Closed Bug 38762 Opened 24 years ago Closed 24 years ago

Crash in nsTextFrame::PaintAsciiText

Categories

(Core :: Layout, defect, P3)

Product:
Core
Component:
Layout
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 37171

People

(Reporter: pollmann, Assigned: buster)

Details

(Keywords: crash, Whiteboard: fix attached)

Attachments

(1 file)

proposed check-for-null fix
1.31 KB, patch
Details | Diff | Splinter Review 
After just finishing up a lengthy email, I clicked on the addressing widget to 
add another recipient.  *crash*  :S

The crash is here on line 2511 where text is null:

2510                        // See if the text ends in a newline
2511                        if ((textLength > 0) && (text[textLength - 1] == 
'\n')) {
2512                          textLength--;
2513 kipp         1.170     }

This looks like it could be a simple as a forgot-to-check-for-null.  I'll try 
that in my tree and see if it helps.

nsTextFrame::PaintAsciiText(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, nsIStyleContext * 0x06133cd0, nsTextFrame::TextStyle & {...}, int 0, int 
0) line 2508 + 21 bytes
nsTextFrame::Paint(nsTextFrame * const 0x03cab098, nsIPresContext * 0x04eb7410, 
nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 1253
nsContainerFrame::PaintChild(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, const nsRect & {...}, nsIFrame * 0x03cab098, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 211
nsBlockFrame::PaintChildren(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, const nsRect & {...}, nsFramePaintLayer eFramePaintLayer_Overlay) line 
6089
nsBlockFrame::Paint(nsBlockFrame * const 0x03ca1fec, nsIPresContext * 
0x04eb7410, nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 5967
nsGfxTextControlFrame::PaintChild(nsIPresContext * 0x04eb7410, 
nsIRenderingContext & {...}, const nsRect & {...}, nsIFrame * 0x03ca1fec, 
nsFramePaintLayer eFramePaintLayer_Overlay) line 1601
nsGfxTextControlFrame::PaintTextControl(nsIPresContext * 0x04eb7410, 
nsIRenderingContext & {...}, const nsRect & {...}, nsString & {...}, 
nsIStyleContext * 0x0612e980, nsRect & {...}) line 1654
nsGfxTextControlFrame::Paint(nsGfxTextControlFrame * const 0x054bc878, 
nsIPresContext * 0x04eb7410, nsIRenderingContext & {...}, const nsRect & {...}, 
nsFramePaintLayer eFramePaintLayer_Overlay) line 1528
nsContainerFrame::PaintChild(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, const nsRect & {...}, nsIFrame * 0x054bc878, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 211
nsBoxFrame::PaintChild(nsIPresContext * 0x04eb7410, nsIRenderingContext & {...}, 
const nsRect & {...}, nsIFrame * 0x054bc878, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 1174
nsBoxFrame::PaintChildren(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, const nsRect & {...}, nsFramePaintLayer eFramePaintLayer_Overlay) line 
1289
nsHTMLContainerFrame::Paint(nsHTMLContainerFrame * const 0x054bc7e4, 
nsIPresContext * 0x04eb7410, nsIRenderingContext & {...}, const nsRect & {...}, 
nsFramePaintLayer eFramePaintLayer_Overlay) line 89
nsBoxFrame::Paint(nsBoxFrame * const 0x054bc7e4, nsIPresContext * 0x04eb7410, 
nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 1135 + 25 bytes
nsContainerFrame::PaintChild(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, const nsRect & {...}, nsIFrame * 0x054bc7e4, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 211
nsBoxFrame::PaintChild(nsIPresContext * 0x04eb7410, nsIRenderingContext & {...}, 
const nsRect & {...}, nsIFrame * 0x054bc7e4, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 1174
nsBoxFrame::PaintChildren(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, const nsRect & {...}, nsFramePaintLayer eFramePaintLayer_Overlay) line 
1289
nsHTMLContainerFrame::Paint(nsHTMLContainerFrame * const 0x054bc750, 
nsIPresContext * 0x04eb7410, nsIRenderingContext & {...}, const nsRect & {...}, 
nsFramePaintLayer eFramePaintLayer_Overlay) line 89
nsBoxFrame::Paint(nsBoxFrame * const 0x054bc750, nsIPresContext * 0x04eb7410, 
nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 1135 + 25 bytes
nsContainerFrame::PaintChild(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, const nsRect & {...}, nsIFrame * 0x054bc750, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 211
nsBoxFrame::PaintChild(nsIPresContext * 0x04eb7410, nsIRenderingContext & {...}, 
const nsRect & {...}, nsIFrame * 0x054bc750, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 1174
nsBoxFrame::PaintChildren(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, const nsRect & {...}, nsFramePaintLayer eFramePaintLayer_Overlay) line 
1289
nsHTMLContainerFrame::Paint(nsHTMLContainerFrame * const 0x054d71cc, 
nsIPresContext * 0x04eb7410, nsIRenderingContext & {...}, const nsRect & {...}, 
nsFramePaintLayer eFramePaintLayer_Overlay) line 89
nsBoxFrame::Paint(nsBoxFrame * const 0x054d71cc, nsIPresContext * 0x04eb7410, 
nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 1135 + 25 bytes
nsContainerFrame::PaintChild(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, const nsRect & {...}, nsIFrame * 0x054d71cc, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 211
nsContainerFrame::PaintChildren(nsIPresContext * 0x04eb7410, nsIRenderingContext 
& {...}, const nsRect & {...}, nsFramePaintLayer eFramePaintLayer_Overlay) line 
155
nsTableCellFrame::Paint(nsTableCellFrame * const 0x054d7164, nsIPresContext * 
0x04eb7410, nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 366
nsTableRowFrame::PaintChildren(nsIPresContext * 0x04eb7410, nsIRenderingContext 
& {...}, const nsRect & {...}, nsFramePaintLayer eFramePaintLayer_Overlay) line 
485
nsTableRowFrame::Paint(nsTableRowFrame * const 0x054d7104, nsIPresContext * 
0x04eb7410, nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 438
nsContainerFrame::PaintChild(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, const nsRect & {...}, nsIFrame * 0x054d7104, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 211
nsContainerFrame::PaintChildren(nsIPresContext * 0x04eb7410, nsIRenderingContext 
& {...}, const nsRect & {...}, nsFramePaintLayer eFramePaintLayer_Overlay) line 
155
nsTreeRowGroupFrame::PaintChildren(nsIPresContext * 0x04eb7410, 
nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 913
nsTableRowGroupFrame::Paint(nsTableRowGroupFrame * const 0x054d7070, 
nsIPresContext * 0x04eb7410, nsIRenderingContext & {...}, const nsRect & {...}, 
nsFramePaintLayer eFramePaintLayer_Overlay) line 200
nsTreeRowGroupFrame::Paint(nsTreeRowGroupFrame * const 0x054d7070, 
nsIPresContext * 0x04eb7410, nsIRenderingContext & {...}, const nsRect & {...}, 
nsFramePaintLayer eFramePaintLayer_Overlay) line 2193 + 25 bytes
nsContainerFrame::PaintChild(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, const nsRect & {...}, nsIFrame * 0x054d7070, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 211
nsContainerFrame::PaintChildren(nsIPresContext * 0x04eb7410, nsIRenderingContext 
& {...}, const nsRect & {...}, nsFramePaintLayer eFramePaintLayer_Overlay) line 
155
nsTreeRowGroupFrame::PaintChildren(nsIPresContext * 0x04eb7410, 
nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 913
nsTableRowGroupFrame::Paint(nsTableRowGroupFrame * const 0x03c523bc, 
nsIPresContext * 0x04eb7410, nsIRenderingContext & {...}, const nsRect & {...}, 
nsFramePaintLayer eFramePaintLayer_Overlay) line 200
nsTreeRowGroupFrame::Paint(nsTreeRowGroupFrame * const 0x03c523bc, 
nsIPresContext * 0x04eb7410, nsIRenderingContext & {...}, const nsRect & {...}, 
nsFramePaintLayer eFramePaintLayer_Overlay) line 2193 + 25 bytes
nsContainerFrame::PaintChild(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, const nsRect & {...}, nsIFrame * 0x03c523bc, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 211
nsContainerFrame::PaintChildren(nsIPresContext * 0x04eb7410, nsIRenderingContext 
& {...}, const nsRect & {...}, nsFramePaintLayer eFramePaintLayer_Overlay) line 
155
nsTableFrame::Paint(nsTableFrame * const 0x03c52330, nsIPresContext * 
0x04eb7410, nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 1290
nsContainerFrame::PaintChild(nsIPresContext * 0x04eb7410, nsIRenderingContext & 
{...}, const nsRect & {...}, nsIFrame * 0x03c52330, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 211
nsTableOuterFrame::Paint(nsTableOuterFrame * const 0x03c522d0, nsIPresContext * 
0x04eb7410, nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer 
eFramePaintLayer_Overlay) line 352
PresShell::Paint(PresShell * const 0x04e8e0d4, nsIView * 0x05299400, 
nsIRenderingContext & {...}, const nsRect & {...}) line 3174 + 34 bytes
nsView::Paint(nsView * const 0x05299400, nsIRenderingContext & {...}, const 
nsRect & {...}, unsigned int 128, int & 0) line 272
nsViewManager2::RenderDisplayListElement(DisplayListElement2 * 0x052de7a0, 
nsIRenderingContext & {...}) line 818
nsViewManager2::RenderViews(nsIView * 0x04e84ea0, nsIRenderingContext & {...}, 
const nsRect & {...}, int & 0) line 765
nsViewManager2::Refresh(nsIView * 0x04e84ea0, nsIRenderingContext * 0x061354a0, 
const nsRect * 0x0012f85c, unsigned int 1) line 645
nsViewManager2::DispatchEvent(nsViewManager2 * const 0x04e85450, nsGUIEvent * 
0x0012f99c, nsEventStatus * 0x0012f8a0) line 1286
HandleEvent(nsGUIEvent * 0x0012f99c) line 69
nsWindow::DispatchEvent(nsWindow * const 0x04e87184, nsGUIEvent * 0x0012f99c, 
nsEventStatus & nsEventStatus_eIgnore) line 527 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f99c, nsEventStatus & 
nsEventStatus_eIgnore) line 553
nsWindow::OnPaint() line 3196 + 28 bytes
nsWindow::ProcessMessage(unsigned int 15, unsigned int 0, long 0, long * 
0x0012fd34) line 2354 + 17 bytes
nsWindow::WindowProc(HWND__ * 0x0037124e, unsigned int 15, unsigned int 0, long 
0) line 780 + 27 bytes
USER32! 77e7131f()
USER32! 77e71a3d()
NTDLL! 77f7637b()

    
    

    
  
This check-for-null does the trick for me, I also set textLength to 0 if we get 
back null for text.

The crash is very reproducible:
  1) Reply to a message. 
  2) Click on the address that it is being sent to.

Severity: normal → major
Keywords: crash
Whiteboard: fix attached

    
    

    
  
dup of 37171, already fixed.

*** This bug has been marked as a duplicate of 37171 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE

    
    

    
  
Marking verified dup of 37171.

Status: RESOLVED → VERIFIED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: