Closed Bug 406485 Opened 16 years ago Closed 16 years ago
Crash [@ ns
IFrame::Get Next Sibling] with -moz-column, overflowing heights
Loading the testcase crashes Firefox. I think this is a regression from within the last few days. Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0xddddddfd Thread 0 Crashed: 0 nsIFrame::GetNextSibling (nsIFrame.h:800) 1 nsOverflowContinuationTracker::StepForward (nsContainerFrame.cpp:1345) 2 nsOverflowContinuationTracker::Skip (nsContainerFrame.h:518) 3 nsBlockFrame::ReflowDirtyLines (nsBlockFrame.cpp:1943) 4 nsBlockFrame::Reflow (nsBlockFrame.cpp:942) ...
My MOZ_CO_DATE="Sat Dec 1 00:53:00 CST 2007" build (not clean, though) doesn't seem to crash...
I get the same crash loading mozilla/layout/reftests/pagination/dynamic-abspos-overflow-01-cols.xhtml. I wonder why the Tinderboxen that run reftests aren't aflame. Boris suspects this is a regression bug 404213, which fantasai fixed last night.
(Boris's regression range is 2007-12-01-02 to 2007-12-02-02.)
That was dumb. Sorry about that. I'll attach a patch for the reftest; it was commented out.
Figured out why the reftest was failing before. This fixes and uncomments it.
Checked in by bzbarsky, nsContainerFrame.cpp 1.296
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
verified fixed using : Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9b2pre) Gecko/2007120504 Minefield/3.0b2pre. I verified using Jesse's testcase, no crash.
Status: RESOLVED → VERIFIED
Flags: in-testsuite? → in-testsuite+
No crash on branch.
Crash Signature: [@ nsIFrame::GetNextSibling]
You need to log in before you can comment on or make changes to this bug.