523895 - Crash in [@ nsObjectFrame::ComputeWidgetGeometry]

Status: RESOLVED FIXED

(Core :: Layout, defect)

Description

[Marcia Knous [:marcia]]

Seen while running Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2b1) Gecko/20091019 Firefox/3.6b1.

STR:
1. Load http://ubiquity.mozilla.com/planet/
2. I crashed but have not been able to reproduce.

These extensions were installed:
Microsoft .NET Framework Assistant	1.0	false	{20a82645-c095-46ed-80e3-08825760534b}
Java Quick Starter	1.0	true	jqs@sun.com
Coral IE Tab	1.60.20090901	true	ietab@ip.cn

Comment 1

[Marcia Knous [:marcia]]

Forgot the report: http://crash-stats.mozilla.com/report/index/bp-4ff7dda5-9256-48d5-a260-bf9ff2091022

Comment 2

[Carsten Book [:Tomcat]]

(In reply to comment #0)
> Seen while running Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2b1)
> Gecko/20091019 Firefox/3.6b1.
> 
> STR:
> 1. Load http://ubiquity.mozilla.com/planet/
> 2. I crashed but have not been able to reproduce.
> 
> These extensions were installed:
> Microsoft .NET Framework Assistant    1.0    false   
> {20a82645-c095-46ed-80e3-08825760534b}
> Java Quick Starter    1.0    true    jqs@sun.com
> Coral IE Tab    1.60.20090901    true    ietab@ip.cn

from topcrash stats, seems this happend 3 times, marcia were you also able to crash without this extensions ?

Comment 3

[Marcia Knous [:marcia]]

So far I think I only crashed once, and I have not yet been able to reproduce this on any other machines with or without extensions.

Comment 4

[Damon Sicore (:damons)]

Since this is possibly a crash that will show up like mad after we ship, we should take this very seriously, but I can't see blocking on it until we can mak it happen again, or something else significant happens.

Minusing for now, but renom if you see it again.

Comment 5

[Marcia Knous [:marcia]]

I am not certain, but is is possible I may have crashed when this page loaded - http://ubiquity.mozilla.com/ - note that an embedded vimeo video shows up on the page.

Comment 6

[Henrik Skupin [:whimboo][⌚️UTC+2]]

Marcia, have you tried to clear the cache before reloading the page? Eventually it only crashes on first load?

Comment 7

[Bob Clary [:bc] (inactive)]

crash on load nsObjectFrame::ComputeWidgetGeometry with bp-abec7a01-0e8d-4d5a-98ac-729642091118 Mac 1.9.3 and Win 1.9.2 at least. The stack is different though and possibly requires flash. File a new bug?

http://www.tusfotoscaseras.com/2007/09/29/adolescentes-modelos-teens-tetonas-y-culonas/

maybe nsfw.

Comment 8

[Timothy Nikkel (:tnikkel)]

Attachment: testcase

Minimized the page from comment 7 and made it SFW.

Having the stylesheet be on an external server seems to be required, as mirroring it locally never crashes. The swf can probably be local and is just a random swf from the web, so probably any swf would suffice.

Comment 9

[Timothy Nikkel (:tnikkel)]

It is caused by bug 371976. (Someone with access can add the dependency.)

Comment 10

[neil@parkwaycc.co.uk]

The test case doesn't crash for me on trunk, is this a 1.9.2-only bug?

Comment 11

[Timothy Nikkel (:tnikkel)]

Doesn't crash for me on trunk or 1.9.2 anymore. One of the checkins since then must have changed it.

Comment 12

[Timothy Nikkel (:tnikkel)]

Something in this range fixed it.

http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=21972540dbf4&tochange=8265be625bb0

A good guess would be bug 528493.

Comment 13

[neil@parkwaycc.co.uk]

(In reply to comment #12)
> A good guess would be bug 528493.
That was caused by a swf in an iframe in a document with slow CSS, which would explain why your crash never happened when the CSS was local. If you need slow CSS in the future, this is apparently a good link:

http://www.hixie.ch/tests/adhoc/html/parsing/script-style-blocking/slow-style.css

Comment 14

[Brandon Sterne (:bsterne)]

Only 1 crash this week:
bp-79857368-68cd-4beb-8f51-36d782100214

Marking fixed per comment 12.  Bug 528493 landed on 1.9.2 and 1.9.1 (we're waiting to see if we need it on 1.9.0).