Closed Bug 576761 Opened 15 years ago Closed 15 years ago

Transitioning between an unspecified transform and a specified transform crashes [@ nsCSSValue::GetStringValue]

Categories

(Core :: CSS Parsing and Computation, defect, P1)

Product:
Core
Component:
CSS Parsing and Computation
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla2.0b2

People

(Reporter: the.decryptor, Assigned: dbaron)

References

Details

(Keywords: crash)

Crash Data

Attachments

(2 files)

Crashing testcase.
620 bytes, text/html
Details
patch
1.69 KB, patch
dholbert
: review+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Windows; Windows NT 6.1; WOW64; en-US; rv:2.0b2pre) Gecko/20100703 Minefield/4.0b2pre Build Identifier: Mozilla/5.0 (Windows; Windows NT 6.1; WOW64; en-US; rv:2.0b2pre) Gecko/20100703 Minefield/4.0b2pre When you specify a transform and transition on an element, transitioning between an unspecified state and a specified state will crash when you move the mouse off the element (i.e. when the transition starts to reverse) It only happens when it quickly switches back and forth between the states, transitioning entirely to one state and back again is fine. Transitioning between two specified transforms (i.e. rotate(0deg) and rotate(360deg) works fine, it's only when the starting transform is unspecified. Sorry if this doesn't make much sense, the testcase I'll attach should show it clearer. Reproducible: Always Steps to Reproduce: 1. Load the attached testcase 2. Place the cursor in the top right corner of the box 3. Wait until the rotation proceeds until the cursor moves off the element, and it starts rotating back. It mainly crashes for me, but I have seen it work ok when trying to reproduce it. So it might be required to test a few times.
Attached file Crashing testcase.
This testcase crashes when transitioning back from a partially completed transition. Adding "-moz-transform: rotate(0deg);" to the normal style of the <div> fixes it.
Sorry for the spam, I completely forgot that I got a crash stack from this. http://crash-stats.mozilla.com/report/index/bp-85fe75c3-375d-415b-9ad8-162362100703
Hmmm. I probably didn't see this because of a separate patch I have in my tree: http://hg.mozilla.org/users/dbaron_mozilla.com/patches/raw-file/39a449391ffc/transition-no-compute-distance There's probably something wrong with the ComputeDistance implementation.
Attached patch patchSplinter Review
Attachment #455873 - Flags: review?(dholbert)
Happens on Mac, too.
OS: Windows 7 → All
Hardware: x86_64 → All
Assignee: nobody → dbaron
Status: UNCONFIRMED → NEW
Ever confirmed: true
I pushed this pending review, since a lot of people are hitting it. http://hg.mozilla.org/mozilla-central/rev/f9e0009f188d
Status: NEW → RESOLVED
Closed: 15 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3b2
(and since I'm really not sure who will be around today to review it)
Blocks: 531344
Flags: in-testsuite?
Version: unspecified → Trunk
Comment on attachment 455873 [details] [diff] [review] patch Looks good -- sorry for not having caught that in the review on the other bug.
Attachment #455873 - Flags: review?(dholbert) → review+
Signature nsCSSValue::GetStringValue(nsAString_internal&) UUID 85fe75c3-375d-415b-9ad8-162362100703 Time 2010-07-03 07:21:53.361057 Uptime 524 Last Crash 1648018 seconds (2.7 weeks) before submission Install Age 533 seconds (8.9 minutes) since version was first installed. Product Firefox Version 4.0b2pre Build ID 20100703040109 Branch 2.0 OS Windows NT OS Version 6.1.7600 CPU x86 CPU Info GenuineIntel family 6 model 15 stepping 6 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0xc User Comments Processor Notes EMCheckCompatibility False Crashing Thread Frame Module Signature [Expand] Source 0 xul.dll nsCSSValue::GetStringValue layout/style/nsCSSValue.h:278 1 xul.dll nsStyleTransformMatrix::TransformFunctionOf layout/style/nsStyleTransformMatrix.cpp:550 2 xul.dll nsStyleTransformMatrix::SetToTransformFunction layout/style/nsStyleTransformMatrix.cpp:575 3 xul.dll nsStyleTransformMatrix::ReadTransforms layout/style/nsStyleTransformMatrix.cpp:645 4 xul.dll nsStyleAnimation::ComputeDistance 5 xul.dll nsTransitionManager::ConsiderStartingTransition layout/style/nsTransitionManager.cpp:691 6 xul.dll nsTransitionManager::StyleContextChanged
Keywords: crash
Summary: Transitioning between an unspecified transform and a specified transform crashes → Transitioning between an unspecified transform and a specified transform crashes [@ nsCSSValue::GetStringValue]
I have a testcase in bug 582111 that seems to crash with the stacktrace in comment 9.
Crash Signature: [@ nsCSSValue::GetStringValue]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: