Created attachment 300255 [details] [diff] [review] Patch Attachment 286605 [details] crashes in debug builds since 2008-01-04. The debug block added to nsTextFrame::SetLength in bug 406380 is the only caller of nsContinuingTextFrame::GetFirstContinuation right now, but unless I'm missing something it's going to crash whenever it's called on a first continuation. Program received signal: "EXC_BAD_ACCESS". (gdb) bt #0 0x18e5843c in nsContinuingTextFrame::GetFirstContinuation (this=0x242daa4) at /Users/simon/mozwork/debugtree/mozilla/layout/generic/nsTextFrameThebes.cpp:3252 #1 0x18e5d313 in nsTextFrame::SetLength (this=0x242daa4, aLength=6) at /Users/simon/mozwork/debugtree/mozilla/layout/generic/nsTextFrameThebes.cpp:5198 #2 0x18e62adf in nsTextFrame::Reflow (this=0x242daa4, aPresContext=0x403cae50, aMetrics=@0xbfffc258, aReflowState=@0xbfffc1ac, aStatus=@0xbfffc6d4) at /Users/simon/mozwork/debugtree/mozilla/layout/generic/nsTextFrameThebes.cpp:5283
How can an nsContinuingTextFrame be the first continuation?
Good point. It's true that the frame tree in the testcase is known to be messed up, so this is probably just INVALID (but it does make debugging bug 410621 rather hard).
Summary: Test from bug 401621 crashes in debug builds → Test from bug 401621 crashes in debug builds [@ nsContinuingTextFrame::GetFirstContinuation]
Simon, what do you mean by "this is probably just INVALID"? The testcase does crash trunk builds. Do you just mean the patch in comment 0 isn't the right patch?
Keywords: crash, testcase
I meant that the crash is only going to happen when the frame tree is already screwed up, so the patch is unnecessary. I would be cool with adding an assertion, though.
Is "the frame tree is screwed up" bug 401621? Or will you attach another patch to this bug to fix that issue?
Created attachment 315943 [details] [diff] [review] Assert that the nsContinuingTextFrame has a continuee
Severity: normal → minor
OS: Mac OS X → All
Hardware: PC → All
Checked in the assertion.
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Crash Signature: [@ nsContinuingTextFrame::GetFirstContinuation]
You need to log in before you can comment on or make changes to this bug.