Closed Bug 236881 Opened 20 years ago Closed 14 years ago

Crash in nsRenderingContextGTK::FillRect

Categories

(Core Graveyard :: GFX: Gtk, defect)

Product:
Core Graveyard
Component:
GFX: Gtk
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: bzbarsky, Assigned: blizzard)

References

(
URL
)

Details

(Keywords: crash) 

BUILD: 2004-03-07-08 GTK1 nightly, but make sure to test builds WITHOUT the
patch to bug 57607 (which I just landed) in them.   This seems to be
timing-sensitive, and that patch changes the timing.

Steps to reproduce:
1)  Load URL in URL field
2)  We crash

Stack:

#0  0x402ebeb6 in gdk_draw_rectangle () from /usr/lib/libgdk-1.2.so.0
#1  0x41e7affb in nsRenderingContextGTK::FillRect(int, int, int, int)
(this=0x883df48, 
    aX=0, aY=0, aWidth=14308, aHeight=8722)
    at
/home/bzbarsky/mozilla/debug/mozilla/gfx/src/gtk/nsRenderingContextGTK.cpp:969
#2  0x41e7af34 in nsRenderingContextGTK::FillRect(nsRect const&) (this=0x883df48, 
    aRect=@0xbfffdc00)
    at
/home/bzbarsky/mozilla/debug/mozilla/gfx/src/gtk/nsRenderingContextGTK.cpp:944
#3  0x4129b231 in nsCSSRendering::PaintBackgroundColor(nsIPresContext*,
nsIRenderingContext&, nsIFrame*, nsRect const&, nsStyleBackground const&,
nsStyleBorder const&, nsStylePadding const&, int) (aPresContext=0x8718a58,
aRenderingContext=@0x883df48, 
    aForFrame=0x882480c, aBgClipArea=@0xbfffddd0, aColor=@0xbfffde70, 
    aBorder=@0x883b1a8, aPadding=@0x883b660, aCanPaintNonWhite=1)
    at
/home/bzbarsky/mozilla/debug/mozilla/layout/html/style/src/nsCSSRendering.cpp:3309
#4  0x4129a113 in nsCSSRendering::PaintBackgroundWithSC(nsIPresContext*,
nsIRenderingContext&, nsIFrame*, nsRect const&, nsRect const&, nsStyleBackground
const&, nsStyleBorder const&, nsStylePadding const&, int)
(aPresContext=0x8718a58, aRenderingContext=@0x883df48, 
    aForFrame=0x882480c, aDirtyRect=@0xbfffe0c0, aBorderArea=@0xbfffded0, 
    aColor=@0xbfffde70, aBorder=@0x883b1a8, aPadding=@0x883b660,
aUsePrintSettings=1)
    at
/home/bzbarsky/mozilla/debug/mozilla/layout/html/style/src/nsCSSRendering.cpp:2864

Analysis:

(gdb) frame 1
#1  0x41e7affb in nsRenderingContextGTK::FillRect(int, int, int, int)
(this=0x883df48, 
    aX=0, aY=0, aWidth=14308, aHeight=8722)
    at
/home/bzbarsky/mozilla/debug/mozilla/gfx/src/gtk/nsRenderingContextGTK.cpp:969
969       ::gdk_draw_rectangle(mSurface->GetDrawable(), mGC,
(gdb) p mSurface->GetDrawable()
$7 = (_GdkWindow *) 0x4

That looks very wrong to me....
GTK1 has been removed on trunk so this would only be an issue for branches.
There doesn't seem to be any talkbacks reported with
nsRenderingContextGTK::FillRect on the stack.  WORKSFORME?
Unless the new code has the same issue with bogus surfaces of course.  And note the timing stuff.

I really don't care what you do with the bug, since it's not like it'll get fixed no matter what we do with it.
Product: Core → Core Graveyard
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.