Closed Bug 23611 Opened 25 years ago Closed 24 years ago

{css2} Absolutely positioned FIELDSET element cause app to crash

Categories

(Core :: CSS Parsing and Computation, defect, P1)

Product:
Core
Component:
CSS Parsing and Computation
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: christinehoff4, Assigned: rods)

Details

(Keywords: crash, css2)

Attachments

(1 file)

testcase to demonstrate problem
314 bytes, text/html
Details 
Using the following builds:

Win 95: 2000-01-05-16
Win NT: 2000-01-05-16
Win 98: 2000-01-10-09
Linux Red Hat 6.0 (Linux 2.2): 2000-01-07-08
Mac 8.5: 2000-01-05-15

Steps to reproduce:
1. Open attached file in 5.0. Document consists of an absolutely positioned
FIELDSET element. Here is the code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" >
<html>
<head>
<title>Fieldset</title>
<style type="text/css">
fieldset {
	position: absolute;
	top: 50px;
	left: 50px;
	height: 200px;
	width: 200px;
	background-color: lime
}
</style>
</head>
<body>
<fieldset>Fieldset</fieldset>
</body>
</html>
2. Application crashes with the following details (Talkback incident #1665557):

MOZILLA caused an invalid page fault in
module GKHTML.DLL at 014f:00fa646b.
Registers:
EAX=00000000 CS=014f EIP=00fa646b EFLGS=00010206
EBX=00000000 SS=0157 ESP=0063e91c EBP=0063e928
ECX=0063e9fc DS=0157 ESI=0063e950 FS=4ca7
EDX=00000000 ES=0157 EDI=0063ecac GS=0000
Bytes at CS:EIP:
8b 08 ff 77 04 ff 37 50 ff 51 10 8b 46 0c 8d 56
Stack dump:
0063eec8 0063ec68 019cdfa0 0063eb2c 00fa6f27 0063ec68 02537140 019cdfa0 0063eec8
00000000 0063eec8 019cdfa0 00000000 019cdfa0 02537140 0063ec68

Crash is across platform. Unable to get call stack - will try tomorrow.

    
  
Priority: P3 → P1
Keywords: css2

    
    

    
  
Migrating from {css2} to css2 keyword. The {css1}, {css2}, {css3} and {css-moz}
radars should now be considered deprecated in favour of keywords.
I am *really* sorry about the spam...

    
  
Assignee: pierre → attinasi

    
    

    
  
Reassigned to attinasi who has a fix.

    
  
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED

    
    

    
  
This was fixed by allowing the fieldset frames to have NS_BLOCK_SPACE_MGR flag
passed to them if absolutely positioned. Changed files: nsHTMLParts.h,
nsFieldSetFrame.cpp, nsCSSFrameConstructor.cpp

    
    

    
  
Using 1/19 build, verified fixed.
Status: RESOLVED → VERIFIED

    
    

    
  
Using 3/20 build. Bug has regressed. Using the testcase from 1/10, crash is 
happening again. Reopening bug.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---

    
  
Status: REOPENED → ASSIGNED
Target Milestone: --- → M15

    
    

    
  
It looks like this regressed when evaughan checked in changes to 
nsFieldsetFrame.cpp: specifically, version 3.57 caused the regression. 

SpaceManager is being used in Reflow but it is NULL.
Assignee: attinasi → evaughan
Status: ASSIGNED → NEW

    
    

    
  
Rod, 

You want to own this puppy?
Assignee: evaughan → rods

    
    

    
  
fixed
Status: NEW → RESOLVED
Closed: 25 years ago24 years ago
Resolution: --- → FIXED

    
    

    
  
Adding crash keyword
Keywords: crash

    
    

    
  
Marking VERIFED FIXED on:
- MacOS9 2000-05-31-08-M16 Commercial Build
- Linux6 2000-05-31-08-M16 Commercial Build
- Win98  2000-05-31-09-M16 Commercial Build

Status: RESOLVED → VERIFIED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: