Closed
Bug 329692
Opened 18 years ago
Closed 18 years ago
Crash using canvas style display:table-footer-group and font display:table and more
Categories
(Core :: Layout: Tables, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: martijn.martijn, Assigned: bernd_mozilla)
References
Details
(5 keywords)
Attachments
(2 files)
|
329 bytes,
text/html
|
Details | |
|
1.01 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
bzbarsky
:
approval-branch-1.8.1+
timr
:
approval1.8.0.2-
jay
:
approval1.8.0.4+
|
Details | Diff | Splinter Review |
See upcoming testcase, which crashes on load. This regressed between 2005-11-30 and 2005-12-15 (Ria, could you minimise the regression period more?)
|
Reporter | |
Comment 1•18 years ago
|
||
Talkback ID: TB16069311Q nsTableRowGroupFrame::GetRowCount nsTableFrame::GetAscent nsTableOuterFrame::Reflow 0x0012e584 0x0259bb4c 0x0259b0a8 0x0259af04 0x02585f1c 0x02586064
no need to reduce the regression window, Canvas is tag based frame creation it should be mentioned inside IsSpecialContent.
Vladimir this is bug/omission in the frame constructor part of the html canvas implementation. EVERY frame where the frame construction is not controlled by the display-type needs to be mentioned in IsSpecialContent otherwise Martijn will sooner or later create a crash testcase for this. Isn't Canvas on the 1.8 branches?
(In reply to comment #4) > Vladimir this is bug/omission in the frame constructor part of the html canvas > implementation. EVERY frame where the frame construction is not controlled by > the display-type needs to be mentioned in IsSpecialContent otherwise Martijn > will sooner or later create a crash testcase for this. Isn't Canvas on the 1.8 > branches? Sure, I must've missed that part in the new-frame-implementation documentation. Yes, we should land this on 1.8.0/1.8.1 as well as the trunk.
|
|
Reporter | |
Updated•18 years ago
|
Blocks: ajax-demolisher
Comment on attachment 214399 [details] [diff] [review] patch Boris, this are the usual suspects..., (I know we need to rewrite it, but I have no idea how to do it)
Attachment #214399 -
Flags: superreview?(bzbarsky)
Attachment #214399 -
Flags: review?(bzbarsky)
|
||
Comment 7•18 years ago
|
||
> Sure, I must've missed that part in the new-frame-implementation documentation.
Which documentation is that? Chances are it predates the existence of IsSpecialContent.|
|
||
Comment 8•18 years ago
|
||
Comment on attachment 214399 [details] [diff] [review] patch r+sr=bzbarsky, and approved for 1.8.1 branch too. Seeking 1.8.0.x approval; if not 1.8.0.2 then 1.8.0.3. This is a very safe patch that prevents your usual deleted-object-deref type crashes.
Attachment #214399 -
Flags: superreview?(bzbarsky)
Attachment #214399 -
Flags: superreview+
Attachment #214399 -
Flags: review?(bzbarsky)
Attachment #214399 -
Flags: review+
Attachment #214399 -
Flags: approval1.8.0.2?
Attachment #214399 -
Flags: approval-branch-1.8.1+
|
||
Comment 9•18 years ago
|
||
Comment on attachment 214399 [details] [diff] [review] patch Too late for 1.8.0.2. We have final bits. "?"ing for 1.8.0.3.
Attachment #214399 -
Flags: approval1.8.0.3?
Attachment #214399 -
Flags: approval1.8.0.2?
Attachment #214399 -
Flags: approval1.8.0.2-
|
Assignee | |
Comment 10•18 years ago
|
||
fix checked in on trunk and 1.8 branch
Verified FIXED using SeaMonkey trunk build 2006-03-13-09 on Windows XP trunk with https://bugzilla.mozilla.org/attachment.cgi?id=214380&action=view as the testcase.
Status: RESOLVED → VERIFIED
|
||
Comment 12•18 years ago
|
||
Comment on attachment 214399 [details] [diff] [review] patch Please check in promptly on the 1.8.0 branch. Thanks!
Attachment #214399 -
Flags: approval1.8.0.3? → approval1.8.0.3+
|
|
||
Comment 14•18 years ago
|
||
v.fixed on 1.8.0 branch: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4, no crash with testcase.
Keywords: fixed1.8.0.4 → verified1.8.0.4
You need to log in
before you can comment on or make changes to this bug.
Description
•