Closed
Bug 504311
Opened 15 years ago
Closed 15 years ago
Assignment of '-1' to 'wrapWidth' crashes the browser [@ nsTextControlFrame::CalcIntrinsicSize(nsIRenderingContext*, nsSize&) ]
Categories
(Core :: Layout: Form Controls, defect, P2)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
status1.9.2 | --- | beta1-fixed |
status1.9.1 | --- | unaffected |
People
(Reporter: antonglv, Assigned: roc)
References
Details
(Keywords: crash, regression, testcase, Whiteboard: [sg:dos][ss:b2])
Crash Data
Attachments
(3 files)
726 bytes,
application/xml
|
Details | |
2.58 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
2.14 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU; rv:1.9.1) Gecko/20090624 Firefox/3.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090703 Minefield/3.6a1pre Assignment of '-1' to 'wrapWidth' property of nsIPlainTextEditor component crashes the browser. It was documented on xulplanet.com that assignment of '-1' to wrapWidth disables word wrapping. Exactly quotation is: > PRInt32 wrapWidth > Get and set the body wrap width. > Special values: 0 = wrap to window width -1 = no wrap at all Well, it worked on FF 1.5 / 2 / 3.0 / 3.5. But on FF 3.6a1pre the assignment, once it had been made, causes that the browser has crashed. Reproducible: Always Steps to Reproduce: 1. Make an .xul file and put next code in it: <?xml version="1.0"?> <?xml-stylesheet href="chrome://global/skin" type="text/css"?> <window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"> <script type="text/javascript"> <![CDATA[ function f () { var tb = document. getElementById ("tb01"); var inputField = tb. inputField; var editor = inputField. QueryInterface (Components. interfaces. nsIDOMNSEditableElement). editor; editor = editor. QueryInterface (Components. interfaces. nsIEditor); editor = editor. QueryInterface (Components. interfaces. nsIPlaintextEditor); editor. wrapWidth = -1; } ]]> </script> <textbox id="tb01" multiline="true"/> <button onclick="f()"/> </window> 2. Open the .xul with the chrome priveleges 3. Click button Actual Results: Firefox crashes Expected Results: Nothing should happen (no changes in UI)
Comment 2•15 years ago
|
||
http://crash-stats.mozilla.com/report/index/e583e6df-c377-4d4e-95fb-544012090715?p=1 Crashing Thread Frame Module Signature [Expand] Source 0 xul.dll nsTextControlFrame::CalcIntrinsicSize layout/forms/nsTextControlFrame.cpp:1320 1 xul.dll nsTextControlFrame::GetPrefSize layout/forms/nsTextControlFrame.cpp:1770 2 xul.dll nsSprocketLayout::GetPrefSize layout/xul/base/src/nsSprocketLayout.cpp:1337 3 xul.dll nsBoxFrame::GetPrefSize layout/xul/base/src/nsBoxFrame.cpp:819 4 @0x4e1cf7f
Status: UNCONFIRMED → NEW
Component: General → XUL
Ever confirmed: true
Keywords: crash,
crashreportid
Product: Firefox → Core
QA Contact: general → xptoolkit.widgets
Summary: Assignment of '-1' to 'wrapWidth' crashes the browser → Assignment of '-1' to 'wrapWidth' crashes the browser [@ nsTextControlFrame::CalcIntrinsicSize(nsIRenderingContext*, nsSize&) ]
Version: unspecified → Trunk
Comment 3•15 years ago
|
||
Regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5742b20d043a&tochange=c6c685aa0379 Seems due to bug 495385.
14159:3d8dbcce108f (previous:14068) <roc+@cs.cmu.edu> 2008-04-09 21:39 -0700 Bug 425253. Propagate reflow-depth tracking through XUL box layout. r+sr=dbaron,a=damon 1319 nsMargin scrollbarSizes = 1320 scrollableFrame->GetDesiredScrollbarSizes(PresContext(), aRenderingContext);
Assignee: nobody → roc
Component: XUL → Layout: Form Controls
Keywords: crashreportid
QA Contact: xptoolkit.widgets → layout.form-controls
Updated•15 years ago
|
Whiteboard: [ss:b2]
Assignee | ||
Comment 5•15 years ago
|
||
The setting of wrapWidth causes a style change to the anonymous content which reframes it (because we have to reframe on white-space changes now). The ContentRemoved destroys the anonymous child frames, but they're not recreated, so we crash here. I can actually fix this quite easily by only reframing when we transition between { pre, pre-wrap } and { pre-line, normal, nowrap }.
Assignee | ||
Comment 6•15 years ago
|
||
Attachment #388855 -
Flags: review?(bzbarsky)
Updated•15 years ago
|
Attachment #388855 -
Flags: review?(bzbarsky) → review+
Comment 7•15 years ago
|
||
Comment on attachment 388855 [details] [diff] [review] fix Yeah, indeed.
Updated•15 years ago
|
Whiteboard: [ss:b2] → [sg:dos][ss:b2]
Assignee | ||
Updated•15 years ago
|
Whiteboard: [sg:dos][ss:b2] → [sg:dos][ss:b2][needs landing]
Assignee | ||
Comment 8•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/8506b25206cf
Status: NEW → RESOLVED
Closed: 15 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Whiteboard: [sg:dos][ss:b2][needs landing] → [sg:dos][ss:b2]
Comment 9•15 years ago
|
||
Had to back this out as it was throwing up a prompt to enable privileges causing hangs on tinderbox. http://hg.mozilla.org/mozilla-central/rev/6fa97a14dde1 http://hg.mozilla.org/mozilla-central/rev/48336ba0cea5
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Updated•15 years ago
|
Flags: blocking1.9.2? → blocking1.9.2+
Priority: -- → P2
Assignee | ||
Comment 10•15 years ago
|
||
Rewrote the test as a chrometest. I'll check this in.
Assignee | ||
Updated•15 years ago
|
Whiteboard: [sg:dos][ss:b2] → [sg:dos][ss:b2][needs landing]
Assignee | ||
Comment 11•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/c2ef8a0ce8ae http://hg.mozilla.org/mozilla-central/rev/b8e7ba664fc9
Status: REOPENED → RESOLVED
Closed: 15 years ago → 15 years ago
Resolution: --- → FIXED
Whiteboard: [sg:dos][ss:b2][needs landing] → [sg:dos][ss:b2]
Comment 12•15 years ago
|
||
Mass change: adding fixed1.9.2 keyword (This bug was identified as a mozilla1.9.2 blocker which was fixed before the mozilla-1.9.2 repository was branched (August 13th, 2009) as per this query: http://is.gd/2ydcb - if this bug is not actually fixed on mozilla1.9.2, please remove the keyword. Apologies for the bugspam)
Keywords: fixed1.9.2
Updated•15 years ago
|
status1.9.2:
--- → beta1-fixed
Keywords: fixed1.9.2
Updated•15 years ago
|
status1.9.1:
--- → unaffected
Updated•13 years ago
|
Crash Signature: [@ nsTextControlFrame::CalcIntrinsicSize(nsIRenderingContext*, nsSize&) ]
You need to log in
before you can comment on or make changes to this bug.
Description
•