Test from bug 401621 crashes in debug builds [@ nsContinuingTextFrame::GetFirstContinuation]

RESOLVED FIXED

Status

()

Core
Layout
--
minor
RESOLVED FIXED
11 years ago
7 years ago

People

(Reporter: smontagu, Assigned: smontagu)

Tracking

({crash, testcase})

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

11 years ago
Created attachment 300255 [details] [diff] [review]
Patch

Attachment 286605 [details] crashes in debug builds since 2008-01-04. The debug block added to nsTextFrame::SetLength in bug 406380 is the only caller of nsContinuingTextFrame::GetFirstContinuation right now, but unless I'm missing something it's going to crash whenever it's called on a first continuation.

Program received signal:  "EXC_BAD_ACCESS".
(gdb) bt
#0  0x18e5843c in nsContinuingTextFrame::GetFirstContinuation (this=0x242daa4) at /Users/simon/mozwork/debugtree/mozilla/layout/generic/nsTextFrameThebes.cpp:3252
#1  0x18e5d313 in nsTextFrame::SetLength (this=0x242daa4, aLength=6) at /Users/simon/mozwork/debugtree/mozilla/layout/generic/nsTextFrameThebes.cpp:5198
#2  0x18e62adf in nsTextFrame::Reflow (this=0x242daa4, aPresContext=0x403cae50, aMetrics=@0xbfffc258, aReflowState=@0xbfffc1ac, aStatus=@0xbfffc6d4) at /Users/simon/mozwork/debugtree/mozilla/layout/generic/nsTextFrameThebes.cpp:5283
Attachment #300255 - Flags: superreview?(roc)
Attachment #300255 - Flags: review?(roc)
How can an nsContinuingTextFrame be the first continuation?
(Assignee)

Comment 2

11 years ago
Good point. It's true that the frame tree in the testcase is known to be messed up, so this is probably just INVALID (but it does make debugging bug 410621 rather hard).

Updated

11 years ago
Summary: Test from bug 401621 crashes in debug builds → Test from bug 401621 crashes in debug builds [@ nsContinuingTextFrame::GetFirstContinuation]

Comment 3

10 years ago
I think Simon meant bug 401621, the bug attachment 286605 [details] is from.

Comment 4

10 years ago
Simon, what do you mean by "this is probably just INVALID"?  The testcase does crash trunk builds.  Do you just mean the patch in comment 0 isn't the right patch?
Keywords: crash, testcase
(Assignee)

Comment 5

10 years ago
I meant that the crash is only going to happen when the frame tree is already screwed up, so the patch is unnecessary. I would be cool with adding an assertion, though.

Comment 6

10 years ago
Is "the frame tree is screwed up" bug 401621?  Or will you attach another patch to this bug to fix that issue?
(Assignee)

Comment 7

10 years ago
(In reply to comment #6)
> Is "the frame tree is screwed up" bug 401621? 

Yes.
(Assignee)

Comment 8

10 years ago
Created attachment 315943 [details] [diff] [review]
Assert that the nsContinuingTextFrame has a continuee
Assignee: nobody → smontagu
Attachment #300255 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #315943 - Flags: superreview?(roc)
Attachment #315943 - Flags: review?(roc)
Attachment #300255 - Flags: superreview?(roc)
Attachment #300255 - Flags: review?(roc)
(Assignee)

Updated

10 years ago
Severity: normal → minor
OS: Mac OS X → All
Hardware: PC → All
Attachment #315943 - Flags: superreview?(roc)
Attachment #315943 - Flags: superreview+
Attachment #315943 - Flags: review?(roc)
Attachment #315943 - Flags: review+
(Assignee)

Comment 9

10 years ago
Checked in the assertion.
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Crash Signature: [@ nsContinuingTextFrame::GetFirstContinuation]
You need to log in before you can comment on or make changes to this bug.