Closed
Bug 374193
Opened 17 years ago
Closed 17 years ago
[FIX]Crash [@ nsCSSFrameConstructor::GetFrameFor] with mtable, th and an xbl binding
Categories
(Core :: Layout, defect, P1)
Core
Layout
Tracking
()
VERIFIED
FIXED
mozilla1.9alpha4
People
(Reporter: martijn.martijn, Assigned: bzbarsky)
References
Details
(5 keywords)
Crash Data
Attachments
(5 files)
938 bytes,
application/xhtml+xml
|
Details | |
5.02 KB,
patch
|
bernd_mozilla
:
review+
rbs
:
superreview+
dveditz
:
approval1.8.1.4+
dveditz
:
approval1.8.0.12+
|
Details | Diff | Splinter Review |
698 bytes,
application/xhtml+xml
|
Details | |
1.62 KB,
patch
|
Details | Diff | Splinter Review | |
9.19 KB,
patch
|
Details | Diff | Splinter Review |
See testcase, this usually crashes for me the first time, if not, try reloading a few times. Talkback ID: TB30287494W nsCSSFrameConstructor::GetFrameFor [mozilla/layout/base/nscssframeconstructor.cpp, line 7708] 0x02d373e8 This doesn't crash for me in a 2007-01-02 build, but does crash in a 2007-01-03 build: http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2007-01-02+04&maxdate=2007-01-03+09&cvsroot=%2Fcvsroot Regression from bug 243159, somehow? It also contains an xbl binding (conveniently embedded now, because bug 371662 is fixed, the xbl binding is this: <bindings xmlns="http://www.mozilla.org/xbl"> <binding id="a"> <implementation> <constructor> this.style.position='fixed'; </constructor> </implementation> <content><children/></content> </binding> </bindings>
Reporter | ||
Comment 1•17 years ago
|
||
I'm also getting this talkback sometimes: TB30287802E nsPlaceholderFrame::CanContinueTextRun [mozilla/layout/generic/nsplaceholderframe.cpp, line 159]
Regression from bug 243159, somehow? sure before bug 243519 xbl on table display types was completely broken.
Assignee | ||
Comment 3•17 years ago
|
||
The key is that the patch for bug 347355 is wrong -- the <mtable> doesn't create a table frame, so we need to treat it as special. The other changes are: 1) <math> is special but wasn't treated as such. 2) Once we create pseudos for the <mtable>, we need to be careful not to lose them when we construct the table frame inside it. We probably want this on branches too...
Attachment #260026 -
Flags: superreview?(rbs)
Attachment #260026 -
Flags: review?(bernd_mozilla)
Assignee | ||
Comment 4•17 years ago
|
||
Assignee | ||
Comment 5•17 years ago
|
||
Martijn, does that patch fix things for you? For me this crash was 100% reproducible, so I want to make sure I'm fixing the thing you're seeing.
Assignee: nobody → bzbarsky
Flags: blocking1.8.1.4?
Flags: blocking1.8.0.12?
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Summary: Crash [@ nsCSSFrameConstructor::GetFrameFor] with mtable, th and an xbl binding → [FIX]Crash [@ nsCSSFrameConstructor::GetFrameFor] with mtable, th and an xbl binding
Target Milestone: --- → mozilla1.9alpha4
Reporter | ||
Comment 6•17 years ago
|
||
Yeah, the patch fixes the crash for me.
Attachment #260026 -
Flags: review?(bernd_mozilla) → review+
Updated•17 years ago
|
Flags: blocking1.8.1.4?
Flags: blocking1.8.1.4+
Flags: blocking1.8.0.12?
Flags: blocking1.8.0.12+
Comment on attachment 260026 [details] [diff] [review] Proposed patch sr=rbs
Attachment #260026 -
Flags: superreview?(rbs) → superreview+
Assignee | ||
Comment 8•17 years ago
|
||
Assignee | ||
Comment 9•17 years ago
|
||
Fixed on trunk.
Status: NEW → RESOLVED
Closed: 17 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Assignee | ||
Comment 10•17 years ago
|
||
Comment on attachment 260026 [details] [diff] [review] Proposed patch We should probably take this on branches. I think this is pretty safe, as far as this code goes. It's certainly theoretically the "right thing".
Attachment #260026 -
Flags: approval1.8.1.4?
Attachment #260026 -
Flags: approval1.8.0.12?
Reporter | ||
Comment 11•17 years ago
|
||
Verified fixed, using: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a4pre) Gecko/20070411 Minefield/3.0a4pre
Status: RESOLVED → VERIFIED
Comment 12•17 years ago
|
||
Comment on attachment 260026 [details] [diff] [review] Proposed patch approved for 1.8.0.12 and 1.8.1.4, a=dveditz for release-drivers
Attachment #260026 -
Flags: approval1.8.1.4?
Attachment #260026 -
Flags: approval1.8.1.4+
Attachment #260026 -
Flags: approval1.8.0.12?
Attachment #260026 -
Flags: approval1.8.0.12+
Comment 13•17 years ago
|
||
Comment on attachment 260026 [details] [diff] [review] Proposed patch approved for 1.8.0.12 and 1.8.1.4, a=dveditz for release-drivers
Assignee | ||
Comment 14•17 years ago
|
||
Comment 16•17 years ago
|
||
verified fixed 1.8.1.4 - tested with the testcases from comment #0 and #4 with Builds: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4pre) Gecko/2007042803 BonEcho/2.0.0.4pre Fedora FC6 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.4pre) Gecko/2007042805 BonEcho/2.0.0.4pre and verified fixed 1.8.0.12 on Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.12pre) Gecko/20070428 Firefox/1.5.0.12pre -> no crash on testcases -> adding verified keyword
Updated•13 years ago
|
Crash Signature: [@ nsCSSFrameConstructor::GetFrameFor]
You need to log in
before you can comment on or make changes to this bug.
Description
•