Closed
Bug 326998
Opened 19 years ago
Closed 19 years ago
[FIX]Crash [@ nsBoxFrame::AttributeChanged] when changing ordinal value of a xul element in html
Categories
(Core :: Layout, defect, P3)
Core
Layout
Tracking
()
VERIFIED
FIXED
mozilla1.9alpha1
People
(Reporter: martijn.martijn, Assigned: bzbarsky)
Details
(4 keywords, Whiteboard: [rft-dl])
Crash Data
Attachments
(2 files)
475 bytes,
application/xhtml+xml
|
Details | |
1.28 KB,
patch
|
roc
:
review+
roc
:
superreview+
roc
:
approval-branch-1.8.1+
dveditz
:
approval1.8.0.2+
|
Details | Diff | Splinter Review |
See upcoming testcase, which crashes current trunk Mozilla build. It also crashes Mozilla1.7.12.
Talkback ID: TB15086320X
nsBoxFrame::AttributeChanged [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1314]
nsCSSFrameConstructor::AttributeChanged [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 10802]
PresShell::AttributeChanged [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 5140]
nsGenericElement::SetAttrAndNotify [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 3759]
nsGenericElement::SetAttr [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 3676]
nsXULElement::SetOrdinal [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2291]
XPCWrappedNative::CallMethod [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2152]
XPC_WN_GetterSetter [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1468]
js_Invoke [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1243]
js_InternalInvoke [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1344]
js_InternalGetOrSet [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1403]
js_SetProperty [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsobj.c, line 3125]
js_Interpret [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3655]
js_Invoke [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1267]
js_InternalInvoke [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1344]
JS_CallFunctionValue [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsapi.c, line 4176]
nsJSContext::CallEventHandler [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1424]
nsGlobalWindow::RunTimeout [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/dom/src/base/nsGlobalWindow.cpp, line 6219]
nsGlobalWindow::TimerCallback [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/dom/src/base/nsGlobalWindow.cpp, line 6589]
nsAppStartup::Run [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 162]
main [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 61]
kernel32.dll + 0x1eb69 (0x77e5eb69)
Reporter | ||
Comment 1•19 years ago
|
||
![]() |
Assignee | |
Comment 2•19 years ago
|
||
Sometimes, a null-check really is the right thing!
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Attachment #212192 -
Flags: superreview?(roc)
Attachment #212192 -
Flags: review?(roc)
![]() |
Assignee | |
Updated•19 years ago
|
OS: Windows XP → All
Priority: -- → P3
Hardware: PC → All
Summary: Crash [@ nsBoxFrame::AttributeChanged] when changing ordinal value of a xul element in html → [FIX]Crash [@ nsBoxFrame::AttributeChanged] when changing ordinal value of a xul element in html
Target Milestone: --- → mozilla1.9alpha
![]() |
Assignee | |
Updated•19 years ago
|
Attachment #212192 -
Flags: approval-branch-1.8.1?(roc)
![]() |
Assignee | |
Comment 3•19 years ago
|
||
Not sure whether this is worth it for 1.8.0.x branch. roc, thoughts?
Comment on attachment 212192 [details] [diff] [review]
Fix
I think we may as well take it for 1.8.0.x, the risk is as low as it gets.
Attachment #212192 -
Flags: superreview?(roc)
Attachment #212192 -
Flags: superreview+
Attachment #212192 -
Flags: review?(roc)
Attachment #212192 -
Flags: review+
Attachment #212192 -
Flags: approval-branch-1.8.1?(roc)
Attachment #212192 -
Flags: approval-branch-1.8.1+
![]() |
Assignee | |
Comment 5•19 years ago
|
||
Comment on attachment 212192 [details] [diff] [review]
Fix
Requesting 1.8.0.x approval. This is a simple null-check crash fix; should be very safe.
Attachment #212192 -
Flags: approval1.8.0.2?
![]() |
Assignee | |
Comment 6•19 years ago
|
||
Fixed on trunk and 1.8.1
Comment 7•19 years ago
|
||
No crash loading/reloading testcase: https://bugzilla.mozilla.org/attachment.cgi?id=211724&action=view
on Windows XP SeaMonkey trunk Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060221 SeaMonkey/1.5a
Status: RESOLVED → VERIFIED
Updated•19 years ago
|
Flags: blocking1.8.0.2+
Comment 8•19 years ago
|
||
Comment on attachment 212192 [details] [diff] [review]
Fix
approved for 1.8.0 branch, a=dveditz
Attachment #212192 -
Flags: approval1.8.0.2? → approval1.8.0.2+
Comment 10•19 years ago
|
||
Marking [rft-dl] (ready for testing in Firefox 1.5.0.2 release candidates)
Whiteboard: [rft-dl]
Comment 11•19 years ago
|
||
verified on the 1.8.0.2 branch using Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.2) Gecko/20060306 Firefox/1.5.0.2. I get no crash repeatedly loading and reloading the testcase listed in the bug.
Keywords: fixed1.8.0.2 → verified1.8.0.2
Updated•14 years ago
|
Crash Signature: [@ nsBoxFrame::AttributeChanged]
You need to log in
before you can comment on or make changes to this bug.
Description
•