Closed Bug 400832 Opened 17 years ago Closed 17 years ago

Crash [@ nsRuleNode::GetStyleBackground] with textzoom binding and other bindings

Categories

(Core :: XBL, defect)

Product:
Core
Component:
XBL
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: martijn.martijn, Unassigned)

References

Details

(Keywords: crash, regression, testcase)

Crash Data

Attachments

(1 file)

zipped testcase
976 bytes, application/zip
Details
Attached file zipped testcase
See zipped testcase, extract it, then open "crash1_.htm". This crashes in current trunk build within 500ms. This regressed between 2007-09-14 and 2007-09-15: http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2007-09-14+04&maxdate=2007-09-15+09&cvsroot=%2Fcvsroot I guess a regression from bug 394014, somehow? The testcase might be made a bit simpler, but I'm not sure how, atm. http://crash-stats.mozilla.com/report/index/a443c7ae-816a-11dc-ba10-001a4bd43e5c 0 nsRuleNode::GetStyleBackground(nsStyleContext*, int) mozilla/layout/style/nsStyleStructList.h:79 1 nsStyleContext::GetStyleBackground() mozilla/layout/style/nsStyleStructList.h:79 2 nsCSSFrameConstructor::ConstructFrameInternal(nsFrameConstructorState&, nsIContent*, nsIFrame*, nsIAtom*, int, nsStyleContext*, nsFrameItems&, int) mozilla/layout/base/nsCSSFrameConstructor.cpp:7714 3 nsCSSFrameConstructor::ConstructFrame(nsFrameConstructorState&, nsIContent*, nsIFrame*, nsFrameItems&) mozilla/layout/base/nsCSSFrameConstructor.cpp:7594 4 nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState&, nsIContent*, nsIFrame*, int, nsFrameItems&, int) mozilla/layout/base/nsCSSFrameConstructor.cpp:11418 5 nsCSSFrameConstructor::ConstructBlock(nsFrameConstructorState&, nsStyleDisplay const*, nsIContent*, nsIFrame*, nsIFrame*, nsStyleContext*, nsIFrame**, nsFrameItems&, int) mozilla/layout/base/nsCSSFrameConstructor.cpp:12495 6 nsCSSFrameConstructor::ConstructFrameByDisplayType(nsFrameConstructorState&, nsStyleDisplay const*, nsIContent*, int, nsIAtom*, nsIFrame*, nsStyleContext*, nsFrameItems&, int) mozilla/layout/base/nsCSSFrameConstructor.cpp:6532 7 nsCSSFrameConstructor::ConstructFrameInternal(nsFrameConstructorState&, nsIContent*, nsIFrame*, nsIAtom*, int, nsStyleContext*, nsFrameItems&, int) mozilla/layout/base/nsCSSFrameConstructor.cpp:7772 8 nsCSSFrameConstructor::ConstructFrame(nsFrameConstructorState&, nsIContent*, nsIFrame*, nsFrameItems&) mozilla/layout/base/nsCSSFrameConstructor.cpp:7594 9 nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState&, nsIContent*, nsIFrame*, int, nsFrameItems&, int) mozilla/layout/base/nsCSSFrameConstructor.cpp:11418 10 nsCSSFrameConstructor::ConstructBlock(nsFrameConstructorState&, nsStyleDisplay const*, nsIContent*, nsIFrame*, nsIFrame*, nsStyleContext*, nsIFrame**, nsFrameItems&, int) mozilla/layout/base/nsCSSFrameConstructor.cpp:12495 etc..
###!!! ASSERTION: reflowing in the middle of frame construction: 'mPresContext->mLayoutPhaseCount[eLayoutPhase_FrameC] == 0', file ../../dist/include/layout/nsPresContext.h, line 924 Salient parts of the stack: #4 0xb6a3af54 in PresShell::ProcessReflowCommands (this=0x8a4d060, aInterruptible=1) at ../../../mozilla/layout/base/nsPresShell.cpp:6222 ... #8 0xb7991c54 in NS_ProcessNextEvent_P (thread=0x807f610, mayWait=1) at nsThreadUtils.cpp:227 #9 0xb464a5db in nsXULWindow::ShowModal (this=0x8ce9528) at ../../../../mozilla/xpfe/appshell/src/nsXULWindow.cpp:398 ... #17 0xb639d73e in nsScriptSecurityManager::RequestCapability (this=0x812f470, aPrincipal=0x8e8ccf0, capability=0x8cf7478 "UniversalXPConnect", canEnable=0xbfffccb6) at ../../../mozilla/caps/src/nsScriptSecurityManager.cpp:2631 ... #27 0xb6ea6206 in nsXBLBinding::ExecuteAttachedHandler (this=0x8f2cb08) at ../../../../mozilla/content/xbl/src/nsXBLBinding.cpp:956 #28 0xb6f72868 in nsElementSH::PostCreate (this=0x8d4b380, wrapper=0x8f1da70, cx=0x8a49ce8, obj=0xb0840020) at ../../../../mozilla/dom/src/base/nsDOMClassInfo.cpp:7016 ... #31 0xb7429889 in nsXPConnect::WrapNative (this=0x8114400, aJSContext=0x8a49ce8, aScope=0xb142c540, aCOMObj=0x8b29364, aIID=@0xb7228a60, _retval=0xbfffd790) at ../../../../../mozilla/js/src/xpconnect/src/nsXPConnect.cpp:1081 ... #38 0xb6eb94cf in nsXBLProtoImpl::InstallImplementation (this=0x8c1fd20, aBinding=0x8e83478, aBoundElement=0x8e4e068) at ../../../../mozilla/content/xbl/src/nsXBLProtoImpl.cpp:79 So we're running script during frame construction. The rest is all bad, of course. Let's retest once bug 345711 lands.
Depends on: 345711
I'm still crashing here, even with bug 345711 fixed.
Note to self: get new stack and triage.
For me it's worksforme on trunk now.
Yes, for me too, marking worksforme.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
We're getting a lot of similar crash reports for Epiphany: http://bugzilla.gnome.org/show_bug.cgi?id=525357 Is it OK to reopen this bug?
Not really, since your stack is quite different from the one here and hence the reason has to be different (for example, you're not in frame construction _or_ reflow). So basically, whatever you're seeing is a different bug that needs separate debugging.
Flags: blocking1.9?
Crash Signature: [@ nsRuleNode::GetStyleBackground]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: