Last Comment Bug 322185 - Crash [@ nsBox::DoesNeedRecalc] with <svg:g style="display: -moz-grid-line; overflow: hidden;">
: Crash [@ nsBox::DoesNeedRecalc] with <svg:g style="display: -moz-grid-line; o...
Status: RESOLVED FIXED
[rft-dl]
: crash, testcase, verified1.8.0.2, verified1.8.1
Product: Core
Classification: Components
Component: SVG (show other bugs)
: Trunk
: PowerPC Mac OS X
: -- critical (vote)
: ---
Assigned To: Bernd
: Hixie (not reading bugmail)
Mentors:
: 316604 317522 (view as bug list)
Depends on:
Blocks: randomstyles
  Show dependency treegraph
 
Reported: 2006-01-03 00:29 PST by Jesse Ruderman
Modified: 2007-12-13 00:02 PST (History)
9 users (show)
bzbarsky: blocking1.8.1+
dveditz: blocking1.8.0.2+
jruderman: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
testcase - crashes Firefox (157 bytes, image/svg+xml)
2006-01-03 00:30 PST, Jesse Ruderman
no flags Details
patch (1.51 KB, patch)
2006-01-03 10:25 PST, Bernd
no flags Details | Diff | Splinter Review
patch (1.40 KB, patch)
2006-01-03 10:29 PST, Bernd
no flags Details | Diff | Splinter Review
alternative patch (1.04 KB, patch)
2006-01-04 10:49 PST, Bernd
no flags Details | Diff | Splinter Review
rev. patch (1.06 KB, patch)
2006-01-06 10:30 PST, Bernd
bzbarsky: review+
bzbarsky: superreview+
bzbarsky: approval‑branch‑1.8.1+
dveditz: approval1.8.0.2+
Details | Diff | Splinter Review

Description Jesse Ruderman 2006-01-03 00:29:58 PST
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20060102 Firefox/1.6a1

To crash, just load the testcase.

Stack trace:

nsBox::DoesNeedRecalc(nsSize const&) + 0
nsFrame::GetPrefSize(nsBoxLayoutState&, nsSize&) + 48
nsSprocketLayout::GetPrefSize(nsIFrame*, nsBoxLayoutState&, nsSize&) + 268
nsGridRowLeafLayout::GetPrefSize(nsIFrame*, nsBoxLayoutState&, nsSize&) + 116
nsBoxFrame::GetPrefSize(nsBoxLayoutState&, nsSize&) + 200
nsXULScrollFrame::GetPrefSize(nsBoxLayoutState&, nsSize&) + 240
nsBoxFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 204
nsXULScrollFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 56
nsSVGOuterSVGFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 256
nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned, unsigned&) + 148
CanvasFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 356
nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned, unsigned&) + 148
nsHTMLScrollFrame::ReflowScrolledFrame(ScrollReflowState const&, int, int, nsHTMLReflowMetrics*, int) + 500
nsHTMLScrollFrame::ReflowContents(ScrollReflowState*, nsHTMLReflowMetrics const&) + 160
nsHTMLScrollFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 848
nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned, unsigned&) + 148
ViewportFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 300
IncrementalReflow::Dispatch(nsPresContext*, nsHTMLReflowMetrics&, nsSize const&, nsIRenderingContext&) + 280
PresShell::ProcessReflowCommands(int) + 524
PresShell::WillPaint() + 88
nsViewManager::FlushPendingInvalidates() + 164
nsViewManager::EnableRefresh(unsigned) + 156
nsViewManager::EndUpdateViewBatch(unsigned) + 132
PresShell::InitialReflow(int, int) + 748
nsContentSink::StartLayout(int) + 208
nsXMLContentSink::StartLayout() + 144
nsXMLContentSink::DidBuildModel() + 456
nsExpatDriver::DidBuildModel(unsigned, int, nsIParser*, nsIContentSink*) + 56
nsParser::DidBuildModel(unsigned) + 120
nsParser::ResumeParse(int, int, int) + 592
nsParser::OnStopRequest(nsIRequest*, nsISupports*, unsigned) + 192
nsDocumentOpenInfo::OnStopRequest(nsIRequest*, nsISupports*, unsigned) + 124
nsBaseChannel::OnStopRequest(nsIRequest*, nsISupports*, unsigned) + 92
nsInputStreamPump::OnStateStop() + 160
nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) + 128
nsAStreamCopier::PostContinuationEvent_Locked() + 1240
PL_HandleEvent + 36
PL_ProcessPendingEvents + 128
...
Comment 1 Jesse Ruderman 2006-01-03 00:30:47 PST
Created attachment 207407 [details]
testcase - crashes Firefox
Comment 2 Bernd 2006-01-03 10:25:21 PST
Created attachment 207426 [details] [diff] [review]
patch

The problem here is that xul creates frames based on display type regardless whether they are special content or not. This patch assumes that we want to keep it, otherwise we need to change

// Display types for XUL start here
    // First is BOX
    if (!newFrame && isXULDisplay) {
it to look up IsSpecialContent.
Comment 3 Bernd 2006-01-03 10:29:16 PST
Created attachment 207428 [details] [diff] [review]
patch
Comment 4 Boris Zbarsky [:bz] 2006-01-03 18:12:28 PST
Hmmm...  I guess this is OK for now pending us having a saner frame construction arch.  :(
Comment 5 Bernd 2006-01-04 10:49:59 PST
Created attachment 207521 [details] [diff] [review]
alternative patch

alternative patch,

does slicing CreateXULFrame into three pieces
one for tag based frame creation
the second one the display based frame moving to createframesbydisplay type
the third, cleanup after frame creation called by both of them count as a sane architecture or do you have something other in mind.
The rearch is(should be) equivalent to the one liner attached as a patch.
Comment 6 Boris Zbarsky [:bz] 2006-01-04 16:53:52 PST
I think I prefer the alternative patch, if there's not too much perf impact.  And the rearch I want to do would be a lot more drastic than just slicing up CreateXULFrame.  ;)
Comment 7 Bernd 2006-01-06 10:30:45 PST
Created attachment 207737 [details] [diff] [review]
rev. patch

I hope this miminimizes the performance issue
Comment 8 Boris Zbarsky [:bz] 2006-01-06 14:57:44 PST
Comment on attachment 207737 [details] [diff] [review]
rev. patch

Hmm....  r+sr=bzbarsky; let's see how this goes.
Comment 9 Bernd 2006-01-07 12:55:31 PST
fixed on trunk, I did not see a tp txul or ts change due to the bug.

Martijn this patch touches  bugs where xul display types are assigned to mathml or svg tags it will get ignored now ;-)
Comment 10 Martijn Wargers [:mwargers] (not working for Mozilla) 2006-01-07 13:06:25 PST
You're spoiling the fun ;-)
Will this patch also fix bug 314244?
Comment 11 Bernd 2006-01-07 13:24:09 PST
yes that seems to be now wfm and even bug 322656 - wfm, I had my fun today ;-)
Comment 12 Jesse Ruderman 2006-01-07 17:58:04 PST
*** Bug 317522 has been marked as a duplicate of this bug. ***
Comment 13 Jesse Ruderman 2006-01-07 18:26:15 PST
*** Bug 316604 has been marked as a duplicate of this bug. ***
Comment 14 Bernd 2006-01-13 00:04:35 PST
Comment on attachment 207737 [details] [diff] [review]
rev. patch

Giving the number of bugs which block bug  	306939 that got fixed/or wfm'ed by this it might go with some more baking on branch.
Comment 15 Daniel Veditz [:dveditz] 2006-02-22 00:27:41 PST
Comment on attachment 207737 [details] [diff] [review]
rev. patch

approved for 1.8.0 branch, a=dveditz
Comment 16 Boris Zbarsky [:bz] 2006-02-23 12:45:08 PST
Bernd, you're going to land this on the 1.8.1 branch, right?
Comment 17 Bernd 2006-02-23 21:52:13 PST
yep, saturday is checkin day, only emergency checkins on weekdays
Comment 18 Bernd 2006-02-24 22:36:29 PST
fixed on 1.8.1
Comment 19 Marcia Knous [:marcia - use ni] 2006-03-02 14:47:31 PST
verified on the 1.8.0 branch using Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.1) Gecko/20060302 Firefox/1.5.0.1. No testcase crash, adding keyword.
Comment 20 Marcia Knous [:marcia - use ni] 2006-08-10 12:32:32 PDT
verified on the 1.8.1 branch using Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1b1) Gecko/20060810 BonEcho/2.0b1. The testcase cited in the bug (https://bugzilla.mozilla.org/attachment.cgi?id=207407) does not crash. Adding keyword.
Comment 21 Jesse Ruderman 2007-12-13 00:02:49 PST
Crashtest checked in.

Note You need to log in before you can comment on or make changes to this bug.