Closed
Bug 310589
Opened 19 years ago
Closed 19 years ago
Clicking off of the lower-right edge of a zoomed image can cause a crash [@FindBlockFrameOrBR()] [@ nsIFrame::GetExtremeCaretPosition()]
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: moz, Assigned: uriber)
References
()
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(4 files)
|
5.72 KB,
text/plain
|
Details | |
|
1.25 KB,
text/html
|
Details | |
|
888 bytes,
text/html
|
Details | |
|
1.45 KB,
patch
|
roc
:
review+
roc
:
superreview+
|
Details | Diff | Splinter Review |
Go to the above URL, and click a screenshot thumbnail. The window should be slightly too small (see bug 160627 for that). Now click repeatedly in the lower-left corner of the viewing area. Eventually, the image will move too far up and left and Camino/Firefox will crash. Tested in the most recent Camino and Firefox trunk builds on Mac OS X, but assuming it affects everything (please change the platform/OS if I'm wrong).
|
||
Comment 2•19 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050930 Firefox/1.6a1 ID:2005093004 WFM.
|
||
Comment 4•19 years ago
|
||
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.9a1) Gecko/20050930 SeaMonkey/1.1a Seamonkey: TB9908253Z, Firefox Incident ID: 9899969, Camino Incident ID: 9901362 8 Talkbacks Windows & MacOSX: [@FindBlockFrameOrBR()] http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=stacksig&match=contains&searchfor=FindBlockFrameOrBR&vendor=All&product=All&platform=All&buildid=&sdate=&stime=&edate=&etime=&sortby=build FindBlockFrameOrBR() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/layout/generic/nsFrame.cpp, line 3470] FindBlockFrameOrBR() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/layout/generic/nsFrame.cpp, line 3466] FindBlockFrameOrBR() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/layout/generic/nsFrame.cpp, line 3498] nsFrame::PeekOffsetParagraph() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/layout/generic/nsFrame.cpp, line 3554] nsFrame::PeekOffset() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/layout/generic/nsFrame.cpp, line 3856] nsFrame::PeekBackwardAndForward() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/layout/generic/nsFrame.cpp, line 1672] nsFrame::HandleMultiplePress() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/layout/generic/nsFrame.cpp, line 1619] nsFrame::HandlePress() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/layout/generic/nsFrame.cpp, line 1368] nsFrame::HandleEvent() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/layout/generic/nsFrame.cpp, line 997] PresShell::HandleEventInternal() PresShell::HandleEvent() nsViewManager::HandleEvent() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/view/src/nsViewManager.cpp, line 61] nsViewManager::DispatchEvent() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/view/src/nsViewManager.cpp, line 48] HandleEvent() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/view/src/nsView.cpp, line 175] nsWindow::DispatchEvent() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/widget/src/mac/nsWindow.cpp, line 1809] nsWindow::DispatchWindowEvent() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/widget/src/mac/nsWindow.cpp, line 1825] nsWindow::DispatchMouseEvent() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/widget/src/mac/nsWindow.cpp, line 1851] nsMacEventHandler::HandleMouseDownEvent() nsMacEventHandler::HandleOSEvent() nsMacWindow::DispatchEvent() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/widget/src/mac/nsMacWindow.cpp, line 1679] nsMacMessagePump::DispatchOSEventToRaptor() nsMacMessagePump::DoMouseDown() nsMacMessagePump::DispatchEvent() nsMacMessagePump::DoMessagePump() nsAppShell::Run() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/widget/src/mac/nsAppShell.cpp, line 108] nsAppStartup::Run() XRE_main() [/builds/tinderbox/Fx-Trunk/Darwin_7.9.0_Depend/mozilla/toolkit/xre/nsAppRunner.cpp, line 2311] _start() start()
Summary: Clicking off of the lower-right edge of a zoomed image can cause a crash [@ nsIFrame::GetExtremeCaretPosition()] → Clicking off of the lower-right edge of a zoomed image can cause a crash [@FindBlockFrameOrBR()] [@ nsIFrame::GetExtremeCaretPosition()]
|
|
||
Comment 5•19 years ago
|
||
Steps to repeat: 1. at first click on image a new window should be opened, with reduced image size. 2. Click on the image in the new window, it gets enlarged. 3. Click again, and it gets reduced, but the lower edge doesn't get repainted. Repeat steps 2 and 3 until crash. Start clicking in the not repainted area, and go a bit up clicking. Crash seems to hapen if you click at the border or just below of the reduced image, can't tell exactly.
|
|
||
Comment 6•19 years ago
|
||
Incident ID: 9909381 is from a crash with the testcase loaded from disk. After upload I couldn't succeed triggering the bug. So maybe testcase must be downloaded, or test must be done on the original URL.
Keywords: testcase
|
|
||
Comment 7•19 years ago
|
||
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.9a1) Gecko/20050919 SeaMonkey/1.1a TB9910979Q wfm Build ID: 2005091805 crash Build ID: 2005091906 Bug 306895 Triple click should select lines, not paragraphs, in "white-space: -moz-pre-wrap;" Checked in by Olli.Pettay%helsinki.fi (smaug) at 2005-09-18 05:41
Depends on: 306895
Keywords: regression
|
|
||
Comment 8•19 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20050930 Firefox/1.4.1 ID:2005093021 Could not trigger a crash, neither in branch nor in trunk. New profile, clicked on the left and right lower corner 20 times in each picture.. :) Maybe hardware related?
|
||
Comment 10•19 years ago
|
||
Testcase1 isn't working for me (doesn't open new window). This is a testcase where no image is used to trigger the crash. Follow the steps in the testcase to trigger the crash. The appearance of a black box at the bottom after resizing was filed as bug 298156.
|
Assignee | |
Updated•19 years ago
|
|
||
Updated•19 years ago
|
Assignee: nobody → uriber
Status: ASSIGNED → NEW
|
|
||
Updated•19 years ago
|
Flags: blocking1.9a1?
|
|
Assignee | |
Comment 11•19 years ago
|
||
Eventually I'll figure out this "taking" thing. I'll fix this sometime this week.
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 12•19 years ago
|
||
Getting into the root content element from the outside is not something that should really happen, but in this case it does.
Attachment #198443 -
Flags: superreview?(roc)
Attachment #198443 -
Flags: review?(roc)
Why does it happen, do you know?
|
|
Assignee | |
Comment 14•19 years ago
|
||
Bug 298156. Apparantly in this case when the window grows the HTML frame doesn't grow with it. I don't really know/understand the details of why this happens.
Attachment #198443 -
Flags: superreview?(roc)
Attachment #198443 -
Flags: superreview+
Attachment #198443 -
Flags: review?(roc)
Attachment #198443 -
Flags: review+
|
|
Assignee | |
Comment 15•19 years ago
|
||
Patch checked in: Checking in layout/generic/nsFrame.cpp; /cvsroot/mozilla/layout/generic/nsFrame.cpp,v <-- nsFrame.cpp new revision: 3.608; previous revision: 3.607
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Flags: blocking1.9a1?
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9alpha
|
||
Updated•13 years ago
|
Crash Signature: [@FindBlockFrameOrBR()]
[@ nsIFrame::GetExtremeCaretPosition()]
You need to log in
before you can comment on or make changes to this bug.
Description
•