Closed Bug 280618 Opened 20 years ago Closed 19 years ago

say no to foreign colgroup children

Categories

(Core :: Layout: Tables, defect)

Product:
Core
Component:
Layout: Tables
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: bernd_mozilla, Assigned: bernd_mozilla)

References

(
URL
)

Details

(Keywords: crash, testcase, Whiteboard: mangleme)

Attachments

(1 file, 1 obsolete file)

revised patch
4.54 KB, patch
bzbarsky
: review+
bzbarsky
: superreview+
asa
: approval1.8b+
Details | Diff | Splinter Review 
see https://bugzilla.mozilla.org/show_bug.cgi?id=265867#c28

<DIV STYLE="display:table-column-group;">
  <DIV>Hello</DIV>
</DIV>

the inner div should not create a frame, even if by some code path it does, it
should never be reflown.

patch coming soon
Note that the same is true for table-column frames.

Please make sure to fix ContentAppended and ContentInserted, not just
TableProcessChild...
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b) Gecko/20050201
Firefox/1.0+

The testcase referenced at http://exchangecode.com/crashbugs/265867.html crashes
on the Mac.
Hixie at w3c-style:

On Mon, 31 Jan 2005, Boris Zbarsky wrote:

>> 
>> Section 17.2.1 seems to miss a few cases of nesting of various types of table
>> elements.  In particular, I am interested in the following cases:
>> 
>> 1) A child T of a table-column-group P when T is not a table-column
>> 2) A child T of a table-column P


No anonymous boxes are created in those cases (since nothing is described 
in that section).



>> Should any sort of anonymous objects be generated in these cases?  If not,
>> what should be the rendering?


# Elements with 'display' set to 'table-column' or 'table-column-group' 
# are not rendered (exactly as if they had 'display: none'), but they are 
# useful, because they may have attributes which induce a certain style 
# for the columns they represent."
 -- http://www.w3.org/TR/CSS21/tables.html#q2
URL: http://exchangecode.com/crashbugs/265...
Keywords: crash, testcase
Attached patch patch (obsolete) — Splinter Review 

    
    

    
  

      
      
      
      

        Attached patch
          
          
        revised patchSplinter Review
      

    


  

        Attachment #173467 -
        Attachment is obsolete: true

        Attachment #173781 -
        Flags: superreview?(bzbarsky)

        Attachment #173781 -
        Flags: review?(bzbarsky)

    
    

    
  
Comment on attachment 173781 [details] [diff] [review]
revised patch

r+sr=bzbarsky

        Attachment #173781 -
        Flags: superreview?(bzbarsky)

        Attachment #173781 -
        Flags: superreview+

        Attachment #173781 -
        Flags: review?(bzbarsky)

        Attachment #173781 -
        Flags: review+

    
    

    
  
Comment on attachment 173781 [details] [diff] [review]
revised patch

I rtested the patch, it fixes one of these mangleme crashes

        Attachment #173781 -
        Flags: approval1.8b?

    
  
Blocks: 265867
Severity: normal → critical
Whiteboard: mangleme

    
    

    
  
Comment on attachment 173781 [details] [diff] [review]
revised patch

a=asa for 1.8b checkin

        Attachment #173781 -
        Flags: approval1.8b? → approval1.8b+

    
    

    
  
fix checked in

    
  
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED

    
    

    
  
*** Bug 282172 has been marked as a duplicate of this bug. ***

    
    

    
  
in-testsuite+ covered by the crashtest for bug 265867 (in my tree, will push soon).
Flags: in-testsuite+

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: