Closed
Bug 288467
Opened 20 years ago
Closed 19 years ago
Crash [@ nsTextFrame::MeasureText] with evil testcase (bidi and dynamic -moz-column-count)
Categories
(Core :: Layout: Form Controls, defect)
Core
Layout: Form Controls
Tracking
()
VERIFIED
FIXED
People
(Reporter: martijn.martijn, Assigned: mkaply)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(4 files)
This could well be a duplicate of bug 264937 (same backtrace), but just to be sure. When clicking two times on the button in the testcase, Mozilla crashes. Talkback ID: TB4735825M
|
Reporter | |
Comment 1•20 years ago
|
||
|
|
Reporter | |
Updated•20 years ago
|
Severity: normal → critical
|
||
Comment 2•20 years ago
|
||
Crash also on GNU/Linux with Moz1.8b1 : TB4881447Z
|
||
Comment 4•19 years ago
|
||
Actually, I don't think this has much to do with 264937, although the eventual crash happens to be in the same place. Notice that the problem here starts with the first click on the button: there is duplicated and overlapping text everywhere.
No longer depends on: 264937
Summary: Crash [@ nsTextFrame::MeasureText] with evil testcase when clicking 2 times on button → Crash [@ nsTextFrame::MeasureText] with evil testcase (bidi and dynamic -moz-column-count)
|
|
||
Comment 5•19 years ago
|
||
This testcase doesn't crash, but shows duplicated content. Notice there is no JS here, and the only thing bidi is the hebrew letter above the divs. This might not be the only issue involved in the original testcase, but it looks like a good place to start.
|
||
Comment 6•19 years ago
|
||
mmmm.... columns. What does the frame dump for that last testcase look like? Attach it to this bug?
|
|
||
Comment 7•19 years ago
|
||
This is a frame dump of attachment 215892 [details].
What I actually see on the screen is:
one two one two
three four one two
one two three four
one two five
I noticed that although this is what I always get in my latest-trunk Firefox, in my debug SeaMonkey build I originally get:
one two one two
three four three four
and only after resizing the window I get what I see in Fx.
The attached frame dump is from after resizing, i.e. it corresponds to the four-row display above.|
|
||
Comment 8•19 years ago
|
||
This is a frame dump from my debug SeaMonkey, before resizing (when I only see two lines). Notice the Overflow-lists.
|
|
||
Comment 9•19 years ago
|
||
So I suspect this is a columns bug....
Component: Layout: BiDi Hebrew & Arabic → Layout: Form Controls
|
|
||
Comment 10•19 years ago
|
||
(In reply to comment #9) > So I suspect this is a columns bug.... > ... but it only happens in "bidi mode", so I suspect some bidi code is also involved.
|
||
Comment 11•19 years ago
|
||
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060519 Minefield/3.0a1 WFM. No crash, just lots of assertions.
|
|
Reporter | |
Comment 12•19 years ago
|
||
Yeah, no crash anymore. Crashes in 2006-02-21 build, doesn't crash in 2006-02-22 build, so fixed by bug 299065. It might be useful to file a bug on the assertions (if there isn't a bug on it, already).
|
|
Reporter | |
Comment 13•19 years ago
|
||
I filed bug 339081 on some change in behavior I see, which changed recently.
Verified FIXED (for the crash only) with build 2006-05-29-09 of SeaMonkey trunk on Windows XP.
Status: RESOLVED → VERIFIED
|
||
Updated•13 years ago
|
Crash Signature: [@ nsTextFrame::MeasureText]
You need to log in
before you can comment on or make changes to this bug.
Description
•