Closed Bug 491067 Opened 16 years ago Closed 16 years ago

Crash in nsTextControlFrame::ComputeAutoSize when using overflow:visible user style

Categories

(Core :: Layout: Form Controls, defect)

Product:
Core
Component:
Layout: Form Controls
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: jason.barnabe, Unassigned)

References

Details

(Keywords: crash, dev-doc-complete)

Accessing this site: http://blogs.reuters.com/great-debate/2009/04/28/a-vaccine-needed-for-bad-statistics/ with the following user style installed in Stylish 1.0 crashes Firefox: @namespace url(http://www.w3.org/1999/xhtml); @-moz-document domain("reuters.com") { /* article -------------------------------------------------------*/ .content * { overflow:visible !important; } } Firefox 3.0.8 report: http://crash-stats.mozilla.com/report/index/14b84f2d-d9eb-40d7-a8cd-7e6812090501?p=1 Firefox 3.5beta4 report: http://crash-stats.mozilla.com/report/index/5e97b71b-9539-4501-bcec-0c3a82090501?p=1 Both reference nsTextControlFrame::ComputeAutoSize.
To fix this we probably need to put the overflow declarations at both of these places: http://hg.mozilla.org/mozilla-central/annotate/cd77eb6f23bf/layout/style/forms.css#l141 http://hg.mozilla.org/mozilla-central/annotate/cd77eb6f23bf/layout/forms/nsTextControlFrame.cpp#l1659 at the UA-important level of the cascade. Doing the latter is probably somewhat tricky without replacing both with a solution like the center-or-inherit trick in bug 475986.
Component: Layout → Layout: Form Controls
QA Contact: layout → layout.form-controls
Hold on. Why did that rule even affect that node? Is that sheet being installed as a UA sheet or something (instead of a user sheet)? User sheets shouldn't be able to style the native anon node in question, last I checked, precisely because of issues like this bug. If stylish is installing a UA sheet here, I claim pilot error on the part of the stylesheet author and think this bug is invalid: if you're installing a UA sheet you need to be _very_ careful about the rules you put in it because we allow unsafe rules in those sheets. Note that putting the rules mentioned in comment 1 on the ua-important level wouldn't help if this is a ua sheet, right?
Stylish registers as UA sheets because of stuff like bug 424184. It would be useful to know what the intended differences between the two modes is supposed to be (e.g. "you can do anything in UA, but you risk causing crashes that we're not going to fix"). https://developer.mozilla.org/en/Using_the_Stylesheet_Service says nothing on the subject, and the comments on nsIStyleSheetService only talk about where each comes in in the cascade.
> Stylish registers as UA sheets because of stuff like bug 424184. As far as Gecko is concerned there's no difference between those scrollbars and the div inside text controls, for what it's worth. Messing with either can cause serious issues. I'd be happy to update the documentation if desired. David, are you ok with marking this invalid and doing that?
Sure. I'm glad we're blocking that anonymous div from being styled. We might also want to add a comment in forms.css pointing out that pages can't do the equivalent.
OK. I've updated the documentation to make it clear how user and ua sheets differ in terms of capabilities.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.