Closed Bug 382396 Opened 13 years ago Closed 13 years ago

Crash [@ nsLineBox::DisableResizeReflowOptimization] with percentage text-indent and MathML

Categories

(Core :: Layout: Block and Inline, defect)

defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla1.9alpha5

People

(Reporter: jruderman, Assigned: mats)

References

(Blocks 1 open bug)

Details

(Keywords: crash, regression, testcase, Whiteboard: [sg:critical?] post-1.8-branch)

Crash Data

Attachments

(2 files)

Loading the testcase crashes Firefox (Mac trunk debug).

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0xcdcdcded

Thread 0 Crashed:
nsLineBox::DisableResizeReflowOptimization (nsLineLayout.cpp:323)
nsLineLayout::BeginLineReflow (nsLineLayout.cpp:255)
nsMathMLContainerFrame::ReflowForeignChild (nsMathMLContainerFrame.cpp:1019)
nsMathMLContainerFrame::ReflowChild (nsMathMLContainerFrame.cpp:999)
nsMathMLTokenFrame::Reflow (nsMathMLTokenFrame.cpp:142)
nsLineLayout::ReflowFrame (nsLineLayout.cpp:899)
nsBlockFrame::ReflowInlineFrame (nsBlockFrame.cpp:3432)

The 0xcd pattern comes from the patch in bug 368461.  A nightly crashes [@ nsLineLayout::BeginLineReflow] instead, dereferencing 0x40000020.

Bug 148396 and bug 373533 might be related.
Whiteboard: [sg:critical?]
Attached patch Patch rev. 1Splinter Review
Assignee: nobody → mats.palmgren
Status: NEW → ASSIGNED
Attachment #266571 - Flags: superreview?(dbaron)
Attachment #266571 - Flags: review?(dbaron)
This is a regression from a checkin less than 10 days ago (bug 45631).  Can the bug be opened, or does the testcase need scrubbing?
Blocks: 45631
Comment on attachment 266571 [details] [diff] [review]
Patch rev. 1

r+sr=dbaron
Attachment #266571 - Flags: superreview?(dbaron)
Attachment #266571 - Flags: superreview+
Attachment #266571 - Flags: review?(dbaron)
Attachment #266571 - Flags: review+
Making this bug public per comment 3.
Group: security
Keywords: regression
Whiteboard: [sg:critical?] → [sg:critical?] post-1.8-branch
Checked in to trunk at 2007-05-30 08:08 PDT.

-> FIXED
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Flags: in-testsuite?
OS: Mac OS X → All
Hardware: PC → All
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9alpha5
Flags: wanted1.8.1.x-
Flags: wanted1.8.0.x-
Crashtest checked in.
Flags: in-testsuite? → in-testsuite+
Crash Signature: [@ nsLineBox::DisableResizeReflowOptimization]
You need to log in before you can comment on or make changes to this bug.