Closed
Bug 331446
Opened 19 years ago
Closed 19 years ago
Crash [@ nsFrameManager::ReResolveStyleContext] involving columns, tables, positioning
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
VERIFIED
FIXED
People
(Reporter: jruderman, Unassigned)
References
Details
(5 keywords, Whiteboard: [sg:critical] fixed by 338770)
Crash Data
Attachments
(2 files)
[sg:critical] based on stack traces with random addresses on top.
|
Reporter | |
Comment 1•19 years ago
|
||
|
|
Reporter | |
Comment 2•19 years ago
|
||
|
||
Comment 3•19 years ago
|
||
Tables are used in the testcase.
|
|
Reporter | |
Comment 4•19 years ago
|
||
Columns too :)
I need to turn off absolute positioning inside columns for now. See bugs 312963 and bug 288357.
we hit a couple of asserts before the crash:
###!!! ASSERTION: Must only be called on reflowed lines: '!(GetStateBits() & NS_
FRAME_IS_DIRTY)', file d:/moz_src/mozilla/layout/generic/nsFrame.cpp, line 3570
###!!! ASSERTION: SplitRowGroup currently supports only paged media: 'aPresConte
xt->IsPaginated()', file d:/moz_src/mozilla/layout/tables/nsTableRowGroupFrame.c
pp, line 1016
###!!! ASSERTION: SplitRowGroup currently supports only paged media: 'aPresConte
xt->IsPaginated()', file d:/moz_src/mozilla/layout/tables/nsTableRowGroupFrame.c
pp, line 1016
###!!! ASSERTION: SplitRowGroup currently supports only paged media: 'aPresConte
xt->IsPaginated()', file d:/moz_src/mozilla/layout/tables/nsTableRowGroupFrame.c
pp, line 1016
###!!! ASSERTION: SplitRowGroup currently supports only paged media: 'aPresConte
xt->IsPaginated()', file d:/moz_src/mozilla/layout/tables/nsTableRowGroupFrame.c
pp, line 1016
###!!! ASSERTION: SplitRowGroup currently supports only paged media: 'aPresConte
xt->IsPaginated()', file d:/moz_src/mozilla/layout/tables/nsTableRowGroupFrame.c
pp, line 1016
###!!! ASSERTION: SplitRowGroup currently supports only paged media: 'aPresConte
xt->IsPaginated()', file d:/moz_src/mozilla/layout/tables/nsTableRowGroupFrame.c
pp, line 1016
###!!! ASSERTION: SplitRowGroup currently supports only paged media: 'aPresConte
xt->IsPaginated()', file d:/moz_src/mozilla/layout/tables/nsTableRowGroupFrame.c
pp, line 1016
WARNING: Couldn't add reflow command, so splitting.
###!!! ASSERTION: SplitRowGroup currently supports only paged media: 'aPresConte
xt->IsPaginated()', file d:/moz_src/mozilla/layout/tables/nsTableRowGroupFrame.c
pp, line 1016
###!!! ASSERTION: SplitRowGroup currently supports only paged media: 'aPresConte
xt->IsPaginated()', file d:/moz_src/mozilla/layout/tables/nsTableRowGroupFrame.c
pp, line 1016
###!!! ASSERTION: Deleting out of flow without tearing down placeholder relation
ship: '!(mState & NS_FRAME_OUT_OF_FLOW) || !shell->FrameManager()->GetPlaceholde
rFrameFor(this)', file d:/moz_src/mozilla/layout/generic/nsFrame.cpp, line 637
###!!! ASSERTION: frame was not removed from primary frame map before destructio
n or was readded to map after being removed: 'Not Reached', file d:/moz_src/mozi
lla/layout/base/nsFrameManager.cpp, line 699
###!!! ASSERTION: SplitRowGroup currently supports only paged media: 'aPresConte
xt->IsPaginated()', file d:/moz_src/mozilla/layout/tables/nsTableRowGroupFrame.c
pp, line 1016
|
|
Reporter | |
Updated•19 years ago
|
Whiteboard: [sg:critical]
|
||
Comment 7•19 years ago
|
||
with a debug windows 1.5.0.2 build I consistently crash in nsIFrame::GetStyleDataExternal with a null mStyleContext -- seems safe enough.
On the trunk this is a deleted object and it crashes a bit later, though not quite where the Mac does in the attached trace.
OS: MacOS X → All
Hardware: Macintosh → All
Whiteboard: [sg:critical] → [sg:critical] for trunk
|
|
Reporter | |
Updated•19 years ago
|
Blocks: randomclasses
Depends on: 288357
(In reply to comment #6)
> ###!!! ASSERTION: Deleting out of flow without tearing down placeholder
> relation
> ship: '!(mState & NS_FRAME_OUT_OF_FLOW) ||
> !shell->FrameManager()->GetPlaceholde
> rFrameFor(this)', file d:/moz_src/mozilla/layout/generic/nsFrame.cpp, line 637
This assert cause the problem. Just unregister the Placeholder Frame in sFrame.cpp can avoid the crash. But I don't it is a good solution.
This bug is gone on latest trunk.
Seems that the patch for bug 338770 fix the problem.
Depends on: 338770
|
|
||
Comment 10•19 years ago
|
||
Indeed, this doesn't crash anymore on current trunk builds. Marking fixed then. Fixed by bug 338770.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
|
||
Comment 11•19 years ago
|
||
nominating for 1.8.0 because this is the bug with the testcase.
Flags: blocking1.8.0.6+
Whiteboard: [sg:critical] for trunk → [sg:critical] fixed by 338770
|
|
||
Updated•19 years ago
|
Keywords: fixed1.8.1
|
|
||
Comment 12•19 years ago
|
||
bug 338770 fixed on the 1.8.0 branch
qawanted: please verify that this variant is actually fixed.
Keywords: fixed1.8.0.7,
qawanted
|
|
||
Comment 13•19 years ago
|
||
I'm already not crashing with:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060706 Firefox/1.5.0.5
I'm crashing with:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
So on the 1.5.0.x branch it seems to be fixed somehow between that period.
|
||
Comment 14•19 years ago
|
||
https://bugzilla.mozilla.org/attachment.cgi?id=215994
ff2b2 windows, linux, macppc no crash
verified fixed 1.8
Keywords: fixed1.8.1 → verified1.8.1
|
||
Comment 15•19 years ago
|
||
Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.0.7pre) Gecko/20060821 Firefox/1.5.0.7pre
https://bugzilla.mozilla.org/attachment.cgi?id=215994, no crash.
verified 1.0.8.7
Status: RESOLVED → VERIFIED
Keywords: fixed1.8.0.7 → verified1.8.0.7
|
|
||
Updated•18 years ago
|
Group: security
Flags: in-testsuite?
|
Assignee | |
Updated•14 years ago
|
Crash Signature: [@ nsFrameManager::ReResolveStyleContext]
You need to log in
before you can comment on or make changes to this bug.
Description
•