Closed
Bug 362155
Opened 18 years ago
Closed 18 years ago
Crash [@ nsCSSFrameConstructor::RemoveFirstLetterFrames] on 1.8 branch with the first testcase from bug 318592
Categories
(Core :: Layout, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: martijn.martijn, Assigned: bzbarsky)
References
()
Details
(5 keywords)
Crash Data
The first testcase from bug 318592 still crashes on branches when hovering over the text, even after the fix for bug 318592 went in on branch. The testcase doesn't crash on trunk anymore. Talkback ID: TB26627839Z nsCSSFrameConstructor::RemoveFirstLetterFrames [mozilla/layout/base/nsCSSFrameConstructor.cpp, line 13005] nsCSSFrameConstructor::RemoveLetterFrames [mozilla/layout/base/nsCSSFrameConstructor.cpp, line 13069] nsCSSFrameConstructor::ContentRemoved [mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9994] nsCSSFrameConstructor::ReinsertContent [mozilla/layout/base/nsCSSFrameConstructor.cpp, line 9682] PresShell::CharacterDataChanged [mozilla/layout/base/nsPresShell.cpp, line 5456] nsGenericDOMDataNode::SetText [mozilla/content/base/src/nsGenericDOMDataNode.cpp, line 1256] nsGenericDOMDataNode::SetData [mozilla/content/base/src/nsGenericDOMDataNode.cpp, line 374] nsCommentNode::SetData [mozilla/content/base/src/nsCommentNode.cpp, line 59] nsHTMLHtmlElement::AddRef 0xfa08e918
Assignee | ||
Comment 1•18 years ago
|
||
This is basically caused by the fact that bug 317948 wasn't fixed on branch. While processing the style change we blow away some frames, which causes a quotes rebuild, which does SetData(), which tries to find the primary frame for the text node, but we're in the middle of frame destruction so it runs into dead frames (since we don't put text nodes into the hashtable) and crashes. I'll post a branch patch to bug 317948; I've verified that that patch fixes this bug.
Comment 2•18 years ago
|
||
This testcase came from a regression bug, carrying over keyword. This bug should be given appropriate "fixed" keywords when the blocking bug is checked in to the branch to trigger a verification.
Assignee | ||
Comment 3•18 years ago
|
||
Fixed on 1.8 and 1.8.0 branches by checkin for bug 317948.
Status: NEW → RESOLVED
Closed: 18 years ago
Keywords: fixed1.8.0.9,
fixed1.8.1.1
Resolution: --- → FIXED
Comment 4•18 years ago
|
||
Verified fixed with Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.1pre) Gecko/20061202 BonEcho/2.0.0.1pre and Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.9pre) Gecko/20061202 Firefox/1.5.0.9pre and Fedora FC 6
Status: RESOLVED → VERIFIED
Updated•18 years ago
|
Flags: wanted1.8.1.x+
Flags: wanted1.8.0.x+
Updated•13 years ago
|
Crash Signature: [@ nsCSSFrameConstructor::RemoveFirstLetterFrames]
You need to log in
before you can comment on or make changes to this bug.
Description
•