Closed Bug 274791 Opened 20 years ago Closed 20 years ago

crash [@nsIFrame::GetStyleData]

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 137216

People

(Reporter: csthomas, Unassigned)

References

(
URL
)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(2 files)

stack
5.07 KB, text/plain
Details
Testcase
357 bytes, application/vnd.mozilla.xul+xml
Details 
To reproduce:
1. Visit URL http://ctho.ath.cx/tmp/mozcrash/test.xul
2. Click the "start" button, then "run"
3. The browser either crashes immediately, or asserts a few times and becomes
unusable, and may subsequently crash (mrbkap seems to be experiencing this)

When I crash, nsHTMLReflowState passed "null" for blockFrame to
CalculateHypotheticalBox.  aBlockFrame is null, but ->GetStyleVisibility doesn't
crash directly until GetStyleData, which is trying to assert at
http://lxr.mozilla.org/seamonkey/source/layout/generic/nsIFrame.h#611 but "this"
is null, so accessing mStyleContext causes the crash.

Filing unconfirmed as my testcase is far from minimized.  Stack coming in a minute.
Some tracing by Callek found that
http://lxr.mozilla.org/mozilla/source/layout/generic/nsHTMLReflowState.cpp#827
derefences aBlockFrame, even though
http://lxr.mozilla.org/mozilla/source/layout/generic/nsHTMLReflowState.cpp#836
implies null is an expected value.  The dereference can't be moved into the
if(aBlockFrame) though, because it's used outside of the if later here (actually
its only use):
http://lxr.mozilla.org/mozilla/source/layout/generic/nsHTMLReflowState.cpp#888
Severity: normal → critical
Keywords: crash
Attached file Testcase 
Minimal testcase based on that site.
This testcase doesn't crash for me in:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031030
But it crashes for me in:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031208
aloha, a abs. pos. xul box that changes display type, boris likes this stuff ;-)
(In reply to comment #2)
> even though
> http://lxr.mozilla.org/mozilla/source/layout/generic/nsHTMLReflowState.cpp#836
> implies null is an expected value.

More likely, it implies that whoever wrote the code believed that all pointers
should be null-checked even when they should never be null.
Isn't this just a dup of bug 137216?
Depends on: 137216

*** This bug has been marked as a duplicate of 137216 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Crash Signature: [@nsIFrame::GetStyleData]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: