Closed Bug 42316 Opened 25 years ago Closed 25 years ago

LINUX: crashed in nsTextFrame::ComputeTotalWordWidth()

Categories

(Core :: Layout, defect, P3)

Product:
Core
Component:
Layout
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 43366

People

(Reporter: masaki.katakai, Assigned: erik)

Details

(Keywords: crash, Whiteboard: [nsbeta2-][NEED INFO])

Attachments

(1 file)

stack trace
11.01 KB, text/plain
Details
This week's nightly, LINUX 2000061214 build crashed by the following operatioins atnsTextFrame::ComputeTotalWordWidth(). I could not reproduce this problem on LINUX 2000060908. 1) start Mozilla in japanese locale 2) Search-Find in This Page... 3) Click on the textfield 4) Shift+SPACE to turn conversion on 5) hit a, i, u keys then hit return key japanese strings of aiu is committed (inserted) 6) hit a, i, u keys then hit return key again now text field has japanese strings of 'aiuaiu' 7) hit BackSpace key I'll attach the detail of stack trace. #0 0xfcf339b8 in nsTextFrame::ComputeTotalWordWidth (this=0x9dd1c8, aPresContext=0x8b6a58, aLineBreaker=0x9da5e0, aLineLayout=@0xffbeb540, aReflowState=@0xffbeb2a0, aNextFrame=0x9dd168, aBaseWidth=1200, aWordBuf=0xffbeaedc, aWordLen=5, aWordBufSize=256) at nsTextFrame.cpp:4385 4385 if ((NS_OK == aNextFrame->GetContent(&content)) && (nsnull != content)) {
It seems that aNextFrame->GetContent() couldn't be accessed, (gdb) print aNextFrame $1 = (nsIFrame *) 0x9dd168 (gdb) print *aNextFrame $2 = {<nsISupports> = {_vptr. = 0x0}, <No data fields>} (gdb)
Attached file stack trace
This seems to be in the Text Layout area. Re-assigning to myself. Need to investigate and confirm.
Assignee: clayton → erik
Adding crash keyword
Keywords: crash
can we reproduce this on window and Mac? Look around and I think it is highly possible the bug is in MeasureText which call it or lineLayout.FindNextText cc shanjian since he once work the MeasureText code. However, please remember Win32 is now different from Linux since we have to implement the new GetWidth on Linux.
Status: UNCONFIRMED → NEW
Ever confirmed: true
by looking at the source, I suspect some code trash the "next" on the stack. 3899 nsIFrame* next = lineLayout.FindNextText(this);
name nsbeta2 since it crash. I didn't name it dogfood since it require certain procedure to reproduce it.
Keywords: nsbeta2
Making [nsbeta2-] and Putting on [NEED INFO] radar. PDT needs to know impact to user and risk of fix to make a call on this bug. We need to know how frequent this crash is.
Whiteboard: [nsbeta2-][NEED INFO]
It is funny, that PDT mark the 43366 dogfood+ and mark this one nsbeta2-. They are dup
Status: NEW → ASSIGNED
Target Milestone: --- → M17
Crashes in the last four days reported by Talkback System. nsTextFrame::ComputeTotalWordWidth() nsTextFrame::ComputeTotalWordWidth f4e2e932 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/layout/html/base/src/nsTextF rame.cpp line 4392 Build: 2000062109 CrashDate: 2000-06-21 UptimeMinutes: 22 Total: 22 OS: Windows NT 4.0 build 1381 URL: Comment: 6/21/2000 Win32 build. Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=12844909 nsTextFrame::ComputeTotalWordWidth() 7502de14 line Build: 2000062116 CrashDate: 2000-06-21 UptimeMinutes: 2 Total: 2 OS: Linux 2.2.14-5.0 URL: Comment: 6/21/2000 Win32 build. Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=12845632 nsTextFrame::ComputeTotalWordWidth() 052f5978 line Build: 2000062108 CrashDate: 2000-06-21 UptimeMinutes: 1 Total: 190 OS: Linux 2.2.12-20smp URL: Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=12838724 nsTextFrame::ComputeTotalWordWidth() nsTextFrame::ComputeTotalWordWidth f4e2e932 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/layout/html/base/src/nsTextF rame.cpp line 4392 Build: 2000062109 CrashDate: 2000-06-21 UptimeMinutes: 22 Total: 22 OS: Windows NT 4.0 build 1381 URL: Comment: 6/21/2000 Win32 build. Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=12844909 nsTextFrame::ComputeTotalWordWidth() 7502de14 line Build: 2000062116 CrashDate: 2000-06-21 UptimeMinutes: 2 Total: 2 OS: Linux 2.2.14-5.0 URL: Comment: 6/21/2000 Win32 build. Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=12845632 nsTextFrame::ComputeTotalWordWidth() 052f5978 line Build: 2000062108 CrashDate: 2000-06-21 UptimeMinutes: 1 Total: 190 OS: Linux 2.2.12-20smp URL: Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=12838724 nsTextFrame::ComputeTotalWordWidth nsTextFrame::ComputeTotalWordWidth f4e2e932 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/layout/html/base/src/nsTextF rame.cpp line 4392 Build: 2000062109 CrashDate: 2000-06-21 UptimeMinutes: 22 Total: 22 OS: Windows NT 4.0 build 1381 URL: Comment: 6/21/2000 Win32 build. Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=12844909 nsTextFrame::ComputeTotalWordWidth() 7502de14 line Build: 2000062116 CrashDate: 2000-06-21 UptimeMinutes: 2 Total: 2 OS: Linux 2.2.14-5.0 URL: Comment: 6/21/2000 Win32 build. Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=12845632 nsTextFrame::ComputeTotalWordWidth() 052f5978 line Build: 2000062108 CrashDate: 2000-06-21 UptimeMinutes: 1 Total: 190 OS: Linux 2.2.12-20smp URL: Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=12838724
I found that nsLineLayout::FindNextText is returning a pointer to an nsTextFrame object that has already been destroyed. I think someone is destroying the nsTextFrame without updating nsLineLayout's mReflowTextRuns.
mark it as dup of 43366 *** This bug has been marked as a duplicate of 43366 ***
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
Marking verified dup of 43366.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: