Closed
Bug 317179
Opened 19 years ago
Closed 19 years ago
Crash with evil testcase using object, embed display:table-header-group [@ nsIFrame::GetStyleData]
Categories
(Core :: Layout, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: martijn.martijn, Unassigned)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(5 files)
See upcoming testcase, which crashes for me in current trunk build. It doesn't crash with 2005-09-21 build, but it crashes with 2005-09-22 build, so my guess is a fall-out from bug 1156. Talkback ID: TB12061074W
Reporter | ||
Comment 1•19 years ago
|
||
You need to have js enabled to get the crash.
Comment 2•19 years ago
|
||
hm... doesn't crash here, linux seamonkey, checkout finish: Fr Nov 18 17:55:50 CET 2005 I get these warnings: frame: Table(button)(3) (0x966c4a8) style: 0x9670fb8 :-moz-table {} Wrong parent style context: style: 0x9670d88 :-moz-table-outer {} should be using: style: 0x9670c90 :-moz-button-content {} frame: TableOuter(button)(3) (0x9670f6c) style: 0x9670d88 :-moz-table-outer {} Wrong parent style context: style: 0x9670c90 :-moz-button-content {} should be using: style: 0x9670fb8 :-moz-table {} frame: Table(button)(3) (0x966c4a8) style: 0x9670fb8 :-moz-table {} Wrong parent style context: style: 0x9670d88 :-moz-table-outer {} should be using: style: 0x9670c90 :-moz-button-content {} WARNING: this reflow doesn't do anything, file ../../../../mozilla/layout/tables/nsTableFrame.cpp, line 1934 WARNING: this reflow doesn't do anything, file ../../../../mozilla/layout/tables/nsTableFrame.cpp, line 1934 frame: Table(button)(3) (0x966c4a8) style: 0x966d0b8 :-moz-table {} Wrong parent style context: style: 0x9670d88 :-moz-table-outer {} should be using: style: 0x9670c90 :-moz-button-content {} frame: TableOuter(button)(3) (0x9670f6c) style: 0x9670d88 :-moz-table-outer {} Wrong parent style context: style: 0x9670c90 :-moz-button-content {} should be using: style: 0x966d0b8 :-moz-table {} frame: Table(button)(3) (0x966c4a8) style: 0x966d0b8 :-moz-table {} Wrong parent style context: style: 0x9670d88 :-moz-table-outer {} should be using: style: 0x9670c90 :-moz-button-content {} Document https://bugzilla.mozilla.org/attachment.cgi?id=203713 loaded successfully WARNING: this reflow doesn't do anything, file ../../../../mozilla/layout/tables/nsTableFrame.cpp, line 1934 WARNING: this reflow doesn't do anything, file ../../../../mozilla/layout/tables/nsTableFrame.cpp, line 1934
Reporter | ||
Comment 3•19 years ago
|
||
This is a backtrace from my debug build of the crash. It contains a backtrace of the assertion: ###!!! ASSERTION: Not enough frames to push: 'nsFrameList(aFrame).GetLength() >= pushCount', file c:/mozilla/mozilla/layout/generic/nsBlockFrame.cpp, line 4306 Break: at file c:/mozilla/mozilla/layout/generic/nsBlockFrame.cpp, line 4306 And the sigsegv: Program received signal SIGSEGV, Segmentation fault. 0x059ab03a in nsIFrame::GetStyleData(nsStyleStructID) const (this=0x0, aSID=eStyleStruct_Display) at c:/mozilla/mozilla/layout/generic/nsIFrame.h:607 607 NS_ASSERTION(mStyleContext, "No style context found!");
Reporter | ||
Comment 4•19 years ago
|
||
Maybe I minimised the previous testcase too much, by removing too much of the text at the beginning.
Comment 5•19 years ago
|
||
odd, that doesn't crash for me either...
Comment 6•19 years ago
|
||
Hmm.... That crashes for me (seamonkey build). biesi, are you testing in a build with any of your followup patches in it?
Comment 7•19 years ago
|
||
oh yeah... this has all my objectframe changes in it, for example.
Comment 8•19 years ago
|
||
I suggest adding some dependencies, then; chances are, one of your changes fixes this. ;)
Comment 9•19 years ago
|
||
ok then :) dunno which of those fixes it, or if neither does and it's another one...
Comment 10•19 years ago
|
||
the frame style warnings are https://bugzilla.mozilla.org/show_bug.cgi?id=51767#c4 they will be fixed as part of bug 316026
Comment 11•19 years ago
|
||
Updated•19 years ago
|
Summary: Crash with evil testcase using object, embed display:table-header-group → Crash with evil testcase using object, embed display:table-header-group [@ nsIFrame::GetStyleData]
Comment 12•19 years ago
|
||
Comment 13•19 years ago
|
||
So is this still a problem now that bug 309525 is fixed?
None of the three testcases posted here crash for me with today's 2005-12-22-10 trunk build of SeaMonkey on Windows XP.
Reporter | ||
Comment 15•19 years ago
|
||
Yes, doesn't crash for me either anymore. Probably fixed by bug 309525.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Verified. See comment 14 and comment 15.
Status: RESOLVED → VERIFIED
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ nsIFrame::GetStyleData]
You need to log in
before you can comment on or make changes to this bug.
Description
•