Closed
Bug 341227
Opened 19 years ago
Closed 18 years ago
Crash called from [@ nsIFrame::GetStyleData] called from nsCSSRendering::PaintBackgroundWithSC
Categories
(Core :: Layout: Tables, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: jruderman, Unassigned)
References
Details
(4 keywords, Whiteboard: [sg:critical?])
Crash Data
Attachments
(2 files)
This testcase crashes a debug build that has the patches for bug 339130, bug 339246, and bug 339315. The stack traces are somewhat similar to those in bug 339246 and bug 339315. Before the crash, I see: 2 * ###!!! ASSERTION: invalid number of columns: 'colX < GetColCount()', file /Users/admin/trunk/mozilla/layout/tables/nsTableFrame.cpp, line 1677 1 * ###!!! ASSERTION: prevent array boundary violation: 'colIndex < mNumCols', file /Users/admin/trunk/mozilla/layout/tables/nsTablePainter.cpp, line 416
Reporter | ||
Comment 1•19 years ago
|
||
Reporter | ||
Comment 2•19 years ago
|
||
Reporter | ||
Comment 3•19 years ago
|
||
> The stack traces are somewhat similar to those in bug 339246 and bug 339315. And bug 339165.
Updated•19 years ago
|
Whiteboard: [sg:critical?]
the revised patch in bug 339246 fixes the crash but not the assertion, the assertion is a critical one as it indicates a severe mismatch between the frame structure and the cellmap. This usually crashes with the first style reference either to noninitialzed memory or for a allready deleted cell position.
attchment 225587 from bug 339246 fixes this entirely, no assertion no crash.
Reporter | ||
Comment 6•19 years ago
|
||
I think bug 341814 has the same stack signature.
marking fixed
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Comment 8•18 years ago
|
||
Yes, current trunk debug build doesn't crash (as normal trunk builds don't crash) on the testcase and I don't see any assertions. So this is most likely fixed by bug 339246, as bernd said in comment 5.
Status: RESOLVED → VERIFIED
Comment 9•18 years ago
|
||
Just tested this on firefox 1.5.0.8 no crash with the testcase.
Keywords: fixed1.8.1,
verified1.8.0.8
Updated•17 years ago
|
Group: security
Flags: in-testsuite?
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ nsIFrame::GetStyleData]
You need to log in
before you can comment on or make changes to this bug.
Description
•