Closed
Bug 495875
Opened 15 years ago
Closed 15 years ago
Crash [@ BuildTextRunsScanner::BreakSink::SetBreaks] with -moz-column, pre-wrap, font-size-adjust, multiple text runs
Categories
(Core :: Layout, defect, P2)
Core
Layout
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | beta2-fixed |
| blocking1.9.1 | --- | .6+ |
| status1.9.1 | --- | .6-fixed |
People
(Reporter: jruderman, Assigned: smontagu)
References
Details
(5 keywords, Whiteboard: [sg:critical?])
Crash Data
Attachments
(3 files)
|
241 bytes,
text/html
|
Details | |
|
248 bytes,
text/html
|
Details | |
|
2.55 KB,
patch
|
roc
:
review+
roc
:
superreview+
dveditz
:
approval1.9.1.6+
|
Details | Diff | Splinter Review |
###!!! ASSERTION: Flag set that should never be set! (memory safety error?): '!(mTextRun->GetFlags() & (gfxTextRunWordCache::TEXT_UNUSED_FLAGS | nsTextFrameUtils::TEXT_UNUSED_FLAG))', file /Users/jruderman/central/layout/generic/nsTextFrameThebes.cpp, line 766
or
Crash [@ BuildTextRunsScanner::BreakSink::SetBreaks] touching random a memory location.
|
Reporter | |
Updated•15 years ago
|
Whiteboard: [sg:critical?]
|
|
Reporter | |
Comment 1•15 years ago
|
||
Still crashes on mozilla-central.
|
Assignee | |
Comment 2•15 years ago
|
||
I can only reproduce the crash in debug builds. It turns out that it doesn't depend on bidi but rather on having multiple text runs in the same line, as this variation on the testcase shows.
|
|
Assignee | |
Updated•15 years ago
|
OS: Mac OS X → All
Hardware: x86 → All
Summary: Crash [@ BuildTextRunsScanner::BreakSink::SetBreaks] with -moz-column, pre-wrap, font-size-adjust, bidi → Debug-only crash [@ BuildTextRunsScanner::BreakSink::SetBreaks] with -moz-column, pre-wrap, font-size-adjust, multiple text runs
|
|
Assignee | |
Comment 3•15 years ago
|
||
Interestingly, this is debug-only on Linux, but not on OS X.
It's a regression from bug 465928, and I think I have a patch.
Assignee: nobody → smontagu
Blocks: 465928
blocking1.9.1: --- → ?
Flags: blocking1.9.2?
Summary: Debug-only crash [@ BuildTextRunsScanner::BreakSink::SetBreaks] with -moz-column, pre-wrap, font-size-adjust, multiple text runs → Crash [@ BuildTextRunsScanner::BreakSink::SetBreaks] with -moz-column, pre-wrap, font-size-adjust, multiple text runs
|
|
Assignee | |
Comment 4•15 years ago
|
||
This passed unit tests on tryserver.
Attachment #405854 -
Flags: superreview?(roc)
Attachment #405854 -
Flags: review?(roc)
Attachment #405854 -
Flags: superreview?(roc)
Attachment #405854 -
Flags: superreview+
Attachment #405854 -
Flags: review?(roc)
Attachment #405854 -
Flags: review+
Comment on attachment 405854 [details] [diff] [review]
Patch
Thanks
Whiteboard: [sg:critical?] → [sg:critical?][needs landing]
|
|
Assignee | |
Comment 6•15 years ago
|
||
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: [sg:critical?][needs landing] → [sg:critical?]
|
||
Comment 7•15 years ago
|
||
Does this bug affect 1.9.0?
|
|
Assignee | |
Comment 8•15 years ago
|
||
(In reply to comment #7)
> Does this bug affect 1.9.0?
No, the code that caused the regression was never checked in to 1.9.0, and neither test case crashes there.
Flags: wanted1.9.0.x?
Flags: blocking1.9.0.16?
|
||
Updated•15 years ago
|
Flags: wanted1.9.0.x-
Keywords: regression
Flags: blocking1.9.2? → blocking1.9.2+
Priority: -- → P2
|
|
Assignee | |
Comment 9•15 years ago
|
||
status1.9.2:
--- → final-fixed
|
|
||
Comment 10•15 years ago
|
||
Simon, is this patch ready for 1.9.1? If so (and assuming it applies), please request approval on it. Code freeze for 1.9.1.6 is November 10 at 11:59pm.
|
|
Assignee | |
Comment 11•15 years ago
|
||
Comment on attachment 405854 [details] [diff] [review]
Patch
Requesting approval for 1.9.1.6.
This fixes a regression from bug 465928, which is one of the dependencies of performance bug 430332. I don't see any regression in performance in the test case there with this patch.
Attachment #405854 -
Flags: approval1.9.1.6?
|
|
||
Comment 12•15 years ago
|
||
Comment on attachment 405854 [details] [diff] [review]
Patch
Approved for 1.9.1.6, a=dveditz for release-drivers
Attachment #405854 -
Flags: approval1.9.1.6? → approval1.9.1.6+
|
|
Assignee | |
Comment 13•15 years ago
|
||
|
||
Comment 14•15 years ago
|
||
Verified on OS X with attached testcase. Crashes in 1.9.1.5 but not in the nightly 1.9.1.6 build, Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.6pre) Gecko/20091110 Shiretoko/3.5.6pre.
Keywords: verified1.9.1
|
|
||
Updated•15 years ago
|
Group: core-security
|
|
Reporter | |
Updated•15 years ago
|
Flags: in-testsuite+
|
||
Updated•13 years ago
|
Crash Signature: [@ BuildTextRunsScanner::BreakSink::SetBreaks]
You need to log in
before you can comment on or make changes to this bug.
Description
•