Closed
Bug 265371
Opened 21 years ago
Closed 21 years ago
Crash when ISINDEX is used with position: fixed [@ nsBlockBandData::Init]
Categories
(Core :: Layout, defect, P3)
Core
Layout
Tracking
()
VERIFIED
FIXED
mozilla1.8alpha5
People
(Reporter: thomas+mozilla, Assigned: bzbarsky)
References
()
Details
(Keywords: crash, fixed-aviary1.0, fixed1.7.5)
Crash Data
Attachments
(2 files)
|
175 bytes,
text/html
|
Details | |
|
894 bytes,
patch
|
roc
:
review+
roc
:
superreview+
asa
:
approval-aviary+
mkaply
:
approval1.7.5+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5 (KHTML, like Gecko) Safari/125.9
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8a5) Gecko/20041020
I was using iExploder - http://toadstool.se/software/iexploder/ - to do some QA work on FireFox, and
this was the first crash it found. The test case is simple:
<isindex style="position: fixed; ">
This happens in FireFox and Mozilla nightly trunk builds from 2004-10-20, both Linux and Mac OS X.
Reproducible: Always
Steps to Reproduce:
1. Visit http://toadstool.se/software/iexploder/iexploder.cgi?test=18149&lookup=1
2. Wait
Actual Results:
It Crashed
Expected Results:
Probably nothing
Stacktrace:
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000004
Thread 0 Crashed:
0 libgklayout.dylib 0x0200edb4 nsBlockBandData::Init(nsSpaceManager*, nsSize const&) + 0x8
1 libgklayout.dylib 0x02018bd0 nsBlockReflowState::
nsBlockReflowState[unified](nsHTMLReflowState const&, nsPresContext*, nsBlockFrame*,
nsHTMLReflowMetrics const&, int) + 0x240
2 libgklayout.dylib 0x0200fb18 nsBlockFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&,
nsHTMLReflowState const&, unsigned&) + 0x1e8
3 libgklayout.dylib 0x02088700 nsIsIndexFrame::Reflow(nsPresContext*,
nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 0x20
4 libgklayout.dylib 0x0200e388 nsAbsoluteContainingBlock::ReflowAbsoluteFrame(nsIFrame*,
nsPresContext*, nsHTMLReflowState const&, int, int, nsIFrame*, nsReflowReason, unsigned&) + 0x190
5 libgklayout.dylib 0x0200e0d0 nsAbsoluteContainingBlock::IncrementalReflow(nsIFrame*,
nsPresContext*, nsHTMLReflowState const&, int, int, int&) + 0xec
6 libgklayout.dylib 0x02068da4 ViewportFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&,
nsHTMLReflowState const&, unsigned&) + 0x250
7 libgklayout.dylib 0x0204f2cc IncrementalReflow::Dispatch(nsPresContext*,
nsHTMLReflowMetrics&, nsSize const&, nsIRenderingContext&) + 0x11c
8 libgklayout.dylib 0x020593ac PresShell::ProcessReflowCommands(int) + 0x208
9 libgklayout.dylib 0x023572f0 0x2008000 + 0x34f2f0
10 libxpcom.dylib 0x0032def8 PL_HandleEvent + 0x24
11 libxpcom.dylib 0x0032de1c PL_ProcessPendingEvents + 0x80
12 libxpcom.dylib 0x0032e300 _md_EventReceiverProc + 0x74
Crash:
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000004
Thread 0 Crashed:
0 libgklayout.dylib 0x0200edb4 nsBlockBandData::Init(nsSpaceManager*, nsSize const&) + 0x8
1 libgklayout.dylib 0x02018bd0 nsBlockReflowState::
nsBlockReflowState[unified](nsHTMLReflowState const&, nsPresContext*, nsBlockFrame*,
nsHTMLReflowMetrics const&, int) + 0x240
2 libgklayout.dylib 0x0200fb18 nsBlockFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&,
nsHTMLReflowState const&, unsigned&) + 0x1e8
3 libgklayout.dylib 0x02088700 nsIsIndexFrame::Reflow(nsPresContext*,
nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 0x20
4 libgklayout.dylib 0x0200e388 nsAbsoluteContainingBlock::ReflowAbsoluteFrame(nsIFrame*,
nsPresContext*, nsHTMLReflowState const&, int, int, nsIFrame*, nsReflowReason, unsigned&) + 0x190
5 libgklayout.dylib 0x0200e0d0 nsAbsoluteContainingBlock::IncrementalReflow(nsIFrame*,
nsPresContext*, nsHTMLReflowState const&, int, int, int&) + 0xec
6 libgklayout.dylib 0x02068da4 ViewportFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&,
nsHTMLReflowState const&, unsigned&) + 0x250
7 libgklayout.dylib 0x0204f2cc IncrementalReflow::Dispatch(nsPresContext*,
nsHTMLReflowMetrics&, nsSize const&, nsIRenderingContext&) + 0x11c
8 libgklayout.dylib 0x020593ac PresShell::ProcessReflowCommands(int) + 0x208
9 libgklayout.dylib 0x023572f0 0x2008000 + 0x34f2f0
10 libxpcom.dylib 0x0032def8 PL_HandleEvent + 0x24
11 libxpcom.dylib 0x0032de1c PL_ProcessPendingEvents + 0x80
12 libxpcom.dylib 0x0032e300 _md_EventReceiverProc + 0x74
13 com.apple.HIToolbox 0x927d1fc8 DispatchEventToHandlers + 0x150
|
Reporter | |
Comment 1•21 years ago
|
||
Warning: clicking on this attachment will crash Mozilla and FireFox
|
||
Comment 2•21 years ago
|
||
confirming with win2k build 20041018
Assignee: general → nobody
Status: UNCONFIRMED → NEW
Component: Browser-General → Layout
Ever confirmed: true
Keywords: crash
QA Contact: general → core.layout
|
|
||
Comment 3•21 years ago
|
||
could be related to bug 200347 (fixed a long time ago)
|
|
Assignee | |
Comment 4•21 years ago
|
||
|
|
Assignee | |
Comment 5•21 years ago
|
||
Comment on attachment 163024 [details] [diff] [review]
Fix
isindex should just always have a space manager...
Attachment #163024 -
Flags: superreview?(roc)
Attachment #163024 -
Flags: review?(roc)
Summary: Crash when ISINDEX is used with position: fixed → Crash when ISINDEX is used with position: fixed [@ nsBlockBandData::Init]
Attachment #163024 -
Flags: superreview?(roc)
Attachment #163024 -
Flags: superreview+
Attachment #163024 -
Flags: review?(roc)
Attachment #163024 -
Flags: review+
|
|
Assignee | |
Updated•21 years ago
|
Assignee: nobody → bzbarsky
Priority: -- → P3
Target Milestone: --- → mozilla1.8alpha5
|
|
Assignee | |
Comment 6•21 years ago
|
||
Comment on attachment 163024 [details] [diff] [review]
Fix
This crash fix is pretty straightforward; probably worth taking on the
branches.
Attachment #163024 -
Flags: approval1.7.x?
Attachment #163024 -
Flags: approval-aviary?
|
|
Assignee | |
Comment 7•21 years ago
|
||
Fixed on trunk.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
|
||
Comment 8•21 years ago
|
||
Comment on attachment 163024 [details] [diff] [review]
Fix
a=mkaply for 1.7.
Sent a note to aviary for aviary approval.
I think we need this for aviary. For some reason, this crash completely
corrupted my Mozilla when it happened.
Attachment #163024 -
Flags: approval1.7.x? → approval1.7.x+
|
||
Comment 9•21 years ago
|
||
Comment on attachment 163024 [details] [diff] [review]
Fix
a=asa for aviary checkin.
Attachment #163024 -
Flags: approval-aviary? → approval-aviary+
|
|
||
Comment 11•21 years ago
|
||
vrfy'd fixed on linux and mac using 200411030x-0.11 bits. don't crash when
visiting either the URL in comment 0 or the testcase.
Status: RESOLVED → VERIFIED
|
||
Updated•14 years ago
|
Crash Signature: [@ nsBlockBandData::Init]
You need to log in
before you can comment on or make changes to this bug.
Description
•