350602 - Crash [@ nsCSSRendering::PaintBackgroundWithSC] with unminimised stirtable testcase

Status: RESOLVED WORKSFORME

(Core :: Layout: Tables, defect)

Description

[Martijn Wargers (dead)]

See upcoming testcase, which I haven't been able to minimise yet.
Current trunk Mozilla builds crash when the counter in the status bar has reached 137.

Talkback ID: TB22645343Z
nsCachedStyleData::GetStyleData   nsCSSRendering::PaintBackgroundWithSC   0x0012f2b0

Talkback ID: TB22653080W
TableBackgroundPainter::PaintCell   TableBackgroundPainter::PaintRow   TableBackgroundPainter::PaintRowGroup   TableBackgroundPainter::PaintTable   nsTableFrame::PaintTableBorderBackground  

This regressed between 2006-04-21 and 2006-04-22:
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2006-04-21+05&maxdate=2006-04-22+06&cvsroot=%2Fcvsroot
Regression from bug 333493 or bug 331679.
Those bugs were checked in on branches, but branch builds don't seem to crash on the testcase.

Comment 1

[Martijn Wargers (dead)]

Attachment: testcase

I hope I'll be able to minimise the testcase some time, soon, but I won't complain if someone else will do it.

Comment 2

[Jesse Ruderman]

Stir Table crashes are usually easy to minimize using "record" mode and Lithium, aren't they?

Comment 3

[Bernd]

Martijn, as Jesse said 
Can you reproduce with StirTable v2.0?
If so, which seed arguments did you use?
Which iteration approximately?

Jesse: is there any chance or a parameter setting to get v2.0 to emulate v0.1

Comment 4

[Martijn Wargers (dead)]

Ok, this is now worksforme with current trunk build, I bet it was fixed by bug 351328 (sorry, I couldn't provide a minimised version of the testcase).