Closed Bug 186752 Opened 22 years ago Closed 22 years ago

crashes [@ nsCSSRendering::PaintBackgroundWithSC]

Categories

(Core :: CSS Parsing and Computation, defect)

defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla1.3beta

People

(Reporter: dbaron, Assigned: caillon)

References

()

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(2 obsolete files)

Crashes are showing up in talkback at nsCSSRendering::PaintBackgroundWithSC . The only URL given (a number of times) is http://www.otmar.ch . The date fits a regression from bug 46814.
Severity: normal → critical
Keywords: crash
crashes with yesterdays and todays nightly on WIN98 Sometimes, not always, DocWatson came up, logs available on request. Website crashed while loading, it didn´t crash when loading images was disabled, but crashed when it was allowed again after site was loaded. Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3b) Gecko/20021225 TB15482177G contains preceding 5 talkback numbers
Attached patch diff -w fix (obsolete) — Splinter Review
We crash because there is no root scrollable frame. I'm not sure exactly why, but this patch fixes it (diff -w only).
I'll see if I can figure out why there is no root scrollable frame in this case tomorrow. It is probably just some layout quirk I am not aware of yet. Though if you have an idea off hand, David, let me know.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.3beta
TB15482861E http://www.w3.org/Style/CSS/ website crashed when loading of images was allowed. Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3b) Gecko/20021225
http://www.albinoblacksheep.com/ crash when loading of images allowed TB15483731M
Blocks: 186782
No longer blocks: 186782
*** Bug 186782 has been marked as a duplicate of this bug. ***
Blocks: 186833
No longer blocks: 186833
*** Bug 186833 has been marked as a duplicate of this bug. ***
http://www.w3.org/Style/CSS/ is driving me nuts. It crashes before I can even scroll.
Comment on attachment 110130 [details] [diff] [review] diff -w fix I just landed the null check. I didn't get any free time to figure out what's really going on here, and might not until 2003. Leaving open pending that investigation.
Attachment #110130 - Attachment is obsolete: true
confirming chrash at the w3-link with: Mozilla/5.0 Gecko/20021226 (Macintosh; U; PPC Mac OS X Mach-O; da-DK; rv:1.3b; MultiZilla v1.1.33 (a))
Flags: blocking1.3b?
*** Bug 186895 has been marked as a duplicate of this bug. ***
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3b) Gecko/20021227 TB15531548M http://www.w3.org/Style/CSS/ website crashed when loading of images was allowed.
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3b) Gecko/20021227 TB15532213M http://www.w3.org/Style/CSS/ loaded website and others, then allowed loading of images ==> CRASH no crash, but still not perfect: http://www.otmar.ch If wildly hovered and clicked, and got some sourcecode instead of rendered display in some regions of the screen. Don´t know so much about HTML and CSS to explore in more detail. no crash, but seems CSS is corrupt: http://www.albinoblacksheep.com/ 1st column gets wider when I hover over it´s links, but resizes when I leave. mid column only gets wider when hovering over links, resizes on reload only. 3rd column: don´t know if it is displayed as wanted.
http://www.albinoblacksheep.com/ is the only site that seems to be giving me problems now. It messes with my tabs. None of them are crashing me, though. The problem as listed seems to be fixed. Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021227 Phoenix/0.5
Attached patch Null check before CallQI (obsolete) — Splinter Review
I just blindly copied code from dbaron's review (bug 46814 comment 24) without giving it a second though (my fault). do_QI null-checked but CallQI does not. I need to explicitly add that here. This fixes the w3.org crash.
Attachment #110247 - Flags: superreview?(dbaron)
Attachment #110247 - Flags: review?(dbaron)
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3a) Gecko/20021227 Phoenix/0.5 http://www.w3.org/Style/CSS/ also crashed when loading of images was allowed. Can´t give Talkback, but info from DocWatson WATSON70.WLG ( more on request ) Trap 0e - 0000 invalid page fault eception code c0000005 (access violation) exception address 006fd17a (phoenix.exe:.txt+0x2fc17a) Can´t copy&paste, but send whole log, if wanted. So with todays checkin, Phoenix and Mozilla still crash on this website. But if I disable loading of images, load w3.org/Style/CSS/, save page as "Webpage, Complete", I can load the local stored file online or offline, without a crash, with loading of images enabled. some Talkbacks: TB15536500E, TB15536710Q,TB15536892G,TB15541473K,TB15541673Y
Yes we know that w3.org/Style/CSS crashes. You've only mentioned it three times in the last eight hours.
Comment on attachment 110247 [details] [diff] [review] Null check before CallQI r+sr=dbaron if you move the declaration of scrollableFrame inside the if.
Attachment #110247 - Flags: superreview?(dbaron)
Attachment #110247 - Flags: superreview+
Attachment #110247 - Flags: review?(dbaron)
Attachment #110247 - Flags: review+
I need scrollableFrame later on, outside of the if.
Then do you need to initialize it to null?
Comment on attachment 110247 [details] [diff] [review] Null check before CallQI Landed, as-is.
Attachment #110247 - Attachment is obsolete: true
Whoops, didn't see your last comment before I posted. We will attempt to get it at least once. Either via the QI, or at |scrollableFrame = GetRootScrollableFrame(aPresContext, rootFrame);| Both places will set the scrollableFrame to nsnull if all else fails, but I can add the explicit initialization if you like.
no crashes with this signature showing in talkback summary since 12-28. if the patch is staying as is, could this be marked FIXED?
Okay, after doing some debugging and reading through nsCSSFrameConstructor, I feel comfortable with attachment 110130 [details] [diff] [review]. We were crashing in a situation with a frame/iframe which had a background image and no scrollbars. This happened because we were getting a nsScrollBoxFrame (nsScrollPortFrame). That does not implement nsIScrollableFrame. But it appears to be the correct frame there according to http://lxr.mozilla.org/mozilla/source/layout/html/style/src/nsCSSFrameConstructor.cpp#3315 Marking fixed.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Flags: blocking1.3b?
*** Bug 186852 has been marked as a duplicate of this bug. ***
*** Bug 183220 has been marked as a duplicate of this bug. ***
Crash Signature: [@ nsCSSRendering::PaintBackgroundWithSC]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: