Closed
Bug 520070
Opened 12 years ago
Closed 12 years ago
Testcase for Bug 520001 crashes [@ nsContentUtils::ComparePoints] on trunk/1.9.2
Categories
(Core :: DOM: Core & HTML, defect, P2)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | beta2-fixed |
| status1.9.1 | --- | unaffected |
People
(Reporter: smaug, Unassigned)
References
Details
Attachments
(1 file)
|
9.67 KB,
patch
|
bzbarsky
:
review+
jst
:
approval1.9.2+
|
Details | Diff | Splinter Review |
Function nsINode::GetNodeParent was inlined into function nsContentUtils::ComparePoints at line 1533. #1 0x18a02823 in nsContentUtils::ComparePoints (aParent1=0x171f6b60, aOffset1=5, aParent2=0x0, aOffset2=0, aDisconnected=0x0) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #2 0x187c4dd1 in CompareToRangeStart (aCompareNode=0x0, aCompareOffset=0, aRange=0xbfffba80) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #3 0x187c6009 in nsTypedSelection::FindInsertionPoint (this=0x171ee4e0, aElementArray=0x171ee4f8, aPointNode=0x171f6b60, aPointOffset=5, aComparator=0x187c4da0 <CompareToRangeStart>) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #4 0x187c63da in nsTypedSelection::GetIndicesForInterval (this=0x171ee4e0, aBeginNode=0x171f6b60, aBeginOffset=0, aEndNode=0x171f6b60, aEndOffset=5, aAllowAdjacent=0, aStartIndex=0xbfffbcac, aEndIndex=0xbfffbca8) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #5 0x187c6946 in nsTypedSelection::GetRangesForIntervalCOMArray (this=0x171ee4e0, aBeginNode=0x0, aBeginOffset=0, aEndNode=0x0, aEndOffset=0, aAllowAdjacent=0, aRanges=0xbfffbd14) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #6 0x187c8d24 in nsTypedSelection::LookUpSelection (this=0x171ee4e0, aContent=0x171f6b60, aContentOffset=0, aContentLength=5, aReturnDetails=0xbfffbd9c, aType=1, aSlowCheck=0) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #7 0x187cb26a in nsFrameSelection::LookUpSelection (this=0x171ee400, aContent=0x171f6b60, aContentOffset=0, aContentLength=5, aSlowCheck=0) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #8 0x187f7865 in nsTextFrame::GetSelectionDetails (this=0x21848240) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #9 0x187f899a in nsTextFrame::PaintTextWithSelection (this=0x21848240, aCtx=0x1f675450, aFramePt=@0xbfffc0b0, aTextBaselinePt=@0xbfffc0a0, aDirtyRect=@0xbfffc040, aProvider=@0xbfffbfb4, aTextPaintStyle=@0xbfffbf20) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #10 0x187f8ffb in nsTextFrame::PaintText (this=0x21848240, aRenderingContext=0x17179460, aPt=@0xbfffc108, aDirtyRect=@0xbfffc140) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #11 0x187f94da in nsDisplayText::Paint (this=0x9d7c44, aBuilder=0x0, aCtx=0x0, aDirtyRect=@0x0) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #12 0x1869e33a in nsDisplayClip::Paint (this=0xbfffc108, aBuilder=0xbfffc1fc, aCtx=0x9d7c44, aDirtyRect=@0x0) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #13 0x1869b05a in nsDisplayList::Paint (this=0xbfffc4a8, aBuilder=0xbfffc1fc, aCtx=0x17179460, aDirtyRect=@0xbfffc560) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #14 0x186d4949 in nsLayoutUtils::PaintFrame (aRenderingContext=0x17179460, aFrame=0x21836e90, aDirtyRegion=@0xbfffc540, aBackstop=4294967295, aFlags=0) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #15 0x186eaba2 in PresShell::Paint (this=0x171ed4e0, aView=0x171eb240, aRenderingContext=0x17179460, aDirtyRegion=@0xbfffc540) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #16 0x18db2044 in nsViewManager::RenderViews (this=0x171eb1e0, aView=0x171eb240, aRC=@0x17179460, aRegion=@0xbfffc5f0) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #17 0x18db25c4 in nsViewManager::Refresh (this=0x171eb1e0, aView=0x171eb240, aContext=0x17179460, aRegion=0x14e5ca90, aUpdateFlags=1) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #18 0x18db561d in nsViewManager::DispatchEvent (this=0x171eb1e0, aEvent=0xbfffc9d4, aView=0x171eb240, aStatus=0xbfffc7ec) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #19 0x18da77bb in HandleEvent (aEvent=0xbfffc9d4) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533 #20 0x1164f618 in nsChildView::DispatchEvent (this=0x171eb2b0, event=0xbfffc9d4, aStatus=@0xbfffc8fc) at /Users/smaug/mozilla/hg/mozilla/content/base/src/nsContentUtils.cpp:1533
|
Reporter | |
Updated•12 years ago
|
Keywords: regressionwindow-wanted
|
|
Reporter | |
Comment 1•12 years ago
|
||
Testcase is https://bugzilla.mozilla.org/attachment.cgi?id=404109 Select few lines and press the button.
|
|
Reporter | |
Comment 2•12 years ago
|
||
Bug 486547 removed some error checking from CompareToRangeStart/End. I should have noticed when reviewing.
Blocks: 486547
|
|
Reporter | |
Updated•12 years ago
|
Keywords: regressionwindow-wanted
|
|
Reporter | |
Comment 3•12 years ago
|
||
I don't like this at all, but this is pretty much what 1.9.1 has. Is FindInsertionPoint doing the right thing? Is it really guaranteed that ranges are sorted?
|
|
Reporter | |
Comment 4•12 years ago
|
||
Comment on attachment 404152 [details] [diff] [review] add back error checking Boris, what do you think? For 1.9.3 something better could be done, but what about 1.9.2? Is this enough?
Attachment #404152 -
Flags: review?(bzbarsky)
|
||
Comment 5•12 years ago
|
||
Is bug 514032 perhaps related?
|
|
Reporter | |
Comment 6•12 years ago
|
||
It doesn't look like this, though 1 xul.dll xul.dll@0x96b63f is a bit strange.
|
|
Reporter | |
Updated•12 years ago
|
Flags: blocking1.9.2?
|
||
Comment 7•12 years ago
|
||
> Is it really guaranteed that ranges are sorted?
Yes, if you don't mess with the ranges by hand. nsTypedSelection::AddItem ensures the ranges are non-overlapping and sorted.
If you mess with them by hand, you get what you deserve, and I don't much care what it is as long as it's not a crash or hang. ;)|
|
||
Comment 8•12 years ago
|
||
Comment on attachment 404152 [details] [diff] [review] add back error checking I guess this makes sense. File a followup on making this ick unnecesary?
Attachment #404152 -
Flags: review?(bzbarsky) → review+
|
|
Reporter | |
Updated•12 years ago
|
Attachment #404152 -
Flags: approval1.9.2?
|
|
Reporter | |
Comment 9•12 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/4ffdf308d316
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Comment 10•12 years ago
|
||
Comment on attachment 404152 [details] [diff] [review] add back error checking Did the followup bug bz requested get filed?
Attachment #404152 -
Flags: approval1.9.2? → approval1.9.2+
|
|
Reporter | |
Comment 11•12 years ago
|
||
Bug 520221.
|
|
Reporter | |
Comment 12•12 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/551ba9506154
status1.9.2:
--- → final-fixed
|
||
Updated•12 years ago
|
Flags: blocking1.9.2? → blocking1.9.2+
Priority: -- → P2
|
|
||
Updated•11 years ago
|
Summary: Testcase for Bug 520001 crashes on trunk/1.9.2 → Testcase for Bug 520001 crashes [@ nsContentUtils::ComparePoints] on trunk/1.9.2
|
||
Updated•11 years ago
|
Group: core-security
|
Assignee | |
Updated•2 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•