Closed Bug 466845 Opened 16 years ago Closed 16 years ago

Crash [@ nsViewManager::CreateView] with ::first-line position: absolute and -moz-transform

Categories

(Core :: Layout, defect, P1)

defect

Tracking

()

VERIFIED FIXED
mozilla1.9.1b3

People

(Reporter: martijn.martijn, Assigned: dbaron)

References

Details

(Keywords: crash, testcase, verified1.9.1)

Crash Data

Attachments

(3 files)

Attached file testcase
See testcase, which usually crashes after a few reloads in current trunk build. http://crash-stats.mozilla.com/report/index/6543a859-bb51-4997-9f8e-8f5412081126?p=1 0 kernel32.dll RaiseException 1 mozcrt19.dll _CxxThrowException throw.cpp:159 2 mozcrt19.dll operator new obj-firefox/memory/jemalloc/src/new.cpp:57 3 xul.dll nsViewManager::CreateView view/src/nsViewManager.cpp:289 4 xul.dll nsHTMLContainerFrame::CreateViewForFrame layout/generic/nsHTMLContainerFrame.cpp:698 5 xul.dll nsCSSFrameConstructor::CreateContinuingFrame layout/base/nsCSSFrameConstructor.cpp:10480 6 xul.dll nsHTMLContainerFrame::CreateNextInFlow layout/generic/nsHTMLContainerFrame.cpp:495 7 xul.dll nsBlockFrame::CreateContinuationFor layout/generic/nsBlockFrame.cpp:3753 8 xul.dll xul.dll@0x2f7acb 9 xul.dll nsBlockFrame::DoReflowInlineFrames layout/generic/nsBlockFrame.cpp:3409 10 xul.dll nsBlockFrame::ReflowInlineFrames layout/generic/nsBlockFrame.cpp:3258 11 xul.dll nsBlockFrame::ReflowLine layout/generic/nsBlockFrame.cpp:2324 12 xul.dll nsBlockFrame::ReflowDirtyLines layout/generic/nsBlockFrame.cpp:1904 13 xul.dll nsBlockFrame::Reflow layout/generic/nsBlockFrame.cpp:954 14 xul.dll nsAbsoluteContainingBlock::ReflowAbsoluteFrame layout/generic/nsAbsoluteContainingBlock.cpp:436 15 xul.dll xul.dll@0x2f74a5 16 xul.dll xul.dll@0x2fb545 17 xul.dll nsAbsoluteContainingBlock::ReflowAbsoluteFrame layout/generic/nsAbsoluteContainingBlock.cpp:436 18 xul.dll xul.dll@0x2f74a5 19 xul.dll xul.dll@0x2f90f2 20 xul.dll nsContainerFrame::ReflowChild layout/generic/nsContainerFrame.cpp:793 21 xul.dll nsHTMLScrollFrame::ReflowScrolledFrame layout/generic/nsGfxScrollFrame.cpp:528 22 xul.dll nsHTMLScrollFrame::ReflowContents layout/generic/nsGfxScrollFrame.cpp:622 23 xul.dll nsHTMLScrollFrame::Reflow layout/generic/nsGfxScrollFrame.cpp:823 24 xul.dll nsContainerFrame::ReflowChild layout/generic/nsContainerFrame.cpp:793 25 xul.dll ViewportFrame::Reflow layout/generic/nsViewportFrame.cpp:283 26 xul.dll PresShell::DoReflow layout/base/nsPresShell.cpp:6331 27 xul.dll PresShell::ProcessReflowCommands layout/base/nsPresShell.cpp:6437 28 xul.dll PresShell::DoFlushPendingNotifications layout/base/nsPresShell.cpp:4573 29 xul.dll PresShell::ReflowEvent::Run layout/base/nsPresShell.cpp:6194 30 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:510 31 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:170 32 nspr4.dll PR_GetEnv 33 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:87 34 firefox.exe firefox.exe@0x2197 35 kernel32.dll BaseProcessStart
Flags: blocking1.9.1?
Testcase crashes on Linux, too. (on first load, after a few seconds) Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b2pre) Gecko/20081125 Minefield/3.1b2pre
OS: Windows XP → All
Hardware: PC → All
Flags: blocking1.9.1? → blocking1.9.1+
Priority: -- → P3
In nsCSSFrameConstructor, we probably should probably not be making *pseudo*-elements with -moz-transform be absolute containing blocks (which requires changing both when we call PushAbsoluteContainingBlock and the logic in GetAbsoluteContainingBlock). Perhaps we shouldn't be letting them have transforms at all. (We need to audit all the HasTransform calls in nsCSSFrameConstructor.cpp, including those added in bug 467460.) I think there's also a followup bug somewhere about making -moz-transform not apply to things that aren't block/inline (which we only need to do because of the absolute containing behavior). Or something like that...
I'm pushing this up to P1 because the correct fix for it may require substantive changes to what elements we support -moz-transform on, or how we do it.
Priority: P2 → P1
I'm A-OK with not letting pseudo-elements be transformed.
Assignee: nobody → dbaron
Attached patch patchSplinter Review
This blocks the transform properties from first-letter and first-line pseudos. The crashtest isn't great, since it only crashes some of the time, but it's better than nothing.
Attachment #352642 - Flags: superreview?(bzbarsky)
Attachment #352642 - Flags: review?(bzbarsky)
Attachment #352642 - Flags: superreview?(bzbarsky)
Attachment #352642 - Flags: superreview+
Attachment #352642 - Flags: review?(bzbarsky)
Attachment #352642 - Flags: review+
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Whiteboard: [needs 1.9.1 landing]
Target Milestone: --- → mozilla1.9.2a1
Verified fixed, using: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20081214 Minefield/3.2a1pre
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1
Whiteboard: [needs 1.9.1 landing]
Target Milestone: mozilla1.9.2a1 → mozilla1.9.1b3
Flags: in-testsuite+
verified on Shiretoko: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4pre) Gecko/20090422 Shiretoko/3.5b4pre ID:20090422042031
Crash Signature: [@ nsViewManager::CreateView]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: