Closed
Bug 410283
Opened 18 years ago
Closed 18 years ago
crash @pango_shape
Categories
(Core :: Graphics, defect, P2)
Tracking
()
RESOLVED
DUPLICATE
of bug 405268
People
(Reporter: sylvain.pasche, Unassigned)
References
(
URL
)
Details
(Keywords: crash, regression, testcase)
This happens when storing a null character in an input value attribute.
regression range: http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=PhoenixTinderbox&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2007-10-05+22%3A26&maxdate=2007-10-06+00%3A29&cvsroot=%2Fcvsroot
#0 pango_shape (text=0x7fff759e7473 "", length=1, analysis=0xe3d290, glyphs=0xa8c260) at /home/build/src/pango1.0-1.18.3/pango/shape.c:135
#1 0x00002aaaac367f3a in gfxPangoFontGroup::CreateGlyphRunsItemizing (this=0xf59330, aTextRun=0xf57e40, aUTF8=0x7fff759e7470 "â\200", aUTF8Length=4, aUTF8HeaderLen=3) at /home/sypasche/moz/trunk/mozilla/gfx/thebes/src/gfxPangoFonts.cpp:1193
#2 0x00002aaaac3682c5 in gfxPangoFontGroup::InitTextRun (this=0xf59330, aTextRun=0xf57e40, aUTF8Text=0x7fff759e7470 "â\200", aUTF8Length=4, aUTF8HeaderLength=3, aTake8BitPath=1) at /home/sypasche/moz/trunk/mozilla/gfx/thebes/src/gfxPangoFonts.cpp:705
#3 0x00002aaaac368699 in gfxPangoFontGroup::MakeTextRun (this=0xf59330, aString=0x7fff759e7ac0 "", aLength=1, aParams=0x7fff759e7540, aFlags=17826433) at /home/sypasche/moz/trunk/mozilla/gfx/thebes/src/gfxPangoFonts.cpp:634
#4 0x00002aaaac3611ef in TextRunWordCache::MakeTextRun (this=0xa7aff0, aText=0x7fff759e91c0 "", aLength=1, aFontGroup=0xf59330, aParams=0x7fff759e7c90, aFlags=17826432) at /home/sypasche/moz/trunk/mozilla/gfx/thebes/src/gfxTextRunWordCache.cpp:539
#5 0x00002aaaac361323 in gfxTextRunWordCache::MakeTextRun (aText=0x7fff759e91c0 "", aLength=1, aFontGroup=0xf59330, aParams=0x7fff759e7c90, aFlags=17826432) at /home/sypasche/moz/trunk/mozilla/gfx/thebes/src/gfxTextRunWordCache.cpp:698
#6 0x00002aaaade94235 in MakeTextRun (aText=0x7fff759e91c0 "", aLength=1, aFontGroup=0xf59330, aParams=0x7fff759e7c90, aFlags=17826432) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsTextFrameThebes.cpp:411
#7 0x00002aaaade95199 in BuildTextRunsScanner::BuildTextRunForFrames (this=0x7fff759ea360, aTextBuffer=0x7fff759e91c1) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsTextFrameThebes.cpp:1615
#8 0x00002aaaade954de in BuildTextRunsScanner::FlushFrames (this=0x7fff759ea360, aFlushLineBreaks=1, aSuppressTrailingBreak=0) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsTextFrameThebes.cpp:1053
#9 0x00002aaaade96772 in BuildTextRuns (aContext=0xd48dd0, aForFrame=0xd3f3d0, aLineContainer=0xd3ef28, aForFrameLine=0x7fff759eb1e0) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsTextFrameThebes.cpp:992
#10 0x00002aaaade968db in nsTextFrame::EnsureTextRun (this=0xd3f3d0, aReferenceContext=0xd48dd0, aLineContainer=0xd3ef28, aLine=0x7fff759eb1e0, aFlowEndInTextRun=0x7fff759eac00) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsTextFrameThebes.cpp:1785
#11 0x00002aaaade97abc in nsTextFrame::Reflow (this=0xd3f3d0, aPresContext=0xc32bb0, aMetrics=@0x7fff759eadd0, aReflowState=@0x7fff759eacd0, aStatus=@0x7fff759eafd0) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsTextFrameThebes.cpp:5285
#12 0x00002aaaade577b9 in nsLineLayout::ReflowFrame (this=0x7fff759eb180, aFrame=0xd3f3d0, aReflowStatus=@0x7fff759eafd0, aMetrics=0x0, aPushedFrame=@0x7fff759eafcc) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsLineLayout.cpp:856
#13 0x00002aaaaddf22c9 in nsBlockFrame::ReflowInlineFrame (this=0xd3ef28, aState=@0x7fff759eb710, aLineLayout=@0x7fff759eb180, aLine={mCurrent = 0xd3f138, mListLink = 0xd3ef90}, aFrame=0xd3f3d0, aLineReflowStatus=0x7fff759eb0ec) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsBlockFrame.cpp:3577
#14 0x00002aaaaddf3108 in nsBlockFrame::DoReflowInlineFrames (this=0xd3ef28, aState=@0x7fff759eb710, aLineLayout=@0x7fff759eb180, aLine={mCurrent = 0xd3f138, mListLink = 0xd3ef90}, aKeepReflowGoing=0x7fff759eb600, aLineReflowStatus=0x7fff759eb2ac, aAllowPullUp=1) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsBlockFrame.cpp:3400
#15 0x00002aaaaddf399a in nsBlockFrame::ReflowInlineFrames (this=0xd3ef28, aState=@0x7fff759eb710, aLine={mCurrent = 0xd3f138, mListLink = 0xd3ef90}, aKeepReflowGoing=0x7fff759eb600) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsBlockFrame.cpp:3249
#16 0x00002aaaaddf5438 in nsBlockFrame::ReflowLine (this=0xd3ef28, aState=@0x7fff759eb710, aLine={mCurrent = 0xd3f138, mListLink = 0xd3ef90}, aKeepReflowGoing=0x7fff759eb600) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsBlockFrame.cpp:2314
#17 0x00002aaaaddf697c in nsBlockFrame::ReflowDirtyLines (this=0xd3ef28, aState=@0x7fff759eb710) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsBlockFrame.cpp:1876
#18 0x00002aaaaddf8766 in nsBlockFrame::Reflow (this=0xd3ef28, aPresContext=0xc32bb0, aMetrics=@0x7fff759ebef0, aReflowState=@0x7fff759ebd40, aStatus=@0x7fff759ebe74) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsBlockFrame.cpp:936
#19 0x00002aaaade094ed in nsContainerFrame::ReflowChild (this=0xd3ed00, aKidFrame=0xd3ef28, aPresContext=0xc32bb0, aDesiredSize=@0x7fff759ebef0, aReflowState=@0x7fff759ebd40, aX=0, aY=0, aFlags=3, aStatus=@0x7fff759ebe74, aTracker=0x0) at /home/sypasche/moz/trunk/mozilla/layout/generic/nsContainerFrame.cpp:731
(More stack frames follow...)
(gdb)
|
||
Updated•18 years ago
|
Flags: blocking1.9?
Priority: -- → P2
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•16 years ago
|
Flags: blocking1.9?
You need to log in
before you can comment on or make changes to this bug.
Description
•