Last Comment Bug 339170 - Crash [@ nsTableColGroupFrame::GetStartColumnIndex]
: Crash [@ nsTableColGroupFrame::GetStartColumnIndex]
Status: VERIFIED FIXED
[sg:dupe 339315] freed memory
: crash, qawanted, verified1.8.0.7, verified1.8.1
Product: Core
Classification: Components
Component: Layout: Tables (show other bugs)
: Trunk
: All All
: -- critical (vote)
: ---
Assigned To: Bernd
:
Mentors:
Depends on: 339315
Blocks: stirtable
  Show dependency treegraph
 
Reported: 2006-05-24 18:16 PDT by Mats Palmgren (:mats)
Modified: 2011-06-13 10:01 PDT (History)
5 users (show)
dveditz: blocking1.8.0.7+
dveditz: in‑testsuite?
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
stack (19.96 KB, text/plain)
2006-05-24 18:20 PDT, Mats Palmgren (:mats)
no flags Details
testcase (873 bytes, text/html)
2006-05-26 18:13 PDT, Jesse Ruderman
no flags Details

Comment 1 Mats Palmgren (:mats) 2006-05-24 18:20:26 PDT
Created attachment 223251 [details]
stack

I think this is <colgroup> specific so make sure you use StirTable v0.2
Comment 2 Jesse Ruderman 2006-05-26 04:20:45 PDT
I think this is the same as bug 339315, because while reducing a testcase for this crash, I ended up with that crash.
Comment 3 Jesse Ruderman 2006-05-26 18:10:27 PDT
Or maybe not, since I got a testcase for this crash that doesn't involve crazy rowspans or colspans.
Comment 4 Jesse Ruderman 2006-05-26 18:13:27 PDT
Created attachment 223515 [details]
testcase

Crashes Mac debug with:

0   nsTableColGroupFrame::GetStartColumnIndex() + 20 (nsTableColGroupFrame.h:284)
1   BCMapCellIterator::SetInfo(nsTableRowFrame*, int, CellData*, BCMapCellInfo&, nsCellMap*) + 1504 (nsTableFrame.cpp:4772)
2   BCMapCellIterator::First(BCMapCellInfo&) + 292 (nsTableFrame.cpp:4863)
3   nsTableFrame::CalcBCBorders() + 1056 (nsTableFrame.cpp:5749)
...

Crashes Mac nightly with:

0   BCMapCellIterator::SetInfo(nsTableRowFrame*, int, CellData*, BCMapCellInfo&, nsCellMap*) + 640
1   nsTableFrame::CalcBCBorders() + 560
...
Comment 5 Jesse Ruderman 2006-05-26 18:47:37 PDT
"KERN_INVALID_ADDRESS (0x0001) at 0xddddde19" => [sg:critical]
Comment 6 Bernd 2006-06-07 09:33:09 PDT
the patch in bug 339315 seems to fix this.
Comment 7 Daniel Veditz [:dveditz] 2006-07-07 10:36:09 PDT
qawanted to verify that bug 339315 fixes this (comment 6)
Comment 8 Bernd 2006-07-29 20:52:52 PDT
reopening to take the bug
Comment 9 Bernd 2006-07-29 20:53:20 PDT
taking
Comment 10 Bernd 2006-07-29 20:53:40 PDT
closing it again
Comment 11 Mike Schroepfer 2006-08-15 12:50:29 PDT
Marking fixed 1.8.1 and clearing the the blocking flag
Comment 12 Bernd 2006-08-21 12:01:00 PDT
this got fixed on branch by bug 339315
Comment 13 alice nodelman [:alice] [:anode] 2006-08-22 15:17:26 PDT
https://bugzilla.mozilla.org/attachment.cgi?id=223515&action=view should load without crashing

Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.0.7pre) Gecko/20060821 Firefox/1.5.0.7pre

verified 1.8.0.7

Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1b2) Gecko/2006082203 BonEcho/2.0b2

verified 1.8.1b2

Note You need to log in before you can comment on or make changes to this bug.