Closed
Bug 20187
Opened 25 years ago
Closed 25 years ago
Crash on combination of DIV, overflow: auto, block-level element with enough content, white space between closing tags, and when loading from network.
Categories
(Core :: Layout, defect, P3)
Tracking
()
VERIFIED
WORKSFORME
People
(Reporter: myk, Assigned: rickg)
Details
Attachments
(8 files)
Overview Description:
A page with a combination of bizarre attributes crashes mozilla.
These attributes are as follows:
Absolutely positioned DIV tag with overflow specified.
Div contains block-level tag (tested with P and SMALL).
White space between closing block-level tag and closing DIV tag.
A certain amount of text inside the block-level element.
(This seems to depend partly on the WIDTH and HEIGHT settings
of the DIV tag.)
Page is loaded from network.
Steps to Reproduce:
1) Start Mozilla.
2) Load this page: http://www.zapogee.com/~myk/tc3h.html
3) Watch Mozilla crash.
Other test cases:
Mozilla crashes the first or second time this page is loaded:
http://www.zapogee.com/~myk/tc3a.html
No crash (page has one less character within P tag than previous test case):
http://www.zapogee.com/~myk/tc3b.html
No crash (div style is without "overflow: auto;" attribute):
http://www.zapogee.com/~myk/tc3c.html
No crash (no white space between closing P and closing DIV):
http://www.zapogee.com/~myk/tc3d.html
No crash (height and width of DIV decreased to 50x50):
http://www.zapogee.com/~myk/tc3e.html
Crash (added more content to the P tag):
http://www.zapogee.com/~myk/tc3f.html
If more content is needed to crash mozilla when the DIV is smaller,
perhaps less content is needed to crash mozilla when the DIV is
larger. Tried a 400x400 DIV with the same amount of content that
crashes a 200x200 DIV, but it didn't crash this time:
http://www.zapogee.com/~myk/tc3g.html
Load any test case as a local file and get no crash.
Actual Results:
Crash
Expected Results:
No crash.
Build Date & Platform Bug Found:
Nightly 1999112808 Linux RedHat 6.0
Additional Builds and Platforms Tested On:
None
Additional Information:
Is this related to bug 14960? The page referenced in that bug also has
an absolutely positioned DIV containing a block level element (CODE),
the white-space, and the overflow: auto setting.
|
Reporter | |
Comment 1•25 years ago
|
||
|
|
Reporter | |
Comment 2•25 years ago
|
||
|
|
Reporter | |
Comment 3•25 years ago
|
||
|
|
Reporter | |
Comment 4•25 years ago
|
||
|
|
Reporter | |
Comment 5•25 years ago
|
||
|
|
Reporter | |
Comment 6•25 years ago
|
||
|
|
Reporter | |
Comment 7•25 years ago
|
||
|
|
Reporter | |
Comment 8•25 years ago
|
||
|
||
Updated•25 years ago
|
Severity: normal → critical
|
|
Reporter | |
Comment 9•25 years ago
|
||
Asa from #mozillazine reported to me that his 11/26/1999 Win32 build fails to crash on version "h", the one I said always crashes for me, but did crash on version "f" (http://www.zapogee.com/~myk/tc3f.html). In subsequent testing I also managed to load version "h" once successfully, although a subsequent load crashed.
Assignee: leger → rickg
Component: Browser-General → HTML Element
QA Contact: leger → petersen
|
||
Comment 10•25 years ago
|
||
Setting QA Contact/component.
|
Assignee | |
Comment 11•25 years ago
|
||
Petersen -- I could use help here. I need to know which platforms are affected, and (optionally) a stack trace would be helpful.
|
||
Comment 12•25 years ago
|
||
I can reproduce the problem in the Dec 06th build. Report has been generated in Talkback ID 1992818.
|
|
||
Comment 13•25 years ago
|
||
I was able to crash on all three platforms (Mac, Linux and Windows) using testcase : http://bugzilla.mozilla.org/showattachment.cgi?attach_id=3077 After the test case loaded, I simply attempted to move the content's scrollbar and the crash occured. The talkback back report was generated under Win 98.
|
|
||
Comment 14•25 years ago
|
||
Here's the call stack:
nsInfoListImpl::SanityCheck
[d:\builds\
seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp, line 2552]
nsBoxFrameInner::SanityCheck
[d:\builds\
seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp, line 2331]
nsBoxFrame::Reflow
[d:\builds\
seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp, line 472]
nsContainerFrame::ReflowChild
[d:\builds\
seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 628]
nsGfxScrollFrameInner::ReflowFrame
[d:\builds\
seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 1197]
nsGfxScrollFrameInner::ReflowScrollbar
[d:\builds\
seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 1066]
nsGfxScrollFrameInner::ReflowScrollbars
[d:\builds\
seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 1014]
nsGfxScrollFrame::Reflow
[d:\builds\
seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line 460]
nsContainerFrame::ReflowChild
[d:\builds\
seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line 628]
ViewportFrame::Reflow
[d:\builds\
seamonkey\mozilla\layout\html\base\src\nsViewportFrame.cpp, line 527]
PresShell::StyleChangeReflow
[d:\builds\
seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 1352]
nsPresContext::PreferenceChanged
[d:\builds\
seamonkey\mozilla\layout\base\src\nsPresContext.cpp, line 249]
PrefChangedCallback
[d:\builds\
seamonkey\mozilla\layout\base\src\nsPresContext.cpp, line 55]
pref_DoCallback
[d:\builds\
seamonkey\mozilla\modules\libpref\src\prefapi.c, line 2302]
pref_HashPref
[d:\builds\
seamonkey\mozilla\modules\libpref\src\prefapi.c, line 1873]
PREF_SetCharPref
[d:\builds\
seamonkey\mozilla\modules\libpref\src\prefapi.c, line 721]
nsPref::SetFilePref
[d:\builds\
seamonkey\mozilla\modules\libpref\src\nsPref.cpp, line 882]
nsStreamTransfer::SelectFile
[d:\builds\
seamonkey\mozilla\xpfe\components\xfer\src\nsStreamTransfer.cpp, line 183]
nsStreamTransfer::SelectFileAndTransferLocation
[d:\builds\
seamonkey\mozilla\xpfe\components\xfer\src\nsStreamTransfer.cpp, line 80]
nsStreamTransfer::SelectFileAndTransferLocationSpec
[d:\builds\
seamonkey\mozilla\xpfe\components\xfer\src\nsStreamTransfer.cpp, line 125]
XPTC_InvokeByIndex
[d:\builds\
seamonkey\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp, line 139]
nsXPCWrappedNativeClass::CallWrappedMethod
[d:\builds\
seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednativeclass.cpp, line 895]
WrappedNative_CallMethod
[d:\builds\
seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp, line 192]
js_Invoke
[d:\builds\
seamonkey\mozilla\js\src\jsinterp.c, line 666]
js_Interpret
[d:\builds\
seamonkey\mozilla\js\src\jsinterp.c, line 2227]
js_Invoke
[d:\builds\
seamonkey\mozilla\js\src\jsinterp.c, line 686]
js_Interpret
[d:\builds\
seamonkey\mozilla\js\src\jsinterp.c, line 2227]
js_Invoke
[d:\builds\
seamonkey\mozilla\js\src\jsinterp.c, line 686]
js_InternalCall
[d:\builds\
seamonkey\mozilla\js\src\jsinterp.c, line 759]
JS_CallFunctionValue
[d:\builds\
seamonkey\mozilla\js\src\jsapi.c, line 2754]
nsJSContext::CallFunctionObject
[d:\builds\
seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 544]
nsJSEventListener::HandleEvent
[d:\builds\
seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 129]
nsEventListenerManager::HandleEventSubType
[d:\builds\
seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line 635]
nsEventListenerManager::HandleEvent
[d:\builds\
seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line 774]
nsXULElement::HandleDOMEvent
[d:\builds\
seamonkey\mozilla\rdf\content\src\nsXULElement.cpp, line 2679]
nsEventStateManager::CheckForAndDispatchClick
[d:\builds\
seamonkey\mozilla\layout\events\src\nsEventStateManager.cpp, line 1407]
nsEventStateManager::PostHandleEvent
[d:\builds\
seamonkey\mozilla\layout\events\src\nsEventStateManager.cpp, line 640]
PresShell::HandleEvent
[d:\builds\
seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 2522]
nsView::HandleEvent
[d:\builds\
seamonkey\mozilla\view\src\nsView.cpp, line 841]
nsViewManager::DispatchEvent
[d:\builds\
seamonkey\mozilla\view\src\nsViewManager.cpp, line 1678]
HandleEvent
[d:\builds\
seamonkey\mozilla\view\src\nsView.cpp, line 69]
nsWindow::DispatchEvent
[d:\builds\
seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 425]
nsWindow::DispatchWindowEvent
[d:\builds\
seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 442]
nsWindow::DispatchMouseEvent
[d:\builds\
seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 3340]
ChildWindow::DispatchMouseEvent
[d:\builds\
seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 3556]
nsWindow::ProcessMessage
[d:\builds\
seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 2650]
nsWindow::WindowProc
[d:\builds\
seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 609]
KERNEL32.DLL + 0x363b (0xbff7363b)
KERNEL32.DLL + 0x242e7 (0xbff942e7)
0x00638c3e|
|
||
Updated•25 years ago
|
Assignee: petersen → rickg
|
|
||
Comment 15•25 years ago
|
||
With the latest builds, Linux (1999121516) Mac (1999121508), and Win (1999121508), the crash problem mentioned in not occuring.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
|
|
Assignee | |
Comment 16•25 years ago
|
||
I can't reproduce this either.
|
|
||
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
|
|
||
Comment 17•25 years ago
|
||
Marking as verified works for me with the Dec 15th builds
|
|
Reporter | |
Comment 18•25 years ago
|
||
Yep, works for me too. I even tried a few things to get it to crash and it didn't. I'm glad my first big bug has been resolved, even if it wasn't exciting like those bugs where developers throw it back and forth, move it up and down the milestones and priorities, and argue about fixes. I'll keep looking for one of those. ;->
SPAM. HTML Element component deprecated, changing component to Layout. See bug 88132 for details.
Component: HTML Element → Layout
You need to log in
before you can comment on or make changes to this bug.
Description
•