Closed Bug 20187 Opened 20 years ago Closed 20 years ago

Crash on combination of DIV, overflow: auto, block-level element with enough content, white space between closing tags, and when loading from network.

Categories

(Core :: Layout, defect, P3, critical)

x86
Linux
defect

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: myk, Assigned: rickg)

Details

Attachments

(8 files)

Overview Description:

A page with a combination of bizarre attributes crashes mozilla.
These attributes are as follows:

  Absolutely positioned DIV tag with overflow specified.
  Div contains block-level tag (tested with P and SMALL).
  White space between closing block-level tag and closing DIV tag.
  A certain amount of text inside the block-level element.
    (This seems to depend partly on the WIDTH and HEIGHT settings
     of the DIV tag.)
  Page is loaded from network.

Steps to Reproduce:
1) Start Mozilla.
2) Load this page: http://www.zapogee.com/~myk/tc3h.html
3) Watch Mozilla crash.

Other test cases:

Mozilla crashes the first or second time this page is loaded:
http://www.zapogee.com/~myk/tc3a.html

No crash (page has one less character within P tag than previous test case):
http://www.zapogee.com/~myk/tc3b.html

No crash (div style is without "overflow: auto;" attribute):
http://www.zapogee.com/~myk/tc3c.html

No crash (no white space between closing P and closing DIV):
http://www.zapogee.com/~myk/tc3d.html

No crash (height and width of DIV decreased to 50x50):
http://www.zapogee.com/~myk/tc3e.html

Crash (added more content to the P tag):
http://www.zapogee.com/~myk/tc3f.html

If more content is needed to crash mozilla when the DIV is smaller,
perhaps less content is needed to crash mozilla when the DIV is
larger.  Tried a 400x400 DIV with the same amount of content that
crashes a 200x200 DIV, but it didn't crash this time:
http://www.zapogee.com/~myk/tc3g.html

Load any test case as a local file and get no crash.

Actual Results:

Crash

Expected Results:

No crash.

Build Date & Platform Bug Found:

Nightly 1999112808 Linux RedHat 6.0

Additional Builds and Platforms Tested On:

None

Additional Information:

Is this related to bug 14960?  The page referenced in that bug also has
an absolutely positioned DIV containing a block level element (CODE),
the white-space, and the overflow: auto setting.
Severity: normal → critical
Asa from #mozillazine reported to me that his 11/26/1999 Win32 build fails to
crash on version "h", the one I said always crashes for me, but did crash on
version "f" (http://www.zapogee.com/~myk/tc3f.html).  In subsequent testing I
also managed to load version "h" once successfully, although a subsequent load
crashed.
Assignee: leger → rickg
Component: Browser-General → HTML Element
QA Contact: leger → petersen
Setting QA Contact/component.
Assignee: rickg → petersen
Petersen -- I could use help here. I need to know which platforms are affected,
and (optionally) a stack trace would be helpful.
I can reproduce the problem in the Dec 06th build. Report has been generated in
Talkback ID 1992818.
I was able to crash on all three platforms (Mac, Linux and Windows) using
testcase : http://bugzilla.mozilla.org/showattachment.cgi?attach_id=3077

After the test case loaded, I simply attempted to move the content's scrollbar
and the crash occured. The talkback back report was generated under Win 98.
Here's the call stack:


   nsInfoListImpl::SanityCheck
                                                              [d:\builds\
seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp, line 2552]

   nsBoxFrameInner::SanityCheck
                                                              [d:\builds\
seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp, line 2331]

   nsBoxFrame::Reflow
                                                              [d:\builds\
seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp, line 472]

   nsContainerFrame::ReflowChild
                                                              [d:\builds\
seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 628]

   nsGfxScrollFrameInner::ReflowFrame
                                                              [d:\builds\
seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 1197]

   nsGfxScrollFrameInner::ReflowScrollbar
                                                              [d:\builds\
seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 1066]

   nsGfxScrollFrameInner::ReflowScrollbars
                                                              [d:\builds\
seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 1014]

   nsGfxScrollFrame::Reflow
                                                              [d:\builds\
seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 460]

   nsContainerFrame::ReflowChild
                                                              [d:\builds\
seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 628]

   ViewportFrame::Reflow
                                                              [d:\builds\
seamonkey\mozilla\layout\html\base\src\nsViewportFrame.cpp, line 527]

   PresShell::StyleChangeReflow
                                                              [d:\builds\
seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 1352]

   nsPresContext::PreferenceChanged
                                                              [d:\builds\
seamonkey\mozilla\layout\base\src\nsPresContext.cpp, line 249]

   PrefChangedCallback
                                                              [d:\builds\
seamonkey\mozilla\layout\base\src\nsPresContext.cpp, line 55]

   pref_DoCallback
                                                              [d:\builds\
seamonkey\mozilla\modules\libpref\src\prefapi.c, line 2302]

   pref_HashPref
                                                              [d:\builds\
seamonkey\mozilla\modules\libpref\src\prefapi.c, line 1873]

   PREF_SetCharPref
                                                              [d:\builds\
seamonkey\mozilla\modules\libpref\src\prefapi.c, line 721]

   nsPref::SetFilePref
                                                              [d:\builds\
seamonkey\mozilla\modules\libpref\src\nsPref.cpp, line 882]

   nsStreamTransfer::SelectFile
                                                              [d:\builds\
seamonkey\mozilla\xpfe\components\xfer\src\nsStreamTransfer.cpp, line 183]

   nsStreamTransfer::SelectFileAndTransferLocation
                                                              [d:\builds\
seamonkey\mozilla\xpfe\components\xfer\src\nsStreamTransfer.cpp, line 80]

   nsStreamTransfer::SelectFileAndTransferLocationSpec
                                                              [d:\builds\
seamonkey\mozilla\xpfe\components\xfer\src\nsStreamTransfer.cpp, line 125]

   XPTC_InvokeByIndex
                                                              [d:\builds\
seamonkey\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp, line 139]

   nsXPCWrappedNativeClass::CallWrappedMethod
                                                              [d:\builds\
seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednativeclass.cpp, line 895]

   WrappedNative_CallMethod
                                                              [d:\builds\
seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp, line 192]

   js_Invoke
                                                              [d:\builds\
seamonkey\mozilla\js\src\jsinterp.c, line 666]

   js_Interpret
                                                              [d:\builds\
seamonkey\mozilla\js\src\jsinterp.c, line 2227]

   js_Invoke
                                                              [d:\builds\
seamonkey\mozilla\js\src\jsinterp.c, line 686]

   js_Interpret
                                                              [d:\builds\
seamonkey\mozilla\js\src\jsinterp.c, line 2227]

   js_Invoke
                                                              [d:\builds\
seamonkey\mozilla\js\src\jsinterp.c, line 686]

   js_InternalCall
                                                              [d:\builds\
seamonkey\mozilla\js\src\jsinterp.c, line 759]

   JS_CallFunctionValue
                                                              [d:\builds\
seamonkey\mozilla\js\src\jsapi.c, line 2754]

   nsJSContext::CallFunctionObject
                                                              [d:\builds\
seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 544]

   nsJSEventListener::HandleEvent
                                                              [d:\builds\
seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 129]

   nsEventListenerManager::HandleEventSubType
                                                              [d:\builds\
seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line 635]

   nsEventListenerManager::HandleEvent
                                                              [d:\builds\
seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line 774]

   nsXULElement::HandleDOMEvent
                                                              [d:\builds\
seamonkey\mozilla\rdf\content\src\nsXULElement.cpp, line 2679]

   nsEventStateManager::CheckForAndDispatchClick
                                                              [d:\builds\
seamonkey\mozilla\layout\events\src\nsEventStateManager.cpp, line 1407]

   nsEventStateManager::PostHandleEvent
                                                              [d:\builds\
seamonkey\mozilla\layout\events\src\nsEventStateManager.cpp, line 640]

   PresShell::HandleEvent
                                                              [d:\builds\
seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 2522]

   nsView::HandleEvent
                                                              [d:\builds\
seamonkey\mozilla\view\src\nsView.cpp, line 841]

   nsViewManager::DispatchEvent
                                                              [d:\builds\
seamonkey\mozilla\view\src\nsViewManager.cpp, line 1678]

   HandleEvent
                                                              [d:\builds\
seamonkey\mozilla\view\src\nsView.cpp, line 69]

   nsWindow::DispatchEvent
                                                              [d:\builds\
seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 425]

   nsWindow::DispatchWindowEvent
                                                              [d:\builds\
seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 442]

   nsWindow::DispatchMouseEvent
                                                              [d:\builds\
seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 3340]

   ChildWindow::DispatchMouseEvent
                                                              [d:\builds\
seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 3556]

   nsWindow::ProcessMessage
                                                              [d:\builds\
seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 2650]

   nsWindow::WindowProc
                                                              [d:\builds\
seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 609]

   KERNEL32.DLL + 0x363b (0xbff7363b)


   KERNEL32.DLL + 0x242e7 (0xbff942e7)


   0x00638c3e
Assignee: petersen → rickg
With the latest builds, Linux (1999121516) Mac (1999121508), and Win
(1999121508), the crash problem mentioned in not occuring.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
I can't reproduce this either.
Status: RESOLVED → VERIFIED
Marking as verified works for me with the Dec 15th builds
Yep, works for me too.  I even tried a few things to get it to crash and it

didn't.  I'm glad my first big bug has been resolved, even if it wasn't exciting

like those bugs where developers throw it back and forth, move it up and down

the milestones and priorities, and argue about fixes.  I'll keep looking for one

of those. ;->
SPAM. HTML Element component deprecated, changing component to Layout. See bug
88132 for details.
Component: HTML Element → Layout
You need to log in before you can comment on or make changes to this bug.