Closed Bug 295292 Opened 20 years ago Closed 20 years ago

[FIXr]crash when using fixed positioning, with no data rendered inside element[@nsFrame::BoxReflow ]

Categories

(Core :: Layout, defect, P1)

Product:
Core
Component:
Layout
Platform:
x86
All
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.8beta2

People

(Reporter: tonglebeak, Assigned: bzbarsky)

References

Details

(4 keywords)

Crash Data

Attachments

(6 files)

testcase with empty div
228 bytes, text/html
Details
stacktrace
6.25 KB, text/plain
Details
testcase using same div, but with innerhtml
259 bytes, text/html
Details
Testcase3
232 bytes, text/html
Details
Proposed patch
4.85 KB, patch
roc
: review+
roc
: superreview+
chofmann
: approval1.8b2+
Details | Diff | Splinter Review
related
254 bytes, text/html
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050523 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050523 Firefox/1.0+

When having a div using fixed positioning, and no data in the innerhtml, with
overflow:hidden, firefox will hang/crash. Testcase will show it.

Reproducible: Always
Testcase showing crash using fixed positioning with empty div.
Attached file stacktrace 

    
    

    
  
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b2) Gecko/20050515 Firefox/1.0+

Does not crash, but eats 100% CPU and works very slow.

    
    

    
  
I also hit two assertions with a debug build before it crashes.  a non-debug
doesn't actually crash for me, but loading the testcase never actually refreshes
the window and Mozilla uses a lot of CPU:

###!!! ASSERTION: Could not load scrollbars.css.:
'gStyleCache->mScrollbarsSheet', file
/build/andrew/moz-debug/mozilla/layout/style/nsLayoutStylesheetCache.cpp, line 88
###!!! ASSERTION: A box layout method was called but InitBoxMetrics was never
called: 'metrics', file
/build/andrew/moz-debug/mozilla/layout/generic/nsFrame.cpp, line 5644

This looks like the same problem as in bug 292549, although that bug worksforme.
 Like that bug, the appears to have regressed from bug 240276
Status: UNCONFIRMED → NEW
Component: Layout: Tables → Layout
Depends on: 240276
Ever confirmed: true
Flags: blocking1.8b3?
Keywords: crash, 
          
            regression, 
          
            testcase, 
          
            topcrash
OS: Windows XP → All
QA Contact: layout.tables → layout

    
    

    
  


  
Notice how that this is the exact same thing as the first testcase, except
there's data inside the div this time and there's no crash/hang.

    
  
Flags: blocking-aviary1.1?

    
    

    
  

      
      
      
      

        Attached file
          
        Testcase3
      

    


  
This came from
http://forums.mozillazine.org/viewtopic.php?t=270929&postdays=0&postorder=asc&postsperpage=15&start=75#1493494

I think it is similar to this bug (same regression range), so attaching here.

    
  
Summary: crash when using fixed positioning, with no data inside element → crash when using fixed positioning, with no data inside element [@nsFrame::BoxReflow ]

    
    

    
  
I personally think this should be fixed before deer park is shipped.
Flags: blocking1.8b2?

    
    

    
  
1 more thing to add:

Even if you're able to successfully navigate out of the page that causes the
hang, the problem still persists and does not stop, no matter what, so in the
end, you have to end up ctrl+alt+deleting it, regardless of what you try to do
to get out of it (at least, from my experience).

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Proposed patchSplinter Review
      

    


  
Should be pretty clear what's up -- we were reflowing everything again because
the size of our overflow-enabled fixed-pos guy had changed and we thought the
size of the main scrollframe had changed.  Then we got into a nice loop-like
situation.

    
  

        Attachment #184708 -
        Flags: superreview?(rocallahan)

        Attachment #184708 -
        Flags: review?(rocallahan)

    
  
Assignee: nobody → bzbarsky
Priority: -- → P1
Summary: crash when using fixed positioning, with no data inside element [@nsFrame::BoxReflow ] → [FIX]crash when using fixed positioning, with no data inside element [@nsFrame::BoxReflow ]
Target Milestone: --- → mozilla1.8beta3

    
    

    
  

      
      
      
      

        Attached file
          
        related
      

    


  
I posted a similar bug in Mozillazine fourms a couple days ago.  I was told it
likely was the same or related to this bug.  It appears to have a similar
regression range.  If its not related then feel free to open a new bug.  I
don't know if Boris' patch has any effect on my bug.

This has affected Firefox trunk builds for a good while. It does not affect
1.0.  I don't try nightly builds that often, but the problem has been around at
least all month.  Its a bit of odd CSS that causes Firefox to take up >90% cpu
and it can never display the page.  It just keeps trying.

The problem seems to be with the combination of width:0, overflow:hidden, and
position:fixed. Remove or change any one of those lines and the page has no
problem rendering.  Mine does have text in the div.

If you get to see "page loaded" text then it worked fine.  With FF 1.0+ I never
see that and the entire UI becomes extremely sluggish.

    
    

    
  
Changing title due to Joseph's reply.

For my problem, it was no data inside the div, which means basically there was
nothing to render in the div. With joseph, a width of 0, there's basically once
again nothing to render in the div if the width is 0, correct? If I'm mistaken,
then I'm sorry for changing the title.
Summary: [FIX]crash when using fixed positioning, with no data inside element [@nsFrame::BoxReflow ] → [FIX]crash when using fixed positioning, with no data rendered inside element[@nsFrame::BoxReflow ]

        Attachment #184708 -
        Flags: superreview?(rocallahan)

        Attachment #184708 -
        Flags: superreview+

        Attachment #184708 -
        Flags: review?(rocallahan)

        Attachment #184708 -
        Flags: review+

    
    

    
  
Comment on attachment 184708 [details] [diff] [review]
Proposed patch

requesting approval for safe crash fix.

        Attachment #184708 -
        Flags: approval1.8b3?

    
  
Summary: [FIX]crash when using fixed positioning, with no data rendered inside element[@nsFrame::BoxReflow ] → [FIXr]crash when using fixed positioning, with no data rendered inside element[@nsFrame::BoxReflow ]

    
    

    
  
Comment on attachment 184708 [details] [diff] [review]
Proposed patch

a=chofmann for b2

        Attachment #184708 -
        Flags: approval1.8b2+

    
  
Flags: blocking1.8b3?
Flags: blocking1.8b2?
Flags: blocking1.8b2+

    
    

    
  
Fixed.
Status: NEW → RESOLVED
Closed: 20 years ago
Flags: blocking1.8b2+ → blocking1.8b2?
Resolution: --- → FIXED
Target Milestone: mozilla1.8beta3 → mozilla1.8beta2

    
  

        Attachment #184708 -
        Flags: approval1.8b3?

    
  
Flags: blocking1.8b2?
Flags: blocking-aviary1.1?

    
    

    
  
layout/generic/crashtests/295292-1.html
http://hg.mozilla.org/mozilla-central/rev/b0337b6287f3
Flags: in-testsuite+

    
    

    
  
layout/generic/crashtests/295292-2.html
Crash Signature: [@nsFrame::BoxReflow ]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: