Closed
Bug 187671
Opened 22 years ago
Closed 22 years ago
{ib}crash in nsCSSFrameConstructor::StyleChangeReflow
Categories
(Core :: Layout: Block and Inline, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: crash, regression, testcase)
Attachments
(1 file)
|
333 bytes,
text/html
|
Details |
Unhandled exception at 0x02b82248 (gklayout.dll) in mozilla.exe: 0xC0000005:
Access violation reading location 0x00000000.
> gklayout.dll!CallQueryInterface(nsIFrame * aSource=0x039003bc, nsIBox * *
aDestination=0x0012eea8) Line 266 + 0x13 C++
gklayout.dll!nsCSSFrameConstructor::StyleChangeReflow(nsIPresContext *
aPresContext=0x03817fe8, nsIFrame * aFrame=0x039003bc, nsIAtom *
aAttribute=0x00000000) Line 10211 + 0xd C++
gklayout.dll!nsCSSFrameConstructor::ProcessRestyledFrames(nsStyleChangeList &
aChangeList={...}, nsIPresContext * aPresContext=0x03817fe8) Line 10335 C++
gklayout.dll!PresShell::ReconstructStyleData(int aRebuildRuleTree=0) Line
5484 C++
gklayout.dll!PresShell::StyleSheetApplicableStateChanged(nsIDocument *
aDocument=0x035aa228, nsIStyleSheet * aStyleSheet=0x03904fd0, int aApplicable=1)
Line 5548 C++
gkcontent.dll!nsDocument::SetStyleSheetApplicableState(nsIStyleSheet *
aSheet=0x03904fd0, int aApplicable=1) Line 1680 C++
gkcontent.dll!CSSStyleSheetImpl::SetComplete() Line 2059 C++
gkcontent.dll!CSSLoaderImpl::SheetComplete(SheetLoadData *
aLoadData=0x0390b148, int aSucceeded=1) Line 1789 C++
gkcontent.dll!CSSLoaderImpl::ParseSheet(nsIUnicharInputStream *
aStream=0x03904f88, SheetLoadData * aLoadData=0x0390b148, int & aCompleted=1)
Line 1733 C++
gkcontent.dll!CSSLoaderImpl::LoadInlineStyle(nsIContent * aElement=0x03904ae8,
nsIUnicharInputStream * aStream=0x03904f88, const nsAString & aTitle={...},
const nsAString & aMedia={...}, int aDefaultNameSpaceID=-1, nsIParser *
aParserToUnblock=0x035ab950, int & aCompleted=1, nsICSSLoaderObserver *
aObserver=0x00000000) Line 1890 + 0x14 C++
gkcontent.dll!nsStyleLinkElement::UpdateStyleSheet(nsIDocument *
aOldDocument=0x00000000) Line 317 + 0x7e C++
gkcontent.dll!HTMLContentSink::ProcessSTYLETag(const nsIParserNode &
aNode={...}) Line 5730 + 0x22 C++
gkcontent.dll!HTMLContentSink::AddLeaf(const nsIParserNode & aNode={...})
Line 3616 + 0xc C++
gkparser.dll!CNavDTD::AddLeaf(const nsIParserNode * aNode=0x038ef680) Line
3749 + 0x19 C++
gkparser.dll!CNavDTD::AddHeadLeaf(nsIParserNode * aNode=0x038ef680) Line
3812 + 0xf C++
gkparser.dll!CNavDTD::HandleStartToken(CToken * aToken=0x038e45d8) Line
1749 + 0xc C++
gkparser.dll!CNavDTD::HandleToken(CToken * aToken=0x00000000, nsIParser *
aParser=0x035ab950) Line 907 + 0xc C++
gkparser.dll!CNavDTD::BuildModel(nsIParser * aParser=0x035ab950, nsITokenizer
* aTokenizer=0x035030d0, nsITokenObserver * anObserver=0x00000000,
nsIContentSink * aSink=0x038e5340) Line 521 + 0x14 C++
gkparser.dll!nsParser::BuildModel() Line 1906 + 0x22 C++
gkparser.dll!nsParser::ResumeParse(int allowIteration=1, int aIsFinalChunk=0,
int aCanInterrupt=1) Line 1773 + 0xb C++
gkparser.dll!nsParser::OnDataAvailable(nsIRequest * request=0x03561550,
nsISupports * aContext=0x00000000, nsIInputStream * pIStream=0x038e34d8,
unsigned int sourceOffset=0, unsigned int aLength=691) Line 2407 + 0x15 C++
urildr.dll!nsDocumentOpenInfo::OnDataAvailable(nsIRequest *
request=0x03561550, nsISupports * aCtxt=0x00000000, nsIInputStream *
inStr=0x038e34d8, unsigned int sourceOffset=0, unsigned int count=691) Line
244 + 0x2e C++
necko.dll!nsFileChannel::OnDataAvailable(nsIRequest * request=0x038e1ad4,
nsISupports * context=0x00000000, nsIInputStream * aIStream=0x038e34d8, unsigned
int aSourceOffset=0, unsigned int aLength=691) Line 625 C++
necko.dll!nsOnDataAvailableEvent::HandleEvent() Line 195 + 0x46 C++
necko.dll!nsARequestObserverEvent::HandlePLEvent(PLEvent * plev=0x038e3e84)
Line 116 C++
xpcom.dll!PL_HandleEvent(PLEvent * self=0x038e3e84) Line 663 + 0xa C
xpcom.dll!PL_ProcessPendingEvents(PLEventQueue * self=0x00b293c8) Line 593
+ 0x9 C
xpcom.dll!_md_EventReceiverProc(HWND__ * hwnd=0x008c0282, unsigned int
uMsg=49384, unsigned int wParam=0, long lParam=11703240) Line 1379 + 0x9 C
user32.dll!77d67ad7()
user32.dll!77d6ccd4()
user32.dll!77d44455()
user32.dll!77d495d5()
appshell.dll!nsAppShellService::Run() Line 472 C++
mozilla.exe!main1(int argc=1, char * * argv=0x002b7d78, nsISupports *
nativeApp=0x002b7db8) Line 1543 + 0x20 C++
mozilla.exe!main(int argc=1, char * * argv=0x002b7d78) Line 1904 + 0x25 C++
mozilla.exe!mainCRTStartup() Line 400 + 0x11 C
kernel32.dll!77e814c7()
|
Reporter | |
Comment 1•22 years ago
|
||
There's a frame pointer pointing to garbage in the change list, presumably since it's been destroyed by earlier processing of the change list.
Note that the 'font-size' triggers a reflow, and the crash doesn't happen when I trigger a repaint instead.
Assignee: dbaron → block-and-inline
Component: Style System → Layout: Block & Inline
Summary: crash in nsCSSFrameConstructor::StyleChangeReflow → {ib}crash in nsCSSFrameConstructor::StyleChangeReflow
|
||
Comment 4•22 years ago
|
||
crash also occurs with current linux trunk this regressed between 2002092921 and 2002100104, perhaps bug 113083
Keywords: regression,
testcase
OS: Windows XP → All
Seems a dup of bug 154797. The stack is nearly the same as bug 154797 comment 8. (It could be that other checkins have just made it manifest in a different light.)
Patch in bug 123049 fixes this too.
-> fixed
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•