Closed Bug 287981 Opened 20 years ago Closed 17 years ago

Crash when viewing web page [@ GetNearestContainingBlock()] up to Deer Park and Flashblock 1.3.1

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Version:
1.7 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: ming.lei, Unassigned)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

testcase
189 bytes, text/html
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 Linux FireFox 1.0.1 and 1.0.2 got SIGSEGV when viewing some web pages on www.sohu.com. Disabling JavaScript will make the bug disappear. Debuggin in GDB shows that FireFox is trying to dereference a NULL array pointer when handling an array. FireFox on Windows XP doesn't show this bug (is this a GCC bug?). KDE's Konqueror can render the pages with no problem :-) The FireFox I use is the precompiled binaries I downloaded from the Mozilla.org. I use GTK 2.2.4 and kernel 2.4.21 on this system. Reproducible: Always Steps to Reproduce: 1. Make sure the JavaScript support is enabled. 2. Go to http://news.sohu.com/20050328/n224890587.shtml 3. Wait the page rendering done. Actual Results: FireFox crashes when the page rendering is almost done. Expected Results: Should show this page without crash.
In GDB: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1229778272 (LWP 2186)] 0x084238bb in nsPRUint32Key::Clone ()Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1229778272 (LWP 2186)]
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050327 Firefox/1.0+ Site's slow, but it doesn't crash for me.
Version: unspecified → 1.0 Branch
(In reply to comment #2) > Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050327 > Firefox/1.0+ > > Site's slow, but it doesn't crash for me. You are using FireFox's Windows port, however, I said this bug doesn't show on Windows platform :-) Can you try it on a Linux system?
Lei Ming: Could you provide Talkback incident ID of your crash?
Keywords: crash
(In reply to comment #4) > Lei Ming: Could you provide Talkback incident ID of your crash? The Talkback incident ID is TB4700455G Please check it out. Thanks.
Incident ID: 4700455 Stack Signature GetNearestContainingBlock() eeb8beaa Product ID Firefox10 Build ID 2005022519 Trigger Time 2005-03-29 19:40:22.0 Platform LinuxIntel Operating System Linux 2.4.21-9.30AX Module firefox-bin + (003db517) URL visited http://news.sohu.com/20050328/n224890587.shtml User Comments Browsing thie Web page. Since Last Crash 0 sec Total Uptime 11 sec Trigger Reason SIGSEGV: Segmentation Fault: (signal 11) Source File, Line No. /builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsHTMLReflowState.cpp, line 642 Stack Trace GetNearestContainingBlock() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsHTMLReflowState.cpp, line 642] nsHTMLReflowState::InitAbsoluteConstraints() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsHTMLReflowState.cpp, line 613] nsHTMLReflowState::InitConstraints() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsHTMLReflowState.cpp, line 1844] nsHTMLReflowState::nsHTMLReflowState() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsHTMLReflowState.cpp, line 308] nsAbsoluteContainingBlock::ReflowAbsoluteFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsAbsoluteContainingBlock.cpp, line 421] nsAbsoluteContainingBlock::IncrementalReflow() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsAbsoluteContainingBlock.cpp, line 298] nsBlockFrame::Reflow() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsBlockFrame.cpp, line 638] nsContainerFrame::ReflowChild() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsContainerFrame.cpp, line 982] CanvasFrame::Reflow() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsHTMLFrame.cpp, line 554] nsBoxToBlockAdaptor::Reflow() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/xul/base/src/nsBoxToBlockAdaptor.cpp, line 884] nsBoxToBlockAdaptor::DoLayout() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/xul/base/src/nsBoxToBlockAdaptor.cpp, line 628] nsBox::Layout() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/xul/base/src/nsBox.cpp, line 1016] nsScrollBoxFrame::DoLayout() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/xul/base/src/nsScrollBoxFrame.cpp, line 337] nsBox::Layout() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/xul/base/src/nsBox.cpp, line 1016] nsContainerBox::LayoutChildAt() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/xul/base/src/nsContainerBox.cpp, line 654] nsGfxScrollFrameInner::Layout() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsGfxScrollFrame.cpp, line 1421] nsGfxScrollFrame::DoLayout() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsGfxScrollFrame.cpp, line 1272] nsBox::Layout() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/xul/base/src/nsBox.cpp, line 1016] nsBoxFrame::Reflow() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 868] nsGfxScrollFrame::Reflow() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsGfxScrollFrame.cpp, line 870] nsContainerFrame::ReflowChild() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsContainerFrame.cpp, line 982] ViewportFrame::Reflow() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsViewportFrame.cpp, line 252] IncrementalReflow::Dispatch() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp, line 53] PresShell::ProcessReflowCommands() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp, line 6397] PresShell::FlushPendingNotifications() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp, line 5114] nsDocument::FlushPendingNotifications() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/content/base/src/nsDocument.cpp, line 710] nsHTMLDocument::FlushPendingNotifications() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/content/html/document/src/nsHTMLDocument.cpp, line 1357] nsHTMLExternalObjSH::GetPluginInstance() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 710] nsHTMLExternalObjSH::PostCreate() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 6764] XPCWrappedNative::GetNewOrUsed() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 1477] XPCConvert::NativeInterface2JSObject() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/js/src/xpconnect/src/xpcconvert.cpp, line 1061] nsXPConnect::WrapNative() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/js/src/xpconnect/src/nsXPConnect.cpp, line 567] nsXBLPrototypeHandler::ExecuteHandler() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp, line 420] nsXBLPrototypeHandler::BindingAttached() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp, line 228] nsXBLBinding::ExecuteAttachedHandler() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/content/xbl/src/nsXBLBinding.cpp, line 729] nsBindingManager::ProcessAttachedQueue() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/content/xbl/src/nsBindingManager.cpp, line 710] nsCSSFrameConstructor::ContentAppended() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 658] PresShell::ContentAppended() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp, line 5221] nsDocument::ContentAppended() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/content/base/src/nsDocument.cpp, line 61] nsGenericElement::InsertChildAt() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/content/base/src/nsGenericElement.cpp, line 2521] nsGenericElement::doInsertBefore() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/content/base/src/nsGenericElement.cpp, line 2888] InsertElementTxn::DoTransaction() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/editor/libeditor/base/InsertElementTxn.cpp, line 117] nsTransactionItem::DoTransaction() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/editor/txmgr/src/nsTransactionItem.cpp, line 183] nsTransactionManager::BeginTransaction() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/editor/txmgr/src/nsTransactionManager.cpp, line 1072] nsTransactionManager::DoTransaction() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/editor/txmgr/src/nsTransactionManager.cpp, line 133] nsEditor::DoTransaction() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/editor/libeditor/base/nsEditor.cpp, line 710] nsEditor::InsertNode() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/editor/libeditor/base/nsEditor.cpp, line 1211] nsEditor::InsertTextImpl() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/editor/libeditor/base/nsEditor.cpp, line 2376] nsTextEditRules::WillInsertText() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/editor/libeditor/text/nsTextEditRules.cpp, line 1082] nsTextEditRules::WillDoAction() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/editor/libeditor/text/nsTextEditRules.cpp, line 275] nsPlaintextEditor::InsertText() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/editor/libeditor/text/nsPlaintextEditor.cpp, line 918] nsTextControlFrame::SetValue() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/forms/src/nsTextControlFrame.cpp, line 710] nsTextControlFrame::InitEditor() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/forms/src/nsTextControlFrame.cpp, line 710] nsCSSFrameConstructor::CreateAnonymousFrames() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 59] nsCSSFrameConstructor::ConstructHTMLFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 4959] nsCSSFrameConstructor::ConstructFrameInternal() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 7242] nsCSSFrameConstructor::ConstructFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 7140] nsCSSFrameConstructor::ProcessChildren() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 59] nsCSSFrameConstructor::ConstructTableCellFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 2996] nsCSSFrameConstructor::TableProcessChild() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 1034] nsCSSFrameConstructor::TableProcessChildren() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 704] nsCSSFrameConstructor::ConstructTableRowFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 2845] nsCSSFrameConstructor::TableProcessChild() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 1034] nsCSSFrameConstructor::TableProcessChildren() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 704] nsCSSFrameConstructor::ConstructTableRowGroupFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 2734] nsCSSFrameConstructor::TableProcessChild() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 1034] nsCSSFrameConstructor::TableProcessChildren() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 704] nsCSSFrameConstructor::ConstructTableFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 2612] nsCSSFrameConstructor::ConstructFrameByDisplayType() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 6454] nsCSSFrameConstructor::ConstructFrameInternal() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 1034] nsCSSFrameConstructor::ConstructFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 7140] nsCSSFrameConstructor::ProcessChildren() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 59] nsCSSFrameConstructor::ConstructTableCellFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 2996] nsCSSFrameConstructor::TableProcessChild() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 1034] nsCSSFrameConstructor::TableProcessChildren() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 704] nsCSSFrameConstructor::ConstructTableRowFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 2845] nsCSSFrameConstructor::TableProcessChild() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 1034] nsCSSFrameConstructor::TableProcessChildren() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 704] nsCSSFrameConstructor::ConstructTableRowGroupFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 2734] nsCSSFrameConstructor::TableProcessChild() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 1034] nsCSSFrameConstructor::TableProcessChildren() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 704] nsCSSFrameConstructor::ConstructTableFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 2612] nsCSSFrameConstructor::ConstructFrameByDisplayType() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 6454] nsCSSFrameConstructor::ConstructFrameInternal() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 1034] nsCSSFrameConstructor::ConstructFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 7140] nsCSSFrameConstructor::ProcessChildren() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 59] nsCSSFrameConstructor::ConstructTableCellFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 2996] nsCSSFrameConstructor::TableProcessChild() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 1034] nsCSSFrameConstructor::TableProcessChildren() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 704] nsCSSFrameConstructor::ConstructTableRowFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 2845] nsCSSFrameConstructor::TableProcessChild() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 1034] nsCSSFrameConstructor::TableProcessChildren() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 704] nsCSSFrameConstructor::ConstructTableRowGroupFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 2734] nsCSSFrameConstructor::TableProcessChild() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 1034] nsCSSFrameConstructor::TableProcessChildren() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 704] nsCSSFrameConstructor::ConstructTableFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 2612] nsCSSFrameConstructor::ConstructFrameByDisplayType() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 6454] nsCSSFrameConstructor::ConstructFrameInternal() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 1034] nsCSSFrameConstructor::ConstructFrame() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 7140] nsCSSFrameConstructor::ProcessChildren() [/builds/tinderbox/Fx-Aviary1.0.1/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 59] *** This bug has been marked as a duplicate of 194952 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
It seems bug #194952 is a XBL specific bug. However, the Web page that caused my FireFox's crash does not use any XBL at all. Bug #194952 occurs on all the OSes, but this bug only occur on Linux systems. So, I think the two bugs may not be the same bug. Could you explain it to me, or, could you show me a pure HTML test case (without XBL)?
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
*** This bug has been marked as a duplicate of 133219 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago20 years ago
Resolution: --- → DUPLICATE
(In reply to comment #8) > > *** This bug has been marked as a duplicate of 133219 *** I'm so sorry, but it seems none of the test cases of #133219 can crash my FireFox. So these two bugs may still not be the same one. So, could you please check it again? Thank you heartly in advance! BTW: Where can I download the debug version of the pre-compiled FireFox on the official site? I found building FireFox a little difficult, and the building process takes a long time.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
A debug version (with symbols) is about 150MB... you generally can't download it anywhere; you have to build it yourself. The real question here is whether you can reproduce the crash with a current trunk build. Can you?
Summary: Crash when viewing web page → Crash when viewing web page [@ GetNearestContainingBlock() ]
(In reply to comment #10) > A debug version (with symbols) is about 150MB... you generally can't download it > anywhere; you have to build it yourself. Building is painful...especially for my little slow machine. Would you like to share your debug version with me? > > The real question here is whether you can reproduce the crash with a current > trunk build. Can you? Yes, the latest nightly build still crashes. See TB4750682Z.
I just checked the exact numbers, and the debug version over here is about 480MB (this is with symbols and debug code built into it). That's a long time uploading with an adsl connection... If we get desperate, I can try to put it somewhere where you can download it, but I'd need to find a day when I won't need the net connection for anything else. I still can't reproduce the crash in a debug firefox Linux build, though... Do you have any extensions installed?
(In reply to comment #12) > I just checked the exact numbers, and the debug version over here is about 480MB > (this is with symbols and debug code built into it). That's a long time > uploading with an adsl connection... If we get desperate, I can try to put it > somewhere where you can download it, but I'd need to find a day when I won't > need the net connection for anything else. > > I still can't reproduce the crash in a debug firefox Linux build, though... Do > you have any extensions installed? Yeah, I checked my extensions and found that if I uninstall the popular FlashBlock extension, the bug is gone :-) That's great and I say sorry to you. But still, a popular extension as FlashBlock should not crash FireFox, isn't it? And FlashBlock is useful. I hope we can find a really good fix that let me use FlashBlock without crashing. Thanks!
We have several flashblock-related crashes.... _something_ they do is pretty screwed up. :( Martijn, don't you have a debug build with flashblock? If you do, can you reproduce this crash?
Martijn, I installed the latest FireFox nightly build trunk (20050403) from the URL you gave me in your mail. And with the FlashBlock extension installed, it still crashes for (I think) the same bug. Please see the TalkBack incident ID TB4818856Z. Thanks! BTW: Why all the nightly build's edit preference dialogs look so bad that virtually unusable? That prevents me from using a nightly build for regular works (for fun and for testing) :-(
Assignee: firefox → nobody
Component: General → Layout
Product: Firefox → Core
QA Contact: general → layout
Version: 1.0 Branch → 1.7 Branch
Has anybody tested this with the latest release of Flashblock? A new one came out April 10 which I was unaware of before. I was getting crashes related to this bug with Camino and flashblock, but I just installed Flashblock version 1.3.1 and the crashes seemed to have stopped.
If you were using Flashblock 1.2.9, please upgrade to version 1.3.1 where we have a workaround that makes it less likely to trigger gecko reflow bugs. This doesn't mean that the underlying bugs have gone away or that you will never ever crash.
Philip, some indication of exactly what you guys do that triggers the problems in Gecko would be very very helpful. I've done some reading of the flashblock code and can't see anything obvious, but you probably understand that code far better than I do. For example, some indication of what workarounds you put in place could help me figure our what you're effectively working around.... Please mail me if you don't want to discuss this in the bug for some reason (or if you want to include largish chunks of code), ok?
Depends on: 267833
Philip explained the change they made -- they were messing with the DOM in the XBL constructor and reentering frame construction that way; they've put that on a timeout. So are people still seeing this with the Deer Park preview and the current flashblock?
Using Deel Park and the current Flashblock from update.mozilla.org, it still crashes. You can test it by browsing this site: http://www.sohu.com.cn I'm sorry the pages are in Chinese. (In reply to comment #19) > Philip explained the change they made -- they were messing with the DOM in the > XBL constructor and reentering frame construction that way; they've put that on > a timeout. > > So are people still seeing this with the Deer Park preview and the current > flashblock?
OK. Can someone possibly create a minimal testcase?
Attached file testcase
testcase crashes linux suite trunk build 2005060705 w/ flashblock installed <embed style='position:absolute;' src='bar.swf' type='application/x-shockwave-flash'></embed>
> and the current Flashblock from update.mozilla.org I just checked on this. update.mozilla.org has Flashblock 1.2.9. See comment 17. Note that I said "current flashblock", not "current flashblock from a site that's usually a few versions behind because the admins are overworked". ;) Andrew, is that the Flashblock version you were testing?
don't believe everything you read on the web! I had flashblock 1.3.0. I got it yesterday, although I don't remember where I got it. http://flashblock.mozdev.org/ says the most recent version is 1.3.1, released two months ago. I downloaded and installed that and the crash with the testcase and the URL went away. I still have the flashblock 1.3.0 xpi if you want it to test with.
I think Lorenzo had Flashblock 1.3.1 pulled from u.m.o. because EM installer bugs prevented 1.3.1 from installing cleanly over a previous version and people using Firefox's autoupdate feature could not see the warnings given on addons.u.m.o or on our website. Please follow the instructions on <http://flashblock.mozdev.org/uninstall.html> to do a complete uninstall. *THEN* install 1.3.1 from our installation webpage <http://flashblock.mozdev.org/installation.html>
No need to test with 1.3.0 right now; we know what the problem there was... Might be worth testing with it once bug 267833 is fixed, though.
A lot of work/discussion here, so didn't want to mark this a dup yet... but is this indeed related or a dup of bug 194952? The stacks look the same.
Keywords: topcrash
I'm sorry! With Deer Park and Flashblock 1.3.1, I can browse the testcase and www.sohu.com without crash. Thanks a lot! (In reply to comment #23) > > and the current Flashblock from update.mozilla.org > > I just checked on this. update.mozilla.org has Flashblock 1.2.9. See comment > 17. Note that I said "current flashblock", not "current flashblock from a site > that's usually a few versions behind because the admins are overworked". ;) > > Andrew, is that the Flashblock version you were testing?
It's possibly related (note that the same bug is blocking both). It's not a dup.
*** Bug 297244 has been marked as a duplicate of this bug. ***
This is a topcrasher for 1.0.4 and could possible be worse for 1.0.5 based on the latest Talkback data. Boris, can you take look at this again and see if you can help or reassign to someone that can? Times short for 1.0.5, but we can take a simple fix if we get one soon.
Assignee: nobody → bzbarsky
Flags: blocking-aviary1.0.5+
Disregard my last comment, there are a number of crashes being reported under this stack signature and we still need to investigate further to differentiate them and figure out which ones are critical. Clearing the blocking flag.
Flags: blocking-aviary1.0.5+
I doubt there is any reasonable fix for this bug short of fixing bug 267833. I have no idea about other crashes with similar stack signatures; I suggest filing one bug per instance and creating minimal testcases to see what's going on with those.
Assignee: bzbarsky → nobody
*** Bug 308978 has been marked as a duplicate of this bug. ***
Can people test whether this bug is fixed, now that bug 267833 is fixed?
Flags: in-testsuite?
(In reply to comment #35) > Can people test whether this bug is fixed, now that bug 267833 is fixed? Martijn, I don't believe there's anything left to test - WFM per reporter comment 28 2005-06-08, long before amything from bug 267833 checked in. Crash also doesn't appear in my spot check of talkback. closing accordingly.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago17 years ago
No longer depends on: 267833
Keywords: topcrash
Resolution: --- → WORKSFORME
Summary: Crash when viewing web page [@ GetNearestContainingBlock() ] → Crash when viewing web page [@ GetNearestContainingBlock()] up to Deer Park and Flashblock 1.3.1
Crash Signature: [@ GetNearestContainingBlock()]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: