Closed Bug 366891 Opened 18 years ago Closed 15 years ago

crash in [@ ComputePlaceholderContainment]

Categories

(Core :: Web Painting, defect)

Product:
Core
Component:
Web Painting
Version:
1.8 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: nmiell, Assigned: roc)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.1) Gecko/20061222 Firefox/2.0.0.1 Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.1) Gecko/20061222 Firefox/2.0.0.1 Visiting the URL causes a reproducible crash with the following stack trace: #0 0x00000035df20dcbd in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:41 #1 0x0000000000410b03 in nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:206 #2 <signal handler called> #3 0xffffffff00000050 in ?? () #4 0x00002aaab12addfd in ComputePlaceholderContainment (aView=0x2aaab4cc8aa0) at nsViewManager.cpp:2335 #5 0x00002aaab12b026e in nsViewManager::BuildDisplayList (this=0x481b390, aView=0x2aaab4cc8aa0, aRect=@0x7fff277e07a0, aEventProcessing=0, aCaptured=<value optimized out>, aSuppressScrolling=0x0, aDisplayList=0x7fff277e08a0, aPool=@0x7fff277e07b0) at nsViewManager.cpp:2423 #6 0x00002aaab12b0a66 in nsViewManager::BuildRenderingDisplayList (this=0x2aaab4cc8aa0, aRootView=0x0, aRegion=@0x7fff277e0770, aDisplayList=0x7fff277e08a0, aPool=<value optimized out>, aIgnoreCoveringWidgets=0, aIgnoreOutsideClipping=0, aSuppressScrolling=0x0) at nsViewManager.cpp:1285 #7 0x00002aaab12b1d4f in nsViewManager::Refresh (this=0x481b390, aView=0x2aaab4cc8aa0, aContext=0x4edecc0, aRegion=0x4fa68f0, aUpdateFlags=<value optimized out>) at nsViewManager.cpp:872 #8 0x00002aaab12b4090 in nsViewManager::DispatchEvent (this=0x481b390, aEvent=0x7fff277e0a60, aStatus=0x7fff277e0a2c) at nsViewManager.cpp:2045 #9 0x00002aaab12ab82a in HandleEvent (aEvent=0x7fff277e0a60) at nsView.cpp:171 #10 0x00002aaaafd01d52 in nsCommonWidget::DispatchEvent (this=0x2aaab4cc8b30, aEvent=0x7fff277e0a60, aStatus=@0x7fff277e0b08) at nsCommonWidget.cpp:219 #11 0x00002aaaafcfdb1e in nsWindow::OnExposeEvent (this=0x2aaab4cc8b30, aWidget=<value optimized out>, aEvent=0x7fff277e1220) at nsWindow.cpp:1433 #12 0x00002aaaafcfdbb4 in expose_event_cb (widget=0x7896a0, event=0x7fff277e1220) at nsWindow.cpp:3744 #13 0x00000035e6f3017d in _gtk_marshal_BOOLEAN__BOXED (closure=0x9d2810, return_value=0x7fff277e0d20, n_param_values=<value optimized out>, param_values=0x7fff277e0e20, invocation_hint=<value optimized out>, marshal_data=0x2aaaafcfdb8c) at gtkmarshalers.c:84 #14 0x00000035e4a0b16a in IA__g_closure_invoke (closure=0x9d2810, return_value=0x7fff277e0d20, n_param_values=2, param_values=0x7fff277e0e20, invocation_hint=0x7fff277e0ce0) at gclosure.c:490 #15 0x00000035e4a1b3bd in signal_emit_unlocked_R (node=0x74fd10, detail=0, instance=0x7896a0, emission_return=0x7fff277e1040, instance_and_params=0x7fff277e0e20) at gsignal.c:2438 #16 0x00000035e4a1c5ef in IA__g_signal_emit_valist (instance=0x7896a0, signal_id=<value optimized out>, detail=0, var_args=0x7fff277e10a0) at gsignal.c:2207 #17 0x00000035e4a1ca03 in IA__g_signal_emit (instance=0x2aaab4cc8aa0, signal_id=0, detail=0) at gsignal.c:2241 #18 0x00000035e702d5be in gtk_widget_event_internal (widget=0x7896a0, event=0x7fff277e1220) at gtkwidget.c:3911 #19 0x00000035e6f2a932 in IA__gtk_main_do_event (event=0x7fff277e1220) at gtkmain.c:1384 #20 0x00000035e7831f8a in gdk_window_process_updates_internal (window=0x2aaab4b7d580) at gdkwindow.c:2324 #21 0x00000035e78321cb in IA__gdk_window_process_all_updates () at gdkwindow.c:2387 #22 0x00000035e783223a in gdk_window_update_idle (data=0x2aaab4cc8aa0) at gdkwindow.c:2245 #23 0x00000035e422cf44 in IA__g_main_context_dispatch (context=0x64e980) at gmain.c:2045 #24 0x00000035e422fd7d in g_main_context_iterate (context=0x64e980, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2677 #25 0x00000035e423008a in IA__g_main_loop_run (loop=0xbb9a10) at gmain.c:2881 #26 0x00000035e6f2ac13 in IA__gtk_main () at gtkmain.c:1001 #27 0x00002aaaafd00c5a in nsAppShell::Run (this=0x78d810) at nsAppShell.cpp:139 #28 0x00002aaab034c52a in nsAppStartup::Run (this=0x78d790) at nsAppStartup.cpp:151 #29 0x00000000004083ee in XRE_main (argc=0, argv=<value optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:2444 #30 0x00000035de61da44 in __libc_start_main (main=0x403a38 <main>, argc=3, ubp_av=0x7fff277e1e48, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fff277e1e38) at libc-start.c:231 #31 0x00000000004039a9 in _start () Reproducible: Always
Assignee: nobody → roc
Component: General → Layout: View Rendering
Product: Firefox → Core
QA Contact: general → ian
Version: unspecified → 1.8 Branch
Keywords: crash
Summary: crash in nsViewManager.cpp:ComputePlaceholderContainment → crash in [@ ComputePlaceholderContainment]
I can't reproduce on Mac in release or debug builds, nor in a Linux release build (SUSE). Martijn, can you?
No, I can't reproduce this on windows, neither with current branch or trunk builds. Isn't that stacktrace of a trunk build?
Roc, Martijn: from the dupe which crashes here http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/view/src/nsViewManager.cpp&mark=2342&rev=MOZILLA_1_8_BRANCH#2342 it seems pretty clear aView is null. Should we just add a check?
No, that would just mask a deeper bug.
QA Contact: ian → layout.view-rendering
roc, do you know what the "deeper bug" is? From the dup, it sounds like this was fixed in Firefox 3.
That bug would have been a call to nsViewManager::BuildDisplayList with null aView. However, we removed nsViewManager::BuildDisplayList in Firefox 3.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
See Also: → https://launchpad.net/bugs/86806
Crash Signature: [@ ComputePlaceholderContainment]
Component: Layout: View Rendering → Layout: Web Painting
You need to log in before you can comment on or make changes to this bug.