Closed
Bug 570160
Opened 14 years ago
Closed 14 years ago
[regression] crash when printing or in print preview and A4 as page format [@ nsIFrame::SetNextSibling]
Categories
(Core :: Layout: Floats, defect)
Core
Layout: Floats
Tracking
()
RESOLVED
FIXED
mozilla2.0
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | unaffected |
| status1.9.1 | --- | unaffected |
People
(Reporter: bugzilla.i.sekler, Assigned: MatsPalmgren_bugz)
References
()
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(3 files, 3 obsolete files)
|
2.46 KB,
text/plain
|
Details | |
|
990 bytes,
text/html
|
Details | |
|
8.50 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.3a5pre) Gecko/20100604 Firefox/3.7a5pre
Build Identifier:
Firefox crashes when printing or in print preview for the $URL if page format is not Letter (tested with A4).
Good: 2009-10-02, SourceStamp=a80414164888
Bad: 2009-10-03, SourceStamp=0a7dd88dbe67
Regression window: http://hg.mozilla.org/mozilla-central/pushloghtml?startdate=2009-10-02+04%3A26%3A27&enddate=2009-10-03+02%3A36%3A30
Reproducible: Always
Steps to Reproduce:
1. Set page format to A4
2. Load <http://www.musicalcriticism.com/concerts/usherhall-rsno-clein-0510.shtml>
3. Print or print preview the page.
Actual Results:
Crash.
The regression window is identical with <https://bugzilla.mozilla.org/show_bug.cgi?id=553972#c15>, so this bug might be a dupe of Bug 553972, which should be reopened in this case.
The crash report whith an old official nightly while searching for the first bad build: <http://crash-stats.mozilla.com/report/index/bp-66b61fb8-7e07-4fb5-9ac9-c973a2100604>
Wasn't able to make a minimal testcase yet.
|
||
Comment 1•14 years ago
|
||
crashes on windows xp too with 1.9.3 20100604040314
bp-9d5d052b-8df2-4dd9-9344-c75882100604
Signature nsIFrame::SetNextSibling(nsIFrame*)
UUID 9d5d052b-8df2-4dd9-9344-c75882100604
Time 2010-06-04 10:54:10.198115
Uptime 39
Last Crash 47257 seconds before submission
Product Firefox
Version 3.7a5pre
Build ID 20100604040314
Branch 1.9.3
OS Windows NT
OS Version 5.1.2600 Service Pack 3
CPU x86
CPU Info GenuineIntel family 15 model 2 stepping 9
Crash Reason EXCEPTION_ACCESS_VIOLATION
Crash Address 0x20
User Comments Bug 570160
Crashing Thread
Frame Module Signature Source
0 xul.dll nsIFrame::SetNextSibling(nsIFrame*) layout/generic/nsIFrame.h:952
1 xul.dll nsFrameList::RemoveFrame(nsIFrame*) layout/generic/nsFrameList.cpp:133
2 xul.dll nsBlockFrame::CollectFloats(nsIFrame*,nsFrameList&,int,int) layout/generic/nsBlockFrame.cpp:6645
3 xul.dll nsBlockFrame::CollectFloats(nsIFrame*,nsFrameList&,int,int) layout/generic/nsBlockFrame.cpp:6651
4 xul.dll nsBlockFrame::PushLines(nsBlockReflowState&,nsLineList_iterator) layout/generic/nsBlockFrame.cpp:4273
5 xul.dll nsBlockFrame::PlaceLine(nsBlockReflowState&,nsLineLayout&,nsLineList_iterator,nsFloatManager::SavedState*,nsRect&,int&,int*)
6 xul.dll nsAStreamCopier::Process() xpcom/io/nsStreamUtils.cpp:380
7 nspr4.dll _PR_MD_UNLOCK nsprpub/pr/src/md/windows/w95cv.c:344
8 nspr4.dll PR_Unlock nsprpub/pr/src/threads/combined/prulock.c:347
9 xul.dll nsBlockFrame::ReflowInlineFrame(nsBlockReflowState&,nsLineLayout&,nsLineList_iterator,nsIFrame*,LineReflowStatus*) layout/generic/nsBlockFrame.cpp:3722
10 xul.dll nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState&,nsLineLayout&,nsLineList_iterator,nsFlowAreaRect&,int&,nsFloatManager::SavedState*,int*,LineReflowStatus*,int) layout/generic/nsBlockFrame.cpp:3653
11 nspr4.dll PR_Unlock nsprpub/pr/src/threads/combined/prulock.c:347
12 @0x12b967
Component: General → Layout: Tables
Depends on: 563009
Keywords: crash,
regression
OS: Linux → All
QA Contact: general → layout.tables
Version: unspecified → Trunk
|
Assignee | |
Comment 2•14 years ago
|
||
###!!! ASSERTION: why CreateContinuingFrame for a non-splittable frame?: 'aFrame->GetSplittableType() != NS_FRAME_NOT_SPLITTABLE', file c:/moz/hg2/layout/base/nsCSSFrameConstructor.cpp, line 8512
###!!! ASSERTION: OOF must be first continuation: '!aFrame || !aFrame->GetPrevContinuation()', file c:\moz\hg2\layout\generic\nsPlaceholderFrame.h, line 115
###!!! ASSERTION: float manager state should match saved state: 'aState->mX == mX && aState->mY == mY && aState->mFloatInfoCount == mFloats.Length()', file c:\moz\hg2\layout\generic\nsFloatManager.h, line 263
###!!! ASSERTION: available space should never grow: 'aOldAvailableSpace.x <= aNewAvailableSpace.x && aOldAvailableSpace.XMost() >= aNewAvailableSpace.XMost()', file c:/moz/hg2/layout/generic/nsBlockFrame.cpp, line 828
###!!! ASSERTION: Broken frame linkage: 'prevSibling && prevSibling->GetNextSibling() == aFrame', file c:/moz/hg2/layout/generic/nsFrameList.cpp, line 132
###!!! ASSERTION: Creating a circular frame list, this is very bad.: 'this != aNextSibling', file c:\moz\hg2\layout\generic\nsIFrame.h, line 951
The first assertion is caused by trying to create a continuation for
a placeholder frame...
Assignee: nobody → matspal
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
Assignee | |
Comment 3•14 years ago
|
||
|
|
Assignee | |
Comment 4•14 years ago
|
||
Patch coming up...
Blocks: 492627
status1.9.1:
--- → unaffected
status1.9.2:
--- → unaffected
Component: Layout: Tables → Layout: Floats
Keywords: testcase
QA Contact: layout.tables → layout.floats
Hardware: x86 → All
Summary: [regression] crash when printing or in print preview and A4 as page format → [regression] crash when printing or in print preview and A4 as page format [@ nsIFrame::SetNextSibling]
|
|
Assignee | |
Comment 5•14 years ago
|
||
Call SplitFloat() for incomplete placeholders also in the break-after case.
It would be fairly easy to re-arrange the code to share the
SplitFloat/CreateNextInFlow bits for the break-after and
!NS_FRAME_IS_FULLY_COMPLETE blocks. Let me know if you'd prefer that
and I'll make a new patch.
Attachment #449530 -
Flags: review?(fantasai.bugs)
|
|
Assignee | |
Comment 6•14 years ago
|
||
Attachment #449530 -
Flags: review?(fantasai.bugs) → review-
|
|
Assignee | |
Comment 8•14 years ago
|
||
Rearranging the code, should be functionally the same as the last patch.
Attachment #449530 -
Attachment is obsolete: true
Attachment #449531 -
Attachment is obsolete: true
Attachment #454447 -
Flags: review?(fantasai.bugs)
Comment on attachment 454447 [details] [diff] [review]
Patch rev. 2
Overall, looks good. I think, however, that this bit
+ PRBool isBreakAfter = NS_INLINE_IS_BREAK_AFTER(aStatus);
+ if (isBreakAfter ? NS_FRAME_IS_NOT_COMPLETE(aStatus)
+ : !NS_FRAME_IS_FULLY_COMPLETE(aStatus)) {
+ [...]
+ if (isBreakAfter) {
should be
+ if (!NS_FRAME_IS_FULLY_COMPLETE(aStatus)) {
+ [...]
+ if (NS_INLINE_IS_BREAK_AFTER(aStatus)) {
r+ with that change, unless you disagree
Attachment #454447 -
Flags: review?(fantasai.bugs) → review+
|
|
Assignee | |
Comment 10•14 years ago
|
||
Ok, I thought about that too, but I kept the old logic to minimize risk.
(the old logic doesn't make a continuation for
"isBreakAfter && NS_FRAME_OVERFLOW_INCOMPLETE")
Are you saying that combination cannot occur or is the old logic
simply broken and it should have made a continuation in that case too?
(I'll add an assertion if it shouldn't occur)
|
||
Comment 11•14 years ago
|
||
I believe it should have made a continuation in that case, too. I suspect I didn't update it to handle overflow containers in that instance because there was no code to handle placeholders, so it seemed there were nothing to handle.
|
|
Assignee | |
Comment 12•14 years ago
|
||
Ok, thanks for clarifying.
|
|
Assignee | |
Comment 13•14 years ago
|
||
Updated per review comments. I'll land this when the tree reopens...
Attachment #454447 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 14•14 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0
|
||
Updated•13 years ago
|
Crash Signature: [@ nsIFrame::SetNextSibling]
You need to log in
before you can comment on or make changes to this bug.
Description
•