Closed Bug 20187 Opened 25 years ago Closed 25 years ago

Crash on combination of DIV, overflow: auto, block-level element with enough content, white space between closing tags, and when loading from network.

Categories

(Core :: Layout, defect, P3)

Product:
Core
Component:
Layout
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: myk, Assigned: rickg)

Details

Attachments

(8 files)

Crashes on first or second load.
1.20 KB, text/html
Details
No crash... not enough content in P tag
1.20 KB, text/html
Details
no crash; no overflow: auto
1.19 KB, text/html
Details
no crash; no white space between P and closing DIV
1.20 KB, text/html
Details
no crash; dimensions of div decreased to 50x50
1.20 KB, text/html
Details
crash; so i added more content to the P tag
4.13 KB, text/html
Details
should crash, but doesn't
1.20 KB, text/html
Details
the quintessential test case; always crashes
1.28 KB, text/html
Details
Overview Description: A page with a combination of bizarre attributes crashes mozilla. These attributes are as follows: Absolutely positioned DIV tag with overflow specified. Div contains block-level tag (tested with P and SMALL). White space between closing block-level tag and closing DIV tag. A certain amount of text inside the block-level element. (This seems to depend partly on the WIDTH and HEIGHT settings of the DIV tag.) Page is loaded from network. Steps to Reproduce: 1) Start Mozilla. 2) Load this page: http://www.zapogee.com/~myk/tc3h.html 3) Watch Mozilla crash. Other test cases: Mozilla crashes the first or second time this page is loaded: http://www.zapogee.com/~myk/tc3a.html No crash (page has one less character within P tag than previous test case): http://www.zapogee.com/~myk/tc3b.html No crash (div style is without "overflow: auto;" attribute): http://www.zapogee.com/~myk/tc3c.html No crash (no white space between closing P and closing DIV): http://www.zapogee.com/~myk/tc3d.html No crash (height and width of DIV decreased to 50x50): http://www.zapogee.com/~myk/tc3e.html Crash (added more content to the P tag): http://www.zapogee.com/~myk/tc3f.html If more content is needed to crash mozilla when the DIV is smaller, perhaps less content is needed to crash mozilla when the DIV is larger. Tried a 400x400 DIV with the same amount of content that crashes a 200x200 DIV, but it didn't crash this time: http://www.zapogee.com/~myk/tc3g.html Load any test case as a local file and get no crash. Actual Results: Crash Expected Results: No crash. Build Date & Platform Bug Found: Nightly 1999112808 Linux RedHat 6.0 Additional Builds and Platforms Tested On: None Additional Information: Is this related to bug 14960? The page referenced in that bug also has an absolutely positioned DIV containing a block level element (CODE), the white-space, and the overflow: auto setting.
Severity: normal → critical
Asa from #mozillazine reported to me that his 11/26/1999 Win32 build fails to crash on version "h", the one I said always crashes for me, but did crash on version "f" (http://www.zapogee.com/~myk/tc3f.html). In subsequent testing I also managed to load version "h" once successfully, although a subsequent load crashed.
Assignee: leger → rickg
Component: Browser-General → HTML Element
QA Contact: leger → petersen
Setting QA Contact/component.
Assignee: rickg → petersen
Petersen -- I could use help here. I need to know which platforms are affected, and (optionally) a stack trace would be helpful.
I can reproduce the problem in the Dec 06th build. Report has been generated in Talkback ID 1992818.
I was able to crash on all three platforms (Mac, Linux and Windows) using testcase : http://bugzilla.mozilla.org/showattachment.cgi?attach_id=3077 After the test case loaded, I simply attempted to move the content's scrollbar and the crash occured. The talkback back report was generated under Win 98.
Here's the call stack: nsInfoListImpl::SanityCheck [d:\builds\ seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp, line 2552] nsBoxFrameInner::SanityCheck [d:\builds\ seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp, line 2331] nsBoxFrame::Reflow [d:\builds\ seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp, line 472] nsContainerFrame::ReflowChild [d:\builds\ seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 628] nsGfxScrollFrameInner::ReflowFrame [d:\builds\ seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 1197] nsGfxScrollFrameInner::ReflowScrollbar [d:\builds\ seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 1066] nsGfxScrollFrameInner::ReflowScrollbars [d:\builds\ seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 1014] nsGfxScrollFrame::Reflow [d:\builds\ seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 460] nsContainerFrame::ReflowChild [d:\builds\ seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 628] ViewportFrame::Reflow [d:\builds\ seamonkey\mozilla\layout\html\base\src\nsViewportFrame.cpp, line 527] PresShell::StyleChangeReflow [d:\builds\ seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 1352] nsPresContext::PreferenceChanged [d:\builds\ seamonkey\mozilla\layout\base\src\nsPresContext.cpp, line 249] PrefChangedCallback [d:\builds\ seamonkey\mozilla\layout\base\src\nsPresContext.cpp, line 55] pref_DoCallback [d:\builds\ seamonkey\mozilla\modules\libpref\src\prefapi.c, line 2302] pref_HashPref [d:\builds\ seamonkey\mozilla\modules\libpref\src\prefapi.c, line 1873] PREF_SetCharPref [d:\builds\ seamonkey\mozilla\modules\libpref\src\prefapi.c, line 721] nsPref::SetFilePref [d:\builds\ seamonkey\mozilla\modules\libpref\src\nsPref.cpp, line 882] nsStreamTransfer::SelectFile [d:\builds\ seamonkey\mozilla\xpfe\components\xfer\src\nsStreamTransfer.cpp, line 183] nsStreamTransfer::SelectFileAndTransferLocation [d:\builds\ seamonkey\mozilla\xpfe\components\xfer\src\nsStreamTransfer.cpp, line 80] nsStreamTransfer::SelectFileAndTransferLocationSpec [d:\builds\ seamonkey\mozilla\xpfe\components\xfer\src\nsStreamTransfer.cpp, line 125] XPTC_InvokeByIndex [d:\builds\ seamonkey\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp, line 139] nsXPCWrappedNativeClass::CallWrappedMethod [d:\builds\ seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednativeclass.cpp, line 895] WrappedNative_CallMethod [d:\builds\ seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp, line 192] js_Invoke [d:\builds\ seamonkey\mozilla\js\src\jsinterp.c, line 666] js_Interpret [d:\builds\ seamonkey\mozilla\js\src\jsinterp.c, line 2227] js_Invoke [d:\builds\ seamonkey\mozilla\js\src\jsinterp.c, line 686] js_Interpret [d:\builds\ seamonkey\mozilla\js\src\jsinterp.c, line 2227] js_Invoke [d:\builds\ seamonkey\mozilla\js\src\jsinterp.c, line 686] js_InternalCall [d:\builds\ seamonkey\mozilla\js\src\jsinterp.c, line 759] JS_CallFunctionValue [d:\builds\ seamonkey\mozilla\js\src\jsapi.c, line 2754] nsJSContext::CallFunctionObject [d:\builds\ seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 544] nsJSEventListener::HandleEvent [d:\builds\ seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 129] nsEventListenerManager::HandleEventSubType [d:\builds\ seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line 635] nsEventListenerManager::HandleEvent [d:\builds\ seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line 774] nsXULElement::HandleDOMEvent [d:\builds\ seamonkey\mozilla\rdf\content\src\nsXULElement.cpp, line 2679] nsEventStateManager::CheckForAndDispatchClick [d:\builds\ seamonkey\mozilla\layout\events\src\nsEventStateManager.cpp, line 1407] nsEventStateManager::PostHandleEvent [d:\builds\ seamonkey\mozilla\layout\events\src\nsEventStateManager.cpp, line 640] PresShell::HandleEvent [d:\builds\ seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 2522] nsView::HandleEvent [d:\builds\ seamonkey\mozilla\view\src\nsView.cpp, line 841] nsViewManager::DispatchEvent [d:\builds\ seamonkey\mozilla\view\src\nsViewManager.cpp, line 1678] HandleEvent [d:\builds\ seamonkey\mozilla\view\src\nsView.cpp, line 69] nsWindow::DispatchEvent [d:\builds\ seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 425] nsWindow::DispatchWindowEvent [d:\builds\ seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 442] nsWindow::DispatchMouseEvent [d:\builds\ seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 3340] ChildWindow::DispatchMouseEvent [d:\builds\ seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 3556] nsWindow::ProcessMessage [d:\builds\ seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 2650] nsWindow::WindowProc [d:\builds\ seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 609] KERNEL32.DLL + 0x363b (0xbff7363b) KERNEL32.DLL + 0x242e7 (0xbff942e7) 0x00638c3e
Assignee: petersen → rickg
With the latest builds, Linux (1999121516) Mac (1999121508), and Win (1999121508), the crash problem mentioned in not occuring.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
I can't reproduce this either.
Status: RESOLVED → VERIFIED
Marking as verified works for me with the Dec 15th builds
Yep, works for me too. I even tried a few things to get it to crash and it didn't. I'm glad my first big bug has been resolved, even if it wasn't exciting like those bugs where developers throw it back and forth, move it up and down the milestones and priorities, and argue about fixes. I'll keep looking for one of those. ;->
SPAM. HTML Element component deprecated, changing component to Layout. See bug 88132 for details.
Component: HTML Element → Layout
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: