Closed Bug 339170 Opened 19 years ago Closed 19 years ago

Crash [@ nsTableColGroupFrame::GetStartColumnIndex]

Categories

(Core :: Layout: Tables, defect)

Product:
Core
Component:
Layout: Tables
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: MatsPalmgren_bugz, Assigned: bernd_mozilla)

References

Details

(4 keywords, Whiteboard: [sg:dupe 339315] freed memory)

Crash Data

Attachments

(2 files)

stack
19.96 KB, text/plain
Details
testcase
873 bytes, text/html
Details
Attached file stack
I think this is <colgroup> specific so make sure you use StirTable v0.2
I think this is the same as bug 339315, because while reducing a testcase for this crash, I ended up with that crash.
Depends on: 339315
Or maybe not, since I got a testcase for this crash that doesn't involve crazy rowspans or colspans.
Attached file testcase
Crashes Mac debug with: 0 nsTableColGroupFrame::GetStartColumnIndex() + 20 (nsTableColGroupFrame.h:284) 1 BCMapCellIterator::SetInfo(nsTableRowFrame*, int, CellData*, BCMapCellInfo&, nsCellMap*) + 1504 (nsTableFrame.cpp:4772) 2 BCMapCellIterator::First(BCMapCellInfo&) + 292 (nsTableFrame.cpp:4863) 3 nsTableFrame::CalcBCBorders() + 1056 (nsTableFrame.cpp:5749) ... Crashes Mac nightly with: 0 BCMapCellIterator::SetInfo(nsTableRowFrame*, int, CellData*, BCMapCellInfo&, nsCellMap*) + 640 1 nsTableFrame::CalcBCBorders() + 560 ...
"KERN_INVALID_ADDRESS (0x0001) at 0xddddde19" => [sg:critical]
OS: Linux → All
Hardware: PC → All
Whiteboard: [sg:critical]
the patch in bug 339315 seems to fix this.
qawanted to verify that bug 339315 fixes this (comment 6)
Status: NEW → RESOLVED
Closed: 19 years ago
Flags: blocking1.8.1?
Flags: blocking1.8.0.6?
Keywords: qawanted
Resolution: --- → FIXED
Whiteboard: [sg:critical] → [sg:critical] freed memory
Flags: blocking1.8.1? → blocking1.8.1+
Flags: blocking1.8.0.6? → blocking1.8.0.6+
Whiteboard: [sg:critical] freed memory → [sg:dupe 339315] freed memory
reopening to take the bug
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
taking
Assignee: nobody → bernd_mozilla
Status: REOPENED → NEW
closing it again
Status: NEW → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → FIXED
Marking fixed 1.8.1 and clearing the the blocking flag
Flags: blocking1.8.1+
Keywords: fixed1.8.1
this got fixed on branch by bug 339315
Keywords: fixed1.8.0.7
https://bugzilla.mozilla.org/attachment.cgi?id=223515&action=view should load without crashing Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.0.7pre) Gecko/20060821 Firefox/1.5.0.7pre verified 1.8.0.7 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1b2) Gecko/2006082203 BonEcho/2.0b2 verified 1.8.1b2
Status: RESOLVED → VERIFIED
Keywords: fixed1.8.0.7, fixed1.8.1verified1.8.0.7, verified1.8.1
Group: security
Flags: in-testsuite?
Crash Signature: [@ nsTableColGroupFrame::GetStartColumnIndex]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: