Closed
Bug 241324
Opened 20 years ago
Closed 15 years ago
Crash with theregister.co.uk CSS @ nsRuleNode::CalcLength & nsHTMLReflowState::CalcLineHeight
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: bjackson0971, Unassigned)
References
()
Details
(Keywords: crash)
Attachments
(3 files)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a) Gecko/20040422 Firefox/0.8.0+ Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a) Gecko/20040422 Firefox/0.8.0+ Loaded www.theregister.co.uk 04/22/2004, 9:00 AM with Firefox 20040422 CVS build, get: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1085449856 (LWP 3155)] 0x085fe35b in CalcLength(nsCSSValue const&, nsFont const*, nsStyleContext*, nsresContext*, int&) () (gdb) bt #0 0x085fe35b in CalcLength(nsCSSValue const&, nsFont const*, nsStyleContext*nsIPresContext*, int&) () #1 0x085fe45f in CalcLength(nsCSSValue const&, nsFont const*, nsStyleContext*nsIPresContext*, int&) () #2 0x086018b0 in nsRuleNode::ComputePaddingData(nsStyleStruct*, nsCSSStruct cst&, nsStyleContext*, nsRuleNode*, nsRuleNode::RuleDetail const&, int) () #3 0x08605aaa in nsRuleNode::WalkRuleTree(nsStyleStructID, nsStyleContext*, nuleData*, nsCSSStruct*) () #4 0x08607798 in nsRuleNode::GetStyleData(nsStyleStructID, nsStyleContext*, i) () #5 0x00000010 in ?? () #6 0x0953dbdc in ?? () #7 0xbfffd2f0 in ?? () #8 0xbfffcf80 in ?? () Also get this with a simple page that just includes the style sheet file. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1085449856 (LWP 3178)] 0x087dfa46 in nsHTMLReflowState::CalcLineHeight(nsIPresContext*, nsIRenderingContext*, nsIFrame*) () (gdb) bt #0 0x087dfa46 in nsHTMLReflowState::CalcLineHeight(nsIPresContext*, nsIRenderingContext*, nsIFrame*) () #1 0x087cd593 in nsBlockReflowState::nsBlockReflowState(nsHTMLReflowState const&, nsIPresContext*, nsBlockFrame*, nsHTMLReflowMetrics const&, int) () #2 0x087cb0ec in nsBlockFrame::RenumberLists(nsIPresContext*) () #3 0xbfffce80 in ?? () #4 0x0953efb8 in ?? () #5 0x09542fd0 in ?? () #6 0xbfffcf94 in ?? () Mozilla 1.6 also crashes Reproducible: Always Steps to Reproduce: 1. Load www.theregister.co.uk 2. Get seg fault 3. Actual Results: Browser crashes Expected Results: Should handle any problems in CSS nsRuleNode::CalcLength & nsHTMLReflowState::CalcLineHeight Will do a -g build with more details. Will also attach files that cause the crash.
Reporter | ||
Comment 1•20 years ago
|
||
Updated•20 years ago
|
Attachment #146774 -
Attachment mime type: application/octet-stream → application/x-bzip2
Comment 2•20 years ago
|
||
worksforme with linux trunk 2004042108 and current CVS (this morning). what were your build options in .mozconfig? Can you also determine the minimum CSS needed to crash?
Keywords: crash
Works for me, no problems loading the page. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a) Gecko/20040422 Firefox/0.8.0+
Reporter | ||
Comment 4•20 years ago
|
||
This may be a problem specific to my machine. The crash is caused by this: <style type="text/css"> body { font-family: Helvetica; } </style>
Comment 5•20 years ago
|
||
check to make sure you: 1) have Helvetica font 2) it's world-readable 3) it's not corrupt search for crash bugs with summary GetNormalLineHeight for similar crashes.
Reporter | ||
Comment 6•20 years ago
|
||
I don't see any Helvetica ttf files. I don't see any .fon files. The font directories are all readable. I had fontconfig 2.2.1 and tried upgrading to 2.2.2, but it still crashes.
Comment 7•20 years ago
|
||
see bug 183729 or bug 225892 for another possibility and http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111973 for more info.
Reporter | ||
Comment 8•20 years ago
|
||
I tested whether this is a system-specific problem by booting up a Gnoppix CD and the Register site also crashes Mozilla there. I was watching Mozilla 1.6 under strace and the file it reads just before crashing is /usr/X11R6/lib/X11/fonts/75dpi/helvR12-ISO8859-1.pcf.gz. I've run rpm -V on XFree86-75dpi-fonts and the file is intact.
Reporter | ||
Comment 9•20 years ago
|
||
My initial workaround for this crash was to set the font preferences to "Always use my Fonts" and that works, but every page has the same font. Then I found this page: --- http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x-fonts.html Certain fonts, such as Helvetica, may have a problem when anti-aliased. Usually this manifests itself as a font that seems cut in half vertically. At worst, it may cause applications such as Mozilla to crash. To avoid this, consider adding the following to local.conf: <match target="pattern" name="family"> <test qual="any" name="family"> <string>Helvetica</string> </test> <edit name="family" mode="assign"> <string>sans-serif</string> </edit> </match> --- After adding this block and restarting the xfs service, I can now view pages using Helvetica with no crashes.
Comment 10•20 years ago
|
||
I used this (which corrupts whatever sort of creature anonymous is, but that's life, this is just to draw a line to the problem): s|=|:|g;s|<|"<|g;s|>|>"|g;s|: ([^':])'|: /*\1*/'/g;s|{{|{anonymous:{|g;s|, {|, anonymous:{|g; s|(:\s*)(\w+)(\s*([,}])|\1/*\2*/\3|g;s|(\t\w+\s):|\1=|g; function search(haystack, needle, string){ trace(arguments); string = string? string + "." : ""; for (var i in haystack) { if (i == needle) print(string+i+": "+haystack[i]); if (haystack[i] instanceof Object) search(haystack[i], needle, string+i); } } ... to read through your gdb variables. The problem is visible in frame 2 state.mBand.mData.anonymous.anonymous.mFrame: 0 If you were using a debug build, you'd have hit an assertion.
Comment 11•20 years ago
|
||
Comment on attachment 147145 [details] [diff] [review] Don't call nsHTMLReflowState::CalcLineHeight for an empty frame would you take this wallpaper?
Attachment #147145 -
Flags: review?(dbaron)
What are we reflowing if there's not a frame?
Assignee: dbaron → nobody
Component: Style System (CSS) → Layout
QA Contact: ian → core.layout
Comment on attachment 147145 [details] [diff] [review] Don't call nsHTMLReflowState::CalcLineHeight for an empty frame I don't see how we could ever end up in this code if there's no frame. Are you sure the crash wasn't due to null font metrics?
Attachment #147145 -
Flags: review?(dbaron) → review-
Comment 14•19 years ago
|
||
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
Comment 15•18 years ago
|
||
Is this still a problem, or can it be resolved worksforme?
Comment 16•16 years ago
|
||
We still get reports of this crash in Epiphany using xulrunner 1.9, so I believe this is still an issue.
Comment 17•16 years ago
|
||
(In reply to comment #16) > We still get reports of this crash in Epiphany using xulrunner 1.9, so I > believe this is still an issue. Can you please provide further information about these crashes?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•