Closed
Bug 282175
Opened 20 years ago
Closed 20 years ago
toggling table parts between fixed and inherit crashes
Categories
(Core :: Layout: Tables, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: ajschult784, Assigned: bernd_mozilla)
Details
(Keywords: crash, testcase)
Attachments
(7 files, 1 obsolete file)
|
1.44 KB,
text/html
|
Details | |
|
4.03 KB,
text/plain
|
Details | |
|
5.30 KB,
text/html
|
Details | |
|
1.56 KB,
text/html
|
Details | |
|
912 bytes,
text/html
|
Details | |
|
1.24 KB,
text/html
|
Details | |
|
1.05 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
asa
:
approval1.8b2+
|
Details | Diff | Splinter Review |
With linux trunk 2005021305, toggling various table parts between "fixed" and
"inherit" positioning eventually crashes the browser.
|
Reporter | |
Comment 1•20 years ago
|
||
this crashes linux trunk 2005021305. it generally takes ~100 switches before
the crash
|
|
Reporter | |
Comment 2•20 years ago
|
||
|
||
Comment 3•20 years ago
|
||
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8b) Gecko/20050213
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=TB3685030K
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=TB3684990Z
Stack Signature nsHTMLReflowState::CalculateHypotheticalBox
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=stacksig&match=contains&searchfor=nsHTMLReflowState%3A%3ACalculateHypotheticalBox&vendor=All&product=All&platform=All&buildid=&sdate=&stime=&edate=&etime=&sortby=bbid
OS: Linux → All
|
||
Comment 4•20 years ago
|
||
All the stack shows is that we're trying to work with a deleted frame.
I tested a build from Jan 19, and that crashes too. So the fact that we go
through WillPaint() here is incidental.
Note that my devel builds also crash, so none of the random crash fixes I have
pending affect this...
if somebody could reduce the testcase even further that would be great.
|
|
Reporter | |
Comment 7•20 years ago
|
||
The patch seems to fix the crash, however it does not fix the vanish testcase
Assignee: nobody → bernd_mozilla
Status: NEW → ASSIGNED
|
Assignee | |
Comment 10•20 years ago
|
||
it fixes also the vanish testcase, the problem that this patches addresses is:
one should not permit the creation of pseudoframes and then not process them.
We need to process them there as revert to the old pseudo frame state will
loose them otherwise.
Attachment #181634 -
Attachment is obsolete: true
Attachment #181637 -
Flags: superreview?(bzbarsky)
Attachment #181637 -
Flags: review?(bzbarsky)
|
|
||
Comment 11•20 years ago
|
||
Comment on attachment 181637 [details] [diff] [review]
patch rev1
r+sr=bzbarsky
Attachment #181637 -
Flags: superreview?(bzbarsky)
Attachment #181637 -
Flags: superreview+
Attachment #181637 -
Flags: review?(bzbarsky)
Attachment #181637 -
Flags: review+
|
|
Assignee | |
Comment 12•20 years ago
|
||
Comment on attachment 181637 [details] [diff] [review]
patch rev1
I did rtest it, the risk is medium, but without the patch we will certainly
loose pseudo frames if we hit this code.
Attachment #181637 -
Flags: approval1.8b2?
|
||
Comment 13•20 years ago
|
||
Comment on attachment 181637 [details] [diff] [review]
patch rev1
a=asa
Attachment #181637 -
Flags: approval1.8b2? → approval1.8b2+
|
|
Assignee | |
Comment 14•20 years ago
|
||
fix checked in
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
||
Comment 15•16 years ago
|
||
layout/tables/crashtests/282175-1.html
http://hg.mozilla.org/mozilla-central/rev/b0337b6287f3
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•