Closed
Bug 393517
Opened 18 years ago
Closed 18 years ago
[FIX]Crash [@ nsFrameConstructorState::ProcessFrameInsertions] with float, XUL, block-in-inline
Categories
(Core :: Layout: Floats, defect, P1)
Core
Layout: Floats
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha8
People
(Reporter: jruderman, Assigned: bzbarsky)
References
Details
(4 keywords)
Crash Data
Attachments
(2 files)
|
399 bytes,
application/xhtml+xml
|
Details | |
|
8.65 KB,
patch
|
roc
:
review+
roc
:
superreview+
dbaron
:
approval1.9+
|
Details | Diff | Splinter Review |
Loading the testcase (in a Mac trunk debug build) triggers a pair of assertions followed by a crash.
###!!! ASSERTION: Should have float containing block here!: 'parent', file /Users/jruderman/trunk/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 1585
(AdjustFloatParentPtrs)
###!!! ASSERTION: Child list without containing block?: 'containingBlock', file /Users/jruderman/trunk/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 1466
(nsFrameConstructorState::ProcessFrameInsertions)
Null dereference crash:
0 nsFrameConstructorState::ProcessFrameInsertions
1 nsFrameConstructorState::~nsFrameConstructorState
2 nsCSSFrameConstructor::AppendFrames
3 nsCSSFrameConstructor::ContentAppended
...
|
Assignee | |
Comment 1•18 years ago
|
||
This is a regression from bug 390425. Thing is, the floats need to come out of the block but there's no float container for the inline. Fun times!
|
|
Assignee | |
Updated•18 years ago
|
OS: Mac OS X → All
Priority: -- → P1
Hardware: PC → All
Summary: Crash [@ nsFrameConstructorState::ProcessFrameInsertions] with float, XUL, block-in-inline → [FIX]Crash [@ nsFrameConstructorState::ProcessFrameInsertions] with float, XUL, block-in-inline
Target Milestone: --- → mozilla1.9 M8
|
|
Assignee | |
Comment 2•18 years ago
|
||
Attachment #278157 -
Flags: superreview?(roc)
Attachment #278157 -
Flags: review?(roc)
Comment on attachment 278157 [details] [diff] [review]
Proposed fix
+ // Walk up until we either get a float containing block that's not part
+ // of an {ib} split, since otherwise we might have to ship floats out of
+ // it too.
This doesn't quite parse ...
Attachment #278157 -
Flags: superreview?(roc)
Attachment #278157 -
Flags: superreview+
Attachment #278157 -
Flags: review?(roc)
Attachment #278157 -
Flags: review+
|
|
Assignee | |
Comment 4•18 years ago
|
||
Comment on attachment 278157 [details] [diff] [review]
Proposed fix
I'll do s/either// when I check in. ;)
This is a crash regression fix. Fix should be safe and not affect performance much in general.
Attachment #278157 -
Flags: approval1.9?
Comment on attachment 278157 [details] [diff] [review]
Proposed fix
a1.9=dbaron
Attachment #278157 -
Flags: approval1.9? → approval1.9+
|
|
Assignee | |
Comment 6•18 years ago
|
||
Fixed. Test checked in.
Status: NEW → RESOLVED
Closed: 18 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
|
||
Updated•14 years ago
|
Crash Signature: [@ nsFrameConstructorState::ProcessFrameInsertions]
You need to log in
before you can comment on or make changes to this bug.
Description
•