstructor, I
feel comfortable with attachment 110130 [details] [diff] [review].  We were crashing in a situation with a
frame/iframe which had a background image and no scrollbars.  This happened
because we were getting a nsScrollBoxFrame (nsScrollPortFrame).  That does not
implement nsIScrollableFrame. But it appears to be the correct frame there
according to
http://lxr.mozilla.org/mozilla/source/layout/html/style/src/nsCSSFrameConstructor.cpp#3315

Marking fixed.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Flags: blocking1.3b?
*** Bug 186852 has been marked as a duplicate of this bug. ***
*** Bug 183220 has been marked as a duplicate of this bug. ***
Crash Signature: [@ nsCSSRendering::PaintBackgroundWithSC]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: