Closed
Bug 477775
Opened 15 years ago
Closed 15 years ago
Crash with iExploder test 2203 [@ nsComputedDOMStyle::GetWidth]
Categories
(Core :: Layout, defect, P2)
Core
Layout
Tracking
()
VERIFIED
FIXED
mozilla1.9.1b3
People
(Reporter: MatsPalmgren_bugz, Assigned: dbaron)
References
Details
(4 keywords, Whiteboard: [sg:critical?] using destroyed frame [depends on bug 454276] post 1.8-branch)
Crash Data
Attachments
(3 files)
Crash with iExploder test 2203 [@ nsComputedDOMStyle::GetWidth] bp-4c74fadc-f5ec-448a-8431-90d0e2090210 @0x0 nsComputedDOMStyle::GetWidth layout/style/nsComputedDOMStyle.cpp:2888 nsComputedDOMStyle::GetPropertyCSSValue layout/style/nsComputedDOMStyle.cpp:366 nsComputedDOMStyle::GetPropertyValue layout/style/nsComputedDOMStyle.cpp:300 nsComputedDOMStyle::GetPropertyValue layout/style/nsComputedDOMStyle.cpp:244 CSS2PropertiesTearoff::GetWidth layout/style/nsCSSPropList.h:543 NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/unix/xptcinvoke_unixish_x86.cpp:179 XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2424 XPC_WN_GetterSetter js/src/xpconnect/src/xpcprivate.h:2298 js_Invoke js/src/jsinterp.cpp:1316 js_InternalInvoke js/src/jsinterp.cpp:1392 JS_CallFunctionValue js/src/jsapi.cpp:5299 XPCWrapper::GetOrSetNativeProperty js/src/xpconnect/src/XPCWrapper.cpp:717 XPC_NW_GetOrSetProperty js/src/xpconnect/src/XPCNativeWrapper.cpp:597 js_NativeGet js/src/jsobj.cpp:3853 js_GetPropertyHelper js/src/jsobj.cpp:4023 js_Interpret js/src/jsinterp.cpp:4297 js_Invoke js/src/jsinterp.cpp:1334 nsXPCWrappedJSClass::CallMethod js/src/xpconnect/src/xpcwrappedjsclass.cpp:1606 nsXPCWrappedJS::CallMethod js/src/xpconnect/src/xpcwrappedjs.cpp:561 PrepareAndDispatch xpcom/reflect/xptcall/src/md/unix/xptcstubs_unixish_x86.cpp:93 PrepareAndDispatch nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1079 nsEventListenerManager::HandleEvent content/events/src/nsEventListenerManager.cpp:1176 nsEventTargetChainItem::HandleEvent content/events/src/nsEventDispatcher.cpp:227 nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:291 nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:508 DocumentViewerImpl::LoadComplete layout/base/nsDocumentViewer.cpp:997 nsDocShell::EndPageLoad docshell/base/nsDocShell.cpp:5243 nsWebShell::EndPageLoad docshell/base/nsWebShell.cpp:1015 nsDocShell::OnStateChange docshell/base/nsDocShell.cpp:5139 nsDocLoader::FireOnStateChange uriloader/base/nsDocLoader.cpp:1235 nsDocLoader::doStopDocumentLoad uriloader/base/nsDocLoader.cpp:858 nsDocLoader::DocLoaderIsEmpty uriloader/base/nsDocLoader.cpp:763 nsDocLoader::OnStopRequest uriloader/base/nsDocLoader.cpp:679 nsLoadGroup::RemoveRequest netwerk/base/src/nsLoadGroup.cpp:688 nsDocument::DoUnblockOnload content/base/src/nsDocument.cpp:7080 nsDocument::DispatchContentLoadedEvents content/base/src/nsDocument.cpp:3983 nsRunnableMethod<nsDocument>::Run nsThreadUtils.h:264 nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:510 NS_ProcessPendingEvents_P nsThreadUtils.cpp:180 nsBaseAppShell::NativeEventCallback widget/src/xpwidgets/nsBaseAppShell.cpp:121 nsAppShell::ProcessGeckoEvents widget/src/cocoa/nsAppShell.mm:381 CoreFoundation@0x735f4 CoreFoundation@0x73cd7 HIToolbox@0x302bf HIToolbox@0x300d8 HIToolbox@0x2ff4c AppKit@0x40d7c AppKit@0x4062f AppKit@0x3966a nsAppShell::Run widget/src/cocoa/nsAppShell.mm:700 nsAppStartup::Run toolkit/components/startup/src/nsAppStartup.cpp:192 XRE_main toolkit/xre/nsAppRunner.cpp:3216 main browser/app/nsBrowserApp.cpp:156
Reporter | ||
Comment 1•15 years ago
|
||
Comment 2•15 years ago
|
||
I'll try to make a reduced testcase. The crash looks a lot like the one in bug 473410.
Updated•15 years ago
|
Flags: blocking1.9.1?
Comment 3•15 years ago
|
||
Lithium was not able to remove much, despite the heterogeneity of the testcase. Weird!
Assignee | ||
Comment 4•15 years ago
|
||
Does the patch in bug 454276 fix this?
Flags: blocking1.9.1? → blocking1.9.1+
Priority: -- → P2
Assignee | ||
Comment 5•15 years ago
|
||
Both testcases work for me in a 64-bit Linux debug build and both 32-bit and 64-bit Linux nightlies.
I don't crash on Mac debug either. Jesse, what's your configuration these days?
Updated•15 years ago
|
Flags: wanted1.9.0.x+
Flags: blocking1.9.0.8+
Comment 8•15 years ago
|
||
I can reproduce the crash (64bit linux / debug), and the patch for bug 454276 does fix it.
Whiteboard: [sg:critical?] using destroyed frame → [sg:critical?] using destroyed frame [depends on bug 454276]
Assignee | ||
Comment 9•15 years ago
|
||
Any chance you could check that the new "alternative patch" (attachment 363493 [details] [diff] [review]) there also fixes it?
Reporter | ||
Comment 10•15 years ago
|
||
Yes, the new "alternative patch" fixes it.
Assignee: nobody → dbaron
Assignee | ||
Comment 11•15 years ago
|
||
Fixed by checkin of bug 454276.
Status: NEW → RESOLVED
Closed: 15 years ago
Keywords: fixed1.9.1
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.1b3
Assignee | ||
Comment 12•15 years ago
|
||
Fixed for 1.9.0.8 by checkin to CVS trunk of bug 454276, 2009-03-08 12:16 -0700.
Keywords: fixed1.9.0.8
Comment 13•15 years ago
|
||
This requires debug builds to repro the crash? I've tried it on OS X and Linux non-debug and get no crash with the testcase 2.
Assignee | ||
Comment 14•15 years ago
|
||
I could never reproduce the crash, and I was using debug builds.
Updated•15 years ago
|
Flags: wanted1.8.1.x-
Whiteboard: [sg:critical?] using destroyed frame [depends on bug 454276] → [sg:critical?] using destroyed frame [depends on bug 454276] post 1.8-branch
Comment 15•15 years ago
|
||
verified fixed 1.9.0.9 using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.9pre) Gecko/2009040221 Firefox/3.0.9pre (debug build) + : Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.9pre) Gecko/2009040214 Minefield/3.0.9pre - no crash on testcases
Keywords: fixed1.9.0.9 → verified1.9.0.9
Updated•15 years ago
|
Group: core-security
Comment 16•15 years ago
|
||
in-testsuite- because we were never able to make a reduced testcase.
Flags: in-testsuite-
Comment 17•15 years ago
|
||
verified FIXED on builds: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090421 Minefield/3.6a1pre ID:20090421032809 and Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b4pre) Gecko/20090421 Shiretoko/3.5b4pre ID:20090421030848
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1 → verified1.9.1
Updated•13 years ago
|
Crash Signature: [@ nsComputedDOMStyle::GetWidth]
You need to log in
before you can comment on or make changes to this bug.
Description
•