Closed
Bug 52130
Opened 24 years ago
Closed 24 years ago
Crash in layout replying to mail message
Categories
(Core :: Layout, defect, P1)
Tracking
()
VERIFIED
FIXED
People
(Reporter: Bienvenu, Assigned: Bienvenu)
Details
(Keywords: crash, Whiteboard: [nsbeta3+][PDTP1])
Attachments
(2 files)
|
1.12 KB,
patch
|
Details | Diff | Splinter Review | |
|
22.95 KB,
text/plain
|
Details |
I have a mail message that always crashes layout when I reply to it with the
following stack trace:
segment->mInsideNeighbor is null
nsVoidArray::Count() line 45 + 3 bytes
nsVoidArray::ElementAt(int 0x00000000) line 127 + 14 bytes
nsCSSRendering::DrawDashedSegments(nsIRenderingContext & {...}, const nsRect &
{...}, nsBorderEdges * 0x05552e50, int 0x00000006, nsRect * 0x00000000) line
1143 + 17 bytes
nsCSSRendering::PaintBorderEdges(nsIPresContext * 0x054e95b0,
nsIRenderingContext & {...}, nsIFrame * 0x0482fad4, const nsRect & {...}, const
nsRect & {...}, nsBorderEdges * 0x05552e50, nsIStyleContext * 0x05553280, int
0x00000006, nsRect * 0x00000000) line 1838 + 25 bytes
nsTableFrame::Paint(nsTableFrame * const 0x0482fad4, nsIPresContext *
0x054e95b0, nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer
eFramePaintLayer_Underlay) line 1300 + 42 bytes
nsContainerFrame::PaintChild(nsIPresContext * 0x054e95b0, nsIRenderingContext &
{...}, const nsRect & {...}, nsIFrame * 0x0482fad4, nsFramePaintLayer
eFramePaintLayer_Underlay) line 211
nsTableOuterFrame::Paint(nsTableOuterFrame * const 0x0482fa80, nsIPresContext *
0x054e95b0, nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer
eFramePaintLayer_Underlay) line 352
nsContainerFrame::PaintChild(nsIPresContext * 0x054e95b0, nsIRenderingContext &
{...}, const nsRect & {...}, nsIFrame * 0x0482fa80, nsFramePaintLayer
eFramePaintLayer_Underlay) line 211
nsBlockFrame::PaintChildren(nsIPresContext * 0x054e95b0, nsIRenderingContext &
{...}, const nsRect & {...}, nsFramePaintLayer eFramePaintLayer_Underlay) line 6388
nsBlockFrame::Paint(nsBlockFrame * const 0x03ae9ee0, nsIPresContext *
0x054e95b0, nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer
eFramePaintLayer_Underlay) line 6266
nsContainerFrame::PaintChild(nsIPresContext * 0x054e95b0, nsIRenderingContext &
{...}, const nsRect & {...}, nsIFrame * 0x03ae9ee0, nsFramePaintLayer
eFramePaintLayer_Underlay) line 211
nsBlockFrame::PaintChildren(nsIPresContext * 0x054e95b0, nsIRenderingContext &
{...}, const nsRect & {...}, nsFramePaintLayer eFramePaintLayer_Underlay) line 6388
nsBlockFrame::Paint(nsBlockFrame * const 0x03ae9d3c, nsIPresContext *
0x054e95b0, nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer
eFramePaintLayer_Underlay) line 6266
nsContainerFrame::PaintChild(nsIPresContext * 0x054e95b0, nsIRenderingContext &
{...}, const nsRect & {...}, nsIFrame * 0x03ae9d3c, nsFramePaintLayer
eFramePaintLayer_Underlay) line 211
nsBlockFrame::PaintChildren(nsIPresContext * 0x054e95b0, nsIRenderingContext &
{...}, const nsRect & {...}, nsFramePaintLayer eFramePaintLayer_Underlay) line 6388
nsBlockFrame::Paint(nsBlockFrame * const 0x03ae9cf0, nsIPresContext *
0x054e95b0, nsIRenderingContext & {...}, const nsRect & {...}, nsFramePaintLayer
eFramePaintLayer_Underlay) line 6266
nsContainerFrame::PaintChild(nsIPresContext * 0x054e95b0, nsIRenderingContext &
{...}, const nsRect & {...}, nsIFrame * 0x03ae9cf0, nsFramePaintLayer
eFramePaintLayer_Underlay) line 211
nsContainerFrame::PaintChildren(nsIPresContext * 0x054e95b0, nsIRenderingContext
& {...}, const nsRect & {...}, nsFramePaintLayer eFramePaintLayer_Underlay) line 155
nsHTMLContainerFrame::Paint(nsHTMLContainerFrame * const 0x03ae901c,
nsIPresContext * 0x054e95b0, nsIRenderingContext & {...}, const nsRect & {...},
nsFramePaintLayer eFramePaintLayer_Underlay) line 108
PresShell::Paint(PresShell * const 0x0549c9b4, nsIView * 0x04fabeb0,
nsIRenderingContext & {...}, const nsRect & {...}) line 3784 + 34 bytes
nsView::Paint(nsView * const 0x04fabeb0, nsIRenderingContext & {...}, const
nsRect & {...}, unsigned int 0x00000080, int & 0x10027905) line 284
nsViewManager2::RenderDisplayListElement(DisplayListElement2 * 0x054bc370,
nsIRenderingContext & {...}) line 849
nsViewManager2::RenderViews(nsIView * 0x04fb8750, nsIRenderingContext & {...},
const nsRect & {...}, int & 0x00000000) line 796
nsViewManager2::Refresh(nsIView * 0x04fb8750, nsIRenderingContext * 0x056c3080,
const nsRect * 0x0012e984, unsigned int 0x00000001) line 676
nsViewManager2::DispatchEvent(nsViewManager2 * const 0x0549b510, nsGUIEvent *
0x0012eac4, nsEventStatus * 0x0012e9c8) line 1342
HandleEvent(nsGUIEvent * 0x0012eac4) line 68
nsWindow::DispatchEvent(nsWindow * const 0x04fb8614, nsGUIEvent * 0x0012eac4,
nsEventStatus & nsEventStatus_eIgnore) line 614 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012eac4, nsEventStatus &
nsEventStatus_eIgnore) line 640
nsWindow::OnPaint() line 3619 + 28 bytes
nsWindow::ProcessMessage(unsigned int 0x0000000f, unsigned int 0x00000000, long
0x00000000, long * 0x0012ee74) line 2738 + 17 bytes
nsWindow::WindowProc(HWND__ * 0x0cf504a6, unsigned int 0x0000000f, unsigned int
0x00000000, long 0x00000000) line 883 + 27 bytes
USER32! 77e7131f()
USER32! 77e71e9f()
NTDLL! 77f7637b()
nsViewManager2::Composite(nsViewManager2 * const 0x0549b510) line 1119
nsViewManager2::EnableRefresh(nsViewManager2 * const 0x0549b510, unsigned int
0x00000002) line 2211
nsViewManager2::EndUpdateViewBatch(nsViewManager2 * const 0x0549b510, unsigned
int 0x00000002) line 2242 + 19 bytes
nsEditor::EndUpdateViewBatch() line 5386
nsEditor::EndPlaceHolderTransaction(nsEditor * const 0x0541a810) line 1366
nsAutoPlaceHolderBatch::~nsAutoPlaceHolderBatch() line 48 + 44 bytes
nsAutoEditBatch::~nsAutoEditBatch() line 61 + 15 bytes
nsHTMLEditor::InsertAsCitedQuotation(nsHTMLEditor * const 0x0541a8ac, const
nsString & {...}, const nsString & {...}, int 0x00000001, const nsString &
{...}, nsIDOMNode * * 0x0012f5f0) line 5691
nsHTMLEditorLog::InsertAsCitedQuotation(nsHTMLEditorLog * const 0x0541a8ac,
const nsString & {...}, const nsString & {...}, int 0x00000001, const nsString &
{...}, nsIDOMNode * * 0x0012f5f0) line 465 + 29 bytes
nsEditorShell::InsertAsCitedQuotation(nsEditorShell * const 0x0547a3c0, const
unsigned short * 0x048a5f18, const unsigned short * 0x054af460, int 0x00000001,
const unsigned short * 0x0012f554, nsIDOMNode * * 0x0012f5f0) line 2520 + 64 bytes
nsMsgCompose::ConvertAndLoadComposeWindow(nsIEditorShell * 0x0547a3c0, nsString
& {...}, nsString & {...}, nsString & {...}, int 0x00000001, int 0x00000001)
line 261 + 93 bytes
QuotingOutputStreamListener::OnStopRequest(QuotingOutputStreamListener * const
0x05428e80, nsIChannel * 0x05428750, nsISupports * 0x054288f4, unsigned int
0x00000000, nsISupports * 0x054288f4) line 1424
nsStreamConverter::OnStopRequest(nsStreamConverter * const 0x05428050,
nsIChannel * 0x05428750, nsISupports * 0x054288f4, unsigned int 0x00000000,
const unsigned short * 0x100a55e8 gCommonEmptyBuffer) line 974
nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x054b41e0) line 302
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x054b4a60) line 97 + 12 bytes
PL_HandleEvent(PLEvent * 0x054b4a60) line 589 + 10 bytes
|
Assignee | |
Comment 1•24 years ago
|
||
adding keywords. It's a message generated with MS Word so it has lots of styles. I can forward the message to whoever ends up fixing this bug.
|
||
Comment 3•24 years ago
|
||
Reassigning to dcone. Marking nsbeta3 P1 because it is a crasher.
Assignee: kmcclusk → dcone
Priority: P3 → P1
Whiteboard: [nsbeta3+]
|
||
Comment 5•24 years ago
|
||
I haven't a clue as to why this is my bug. reassigning to karnaze
Assignee: rods → karnaze
|
|
Assignee | |
Comment 6•24 years ago
|
||
I'm going to try adding a null check since that might get this fixed faster. I'll post my findings.
|
|
Assignee | |
Comment 7•24 years ago
|
||
|
|
Assignee | |
Comment 8•24 years ago
|
||
I've attaached a patch that fixes the crash, though it probably doesn't do "the right thing". Next, I'll attach a message which demonstrates the problem.
|
|
Assignee | |
Comment 9•24 years ago
|
||
|
|
Assignee | |
Comment 10•24 years ago
|
||
If you save the attached file into your local mail directory and then open the folder, select the message, and reply, you'll see the crash. I also suspect that we're not displaying the message correctly in the first place, since when I reply to it (with my patch not to crash), the compose window shows some of the text with a box around it that is not shown when the message is displayed. Since the crash is in code that seems to be dealing with displaying a box around text, I think it's all related.
|
||
Comment 11•24 years ago
|
||
Rod, you got the bug because Kevin thinks it may be Don's and Don is too busy to look at it. If it turns out to be a problem with tables instead of the border drawing code (which Don is familar with and the stack points at) please give it back to me.
Assignee: karnaze → rods
|
|
||
Comment 12•24 years ago
|
||
I couldn't get it to crash with the sample message. but the patch looks good
Status: NEW → ASSIGNED
|
||
Comment 13•24 years ago
|
||
Bienvenu and Rod, the patch looks fine: r=attinasi
|
||
Comment 14•24 years ago
|
||
looks good to me, too. r=waterson
|
||
Comment 15•24 years ago
|
||
I also cannot get the crash to happen, but the patch looks fine. r=buster.
|
||
Comment 16•24 years ago
|
||
PDT agrees P1. Can we check the patch in now?
Whiteboard: [nsbeta3+] → [nsbeta3+][PDTP1]
|
|
Assignee | |
Comment 17•24 years ago
|
||
OK, I'll check it in.
Assignee: rods → bienvenu
Status: ASSIGNED → NEW
|
|
Assignee | |
Comment 18•24 years ago
|
||
OK, fix checked in.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
|
||
Comment 20•24 years ago
|
||
Verified with the 0ct 20 trunk build Marking VERIFIED and removing vtrunk keyword
Status: RESOLVED → VERIFIED
Keywords: vtrunk
You need to log in
before you can comment on or make changes to this bug.
Description
•