Closed
Bug 273458
Opened 21 years ago
Closed 20 years ago
crash in [@ nsHTMLReflowState::GetContainingBlockFor ] on CTRL+END
Categories
(Core :: DOM: CSS Object Model, defect, P1)
Core
DOM: CSS Object Model
Tracking
()
VERIFIED
FIXED
mozilla1.8alpha6
People
(Reporter: boofy_bloke, Assigned: bzbarsky)
References
Details
(Keywords: crash, regression, topcrash+)
Crash Data
Attachments
(3 files)
|
4.14 KB,
text/plain
|
Details | |
|
13.16 KB,
text/plain
|
Details | |
|
7.27 KB,
patch
|
dbaron
:
review+
dbaron
:
review+
dbaron
:
superreview+
dbaron
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a6) Gecko/20041203
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a6) Gecko/20041203
Sometimes, and only sometimes, Composer crashes if I CTRL+END. I haven't found
any other pattern yet.
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Found it. If the cursor is in a table and I CTRL+END then Mozilla crashes.
|
||
Comment 2•21 years ago
|
||
Confirming, moving to right component. This is layout, actually.
Status: UNCONFIRMED → NEW
Component: Composer → Layout: View Rendering
Ever confirmed: true
Keywords: crash
Product: Mozilla Application Suite → Core
Version: unspecified → 1.0 Branch
|
|
||
Comment 3•21 years ago
|
||
Confirming, moving to right component. This is layout, actually.
Version: 1.0 Branch → Trunk
|
|
||
Comment 4•21 years ago
|
||
nsHTMLReflowState::GetContainingBlockFor
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsHTMLReflowState.cpp,
line 390]
nsComputedDOMStyle::GetAbsoluteOffset
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/html/style/src/nsComputedDOMStyle.cpp,
line 2955]
nsComputedDOMStyle::GetOffsetWidthFor
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/html/style/src/nsComputedDOMStyle.cpp,
line 2937]
nsComputedDOMStyle::GetLeft
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/html/style/src/nsComputedDOMStyle.cpp,
line 2882]
nsComputedDOMStyle::GetPropertyCSSValue
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/html/style/src/nsComputedDOMStyle.cpp,
line 323]
GetCSSFloatValue
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/editor/libeditor/html/nsHTMLAnonymousUtils.cpp,
line 70]
nsHTMLEditor::GetPositionAndDimensions
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/editor/libeditor/html/nsHTMLAnonymousUtils.cpp,
line 361]
nsHTMLEditor::ShowResizers
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/editor/libeditor/html/nsHTMLObjectResizer.cpp,
line 381]
nsHTMLEditor::CheckSelectionStateForAnonymousButtons
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/editor/libeditor/html/nsHTMLAnonymousUtils.cpp,
line 293]
ResizerSelectionListener::NotifySelectionChanged
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/editor/libeditor/html/nsHTMLObjectResizer.cpp,
line 125]
nsTypedSelection::NotifySelectionListeners
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/base/src/nsSelection.cpp,
line 7298]
nsSelection::NotifySelectionListeners
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/base/src/nsSelection.cpp,
line 3023]
nsSelection::TakeFocus
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/base/src/nsSelection.cpp,
line 2641]
nsSelection::HandleClick
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/base/src/nsSelection.cpp,
line 2418]
PresShell::CompleteMove
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp,
line 3249]
nsSelectionMoveCommands::DoCommand
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/editor/libeditor/base/nsEditorCommands.cpp,
line 609]
nsControllerCommandTable::DoCommand
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/embedding/components/commandhandler/src/nsControllerCommandTable.cpp,
line 192]
nsBaseCommandController::DoCommand
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/embedding/components/commandhandler/src/nsBaseCommandController.cpp,
line 132]
nsXBLPrototypeHandler::ExecuteHandler
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp,
line 353]
nsXBLWindowHandler::WalkHandlersInternal
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xbl/src/nsXBLWindowHandler.cpp,
line 305]
nsXBLWindowKeyHandler::WalkHandlers
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xbl/src/nsXBLWindowKeyHandler.cpp,
line 197]
nsXBLWindowKeyHandler::KeyPress
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xbl/src/nsXBLWindowKeyHandler.cpp,
line 250]
DispatchToInterface
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/events/src/nsEventListenerManager.cpp,
line 129]
nsEventListenerManager::HandleEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/events/src/nsEventListenerManager.cpp,
line 1601]
nsWindowRoot::HandleChromeEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/dom/src/base/nsWindowRoot.cpp,
line 227]
GlobalWindowImpl::HandleDOMEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/dom/src/base/nsGlobalWindow.cpp,
line 939]
nsXULDocument::HandleDOMEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xul/document/src/nsXULDocument.cpp,
line 1248]
nsXULElement::HandleDOMEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2847]
nsXULElement::HandleDOMEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2839]
nsXULElement::HandleDOMEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2839]
nsXULElement::HandleDOMEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2839]
nsXULElement::HandleDOMEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2839]
nsXULElement::HandleDOMEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2839]
nsXULElement::HandleChromeEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp,
line 3949]
GlobalWindowImpl::HandleDOMEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/dom/src/base/nsGlobalWindow.cpp,
line 939]
nsDocument::HandleDOMEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/base/src/nsDocument.cpp,
line 3837]
nsGenericElement::HandleDOMEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/base/src/nsGenericElement.cpp,
line 2030]
PresShell::HandleEventInternal
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp,
line 5944]
PresShell::HandleEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp,
line 5804]
nsViewManager::HandleEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsViewManager.cpp,
line 2354]
nsViewManager::DispatchEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsViewManager.cpp,
line 2131]
HandleEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsView.cpp,
line 174]
nsWindow::DispatchEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp,
line 1078]
nsWindow::DispatchWindowEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp,
line 1095]
nsWindow::DispatchKeyEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp,
line 3004]
nsWindow::OnKeyDown
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp,
line 3129]
nsWindow::ProcessMessage
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp,
line 3975]
nsWindow::WindowProc
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp,
line 1356]
USER32.dll + 0x8709 (0x77d48709)
USER32.dll + 0x87eb (0x77d487eb)
USER32.dll + 0x89a5 (0x77d489a5)
USER32.dll + 0x89e8 (0x77d489e8)
nsAppShell::Run
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsAppShell.cpp,
line 159]
nsAppStartup::Run
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/components/startup/src/nsAppStartup.cpp,
line 216]
main1
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp,
line 1330]
main
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp,
line 1801]
WinMain
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp,
line 1827]
WinMainCRTStartup()
kernel32.dll + 0x16d4f (0x7c816d4f)
Summary: crash on CTRL+END → crash in [@ nsHTMLReflowState::GetContainingBlockFor ] on CTRL+END
|
|
||
Updated•21 years ago
|
Assignee: composer → roc
QA Contact: ian
I was just about to file a bug on a crash in designMode='on' but the call stack
seems the same as this one.
Testcase:
http://www.pikey.me.uk/mozilla/test/designmode.html
Regression window:
Works: 2004-11-24 (Firefox trunk nightly)
Crashes: 2004-11-25 (Firefox trunk nightly)
Both Bug 209694 and Bug 263374 changed nsHTMLReflowState in that timeframe.
Should I file a separate bug or is this the same thing (sorry in advance for
the spam if I should have done the former)?
|
||
Comment 6•21 years ago
|
||
Adding topcrash+ keyword. This is at the top of the crash list for MozillaTrunk
builds and is easily reproducible.
Keywords: topcrash+
|
||
Comment 7•21 years ago
|
||
The 2004-11-25 windows trunk build of Mozilla also crashes. That is a build
without the patch from bug 209694, so the fix for that bug is not the cause of
this regression.
|
||
Updated•20 years ago
|
Keywords: regression
|
|
||
Comment 8•20 years ago
|
||
When I apply the patch from bug 263374 with a debug build from 2004-11-20, I
crash with the testcase
The first part of this backtrace is when loading the testcase.
The part with/after the assertion "!! ASSERTION: Must have frame to work with:
'aFrame'" is when I do the resize in the testcase.
|
|
||
Comment 9•20 years ago
|
||
*** Bug 274441 has been marked as a duplicate of this bug. ***
|
|
||
Updated•20 years ago
|
Flags: blocking1.8a6?
|
|
||
Comment 10•20 years ago
|
||
CC-ing Boris. Boris, please look at comment 8 why I CC-ed you.
Blocks: 263374
|
|
Assignee | |
Comment 11•20 years ago
|
||
Yeah, this is my bug.... The computed style code needs null-checks. I wonder why
composer is even calling it in this case, though Will look into it.
Assignee: roc → general
Component: Layout: View Rendering → DOM: CSSOM
OS: Windows XP → All
Hardware: PC → All
|
|
Assignee | |
Comment 12•20 years ago
|
||
Specifically, I will look when I get back...
Assignee: general → bzbarsky
Priority: -- → P1
Target Milestone: --- → mozilla1.8alpha6
|
|
Assignee | |
Comment 13•20 years ago
|
||
|
|
Assignee | |
Updated•20 years ago
|
Attachment #170263 -
Flags: superreview?(dbaron)
Attachment #170263 -
Flags: review?(dbaron)
Attachment #170263 -
Flags: superreview+
Attachment #170263 -
Flags: review+
Attachment #170263 -
Flags: superreview?(dbaron)
Attachment #170263 -
Flags: superreview+
Attachment #170263 -
Flags: review?(dbaron)
Attachment #170263 -
Flags: review+
|
|
Assignee | |
Comment 14•20 years ago
|
||
Fix checked in for 1.8a6
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 15•20 years ago
|
||
*** Bug 277049 has been marked as a duplicate of this bug. ***
|
||
Comment 16•20 years ago
|
||
*** Bug 275663 has been marked as a duplicate of this bug. ***
|
||
Updated•20 years ago
|
Flags: blocking1.8a6?
|
||
Comment 17•20 years ago
|
||
Boris, can you check again? I crashed in Composer after resizing a table and
doing Ctrl+End. I was just testing if this bug was fixed. Mozilla 1.8a6 build
2005010606 XP Pro SP2 here.
Talkback incident ID: TB2957025W
|
|
||
Comment 18•20 years ago
|
||
Also Talkback incident ID: 2957309
which was also received by talkback server.
Steps I did:
1- Created a default 2x2 table in Composer
2- clicked in the bottom-right cell (so that blinking caret and cell resizing
grippies get visible, rendered)
3- Typed in Ctrl+End
4- crashed
REOPENING
Ctrl+End is not a documented keyboard shortcut key in Composer nor in other
components (General, Navigator or Mail&News) for the Windows platform.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 19•20 years ago
|
||
That talkback incident has no useful data... any chance of another one?
And yes, I'm sure that the crash with the stack in comment 4 is fixed. The
crash in your talkback seems to have a totally different stack (inasmuch as I
can tell without symbols). I just tried the URL in comment 5, resized the
table, hit Ctrl-end, no crash (current debug build with the patch in this bug).
If you have a testcase that shows the problem, please attach it to this bug (or
file a separate bug, perhaps?).
|
|
Assignee | |
Comment 20•20 years ago
|
||
OK. With the steps in comment 18 I can reproduce a crash. It's a different
crash from the one that has a stack in comment 4, which is what this bug was
reported on. Re-resolving this bug; please file a new bug on that crash and
I'll look into it?
Status: REOPENED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 21•20 years ago
|
||
I've done some debugging on that crash. It's a longstanding core editor bug;
I'm not sure why it never got noticed before. I've filed it as bug 277306.
Blocks: 277306
|
|
||
Comment 22•20 years ago
|
||
the fix here fix the issue I saw in bug 277049 with resizing a table. tested
with 2005010606-trunk mozilla bits on Mac OS X 10.3.7.
|
|
Reporter | |
Comment 23•20 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a6) Gecko/20050109
CTRL+END causes the cursor to disappear and something weird displays at the top
left of the page. Every keyboard function (menus, etc.) ceases to work.
If I click on the page with the mouse everything works as normal.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 24•20 years ago
|
||
Sorry, that has nothing to do with this bug (which was about a crash in a
specific place). Please file as separate bug on that. That's an editor issue,
core or front end, not a CSSOM issue.
Status: REOPENED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → FIXED
2005-01-05 was the last MozillaTrunk build to crash on this testcase (talkback
data), and I've also tested the testcases in comment 0, comment 1, and comment 18.
All work fine now using build 2005-01-28-04 on Windows XP Seamonkey trunk.
Verified FIXED.
Status: RESOLVED → VERIFIED
Big typo: I really meant to type 2005-01-04, as in 2005010406 as the last build
that crashed. (A crash in 2005-01-05 would mean the patch didn't work, but as
it did, this is verified FIXED.)
|
||
Updated•14 years ago
|
Crash Signature: [@ nsHTMLReflowState::GetContainingBlockFor ]
You need to log in
before you can comment on or make changes to this bug.
Description
•