Closed
Bug 308752
Opened 20 years ago
Closed 20 years ago
table crash [@ BCMapCellIterator::SetInfo] [@ nsTableFrame::GetEffectiveColSpan]
Categories
(Core :: Layout: Tables, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Assigned: bernd_mozilla)
References
Details
(Keywords: crash, verified1.8, Whiteboard: [sg:fix])
Crash Data
Attachments
(4 files, 1 obsolete file)
|
632 bytes,
text/plain
|
Details | |
|
20 years ago
1.09 KB,
text/html
|
Details | |
|
734 bytes,
text/html
|
Details | |
|
1.06 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
asa
:
approval1.8b5+
|
Details | Diff | Splinter Review |
|
Reporter | |
Updated•20 years ago
|
Whiteboard: [sg:fix]
|
||
Comment 2•20 years ago
|
||
taking,
Can I add Martin Wargers to security related bugs, he is a testcase createur
extraordinaire
Assignee: nobody → bernd_mozilla
|
|
Reporter | |
Comment 3•20 years ago
|
||
Yes.
|
||
Comment 4•20 years ago
|
||
I managed to reduce it a bit further, but it is still not minimal.
When you get a slow script warning, just continue.
After the page has finished consuming all cpu, click once in the page to get
the crash.
The style table { border-collapse: collapse; } seems also necessary to
trigger the crash.
|
|
||
Comment 5•20 years ago
|
||
This is how the dom source looks like of the parentNode of allNodes[60] just
before the crash. allNodes[60] is the second td.
I see the crash with attachment 196333 [details] as described in comment 4
|
|
Reporter | |
Updated•20 years ago
|
Flags: blocking1.8b5?
I tried today to get this testcase down to something reasonable, but failed. Is
there any known way how to rewind these random things into something usefull?
With the attached testcase its impossible for me to debug this.
|
||
Updated•20 years ago
|
Flags: blocking1.8b5? → blocking1.8b5+
|
Assignee | |
Comment 10•20 years ago
|
||
Martijn, that testcase is great, its reasonable small, crashes and is debugable.
|
|
Assignee | |
Comment 11•20 years ago
|
||
|
|
Assignee | |
Comment 12•20 years ago
|
||
|
|
Reporter | |
Comment 13•20 years ago
|
||
Bernd, is this patch ready for review?
|
|
Assignee | |
Comment 14•20 years ago
|
||
I need to rtest the patch and to add some comments at least to the bug or better
to the source to get this into a shape where I can ask Boris to review this.
|
|
Assignee | |
Comment 15•20 years ago
|
||
The problem here is that rebuild cellmap relied on Appendcells to increase the
mRowCount. This fails if an empty row is in the table, as AppendCells will not
be called in this case. Only when the rows are to be added or to be removed we
know for certain that they are real and not dead rows so putting the burden
here at AppendCells is wrong.
Attachment #196926 -
Attachment is obsolete: true
Attachment #197277 -
Flags: superreview?(bzbarsky)
Attachment #197277 -
Flags: review?(bzbarsky)
|
||
Updated•20 years ago
|
Attachment #197277 -
Flags: superreview?(bzbarsky)
Attachment #197277 -
Flags: superreview+
Attachment #197277 -
Flags: review?(bzbarsky)
Attachment #197277 -
Flags: review+
|
|
Assignee | |
Comment 16•20 years ago
|
||
fix checked in
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
||
Comment 17•20 years ago
|
||
Comment on attachment 197277 [details] [diff] [review]
patch
Did this land on trunk or branch?
Attachment #197277 -
Flags: approval1.8b5?
|
|
||
Comment 18•20 years ago
|
||
This has so far landed on trunk but not branch.
|
||
Updated•20 years ago
|
Attachment #197277 -
Flags: approval1.8b5? → approval1.8b5+
|
|
Assignee | |
Comment 19•20 years ago
|
||
I am not sure that I will be able to checkin before friday, if this is urgent
then please check it in before.
|
||
Comment 21•20 years ago
|
||
Using Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b5)
Gecko/20050928 Firefox/1.4, I still crash using the first test case, as well as
the fourth test case. Reopening. Talkback ID is TB9840133M for the first
testcase. Running OSX 10.4.2.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 22•20 years ago
|
||
resolving fixed again - I will test tomorrow. Misread the checkin date. sorry.
Status: REOPENED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → FIXED
|
|
||
Comment 23•20 years ago
|
||
Looks good using Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
rv:1.8b5) Gecko/20050929 Firefox/1.4. No crashes with any of the test cases. If
I run the first test case, Firefox does throw up an alert "Unresponsive script."
Is this expected?
|
|
||
Updated•20 years ago
|
Keywords: fixed1.8 → verified1.8
|
||
Updated•20 years ago
|
Flags: testcase+
|
||
Updated•18 years ago
|
Group: security
Summary: StirDOM/table crash [@ BCMapCellIterator::SetInfo] [@ nsTableFrame::GetEffectiveColSpan] → table crash [@ BCMapCellIterator::SetInfo] [@ nsTableFrame::GetEffectiveColSpan]
|
|
||
Updated•18 years ago
|
Flags: in-testsuite+ → in-testsuite?
|
|
||
Comment 25•16 years ago
|
||
crash test landed
http://hg.mozilla.org/mozilla-central/rev/6336a2d9d0d9
Flags: in-testsuite? → in-testsuite+
|
||
Updated•14 years ago
|
Crash Signature: [@ BCMapCellIterator::SetInfo]
[@ nsTableFrame::GetEffectiveColSpan]
You need to log in
before you can comment on or make changes to this bug.
Comment 1
•