Closed
Bug 576890
Opened 14 years ago
Closed 14 years ago
Crash [@ nsFrameList::InsertFrames] on print preview
Categories
(Core :: Layout: Tables, defect)
Core
Layout: Tables
Tracking
()
RESOLVED
FIXED
mozilla2.0b8
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | final+ |
People
(Reporter: martijn.martijn, Assigned: MatsPalmgren_bugz)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(5 files, 3 obsolete files)
Screenshot, print preview of Testcase #2
See testcase, which crashes current trunk build on print preview. http://crash-stats.mozilla.com/report/index/e3b5958e-450b-424f-8134-3a0c82100704 0 xul.dll nsFrameList::InsertFrames layout/generic/nsFrameList.cpp:236 1 xul.dll nsTableFrame::PushChildren layout/tables/nsTableFrame.cpp:1959 2 xul.dll nsTableFrame::ReflowChildren 3 xul.dll nsTableFrame::ReflowTable layout/tables/nsTableFrame.cpp:1883 4 xul.dll nsTableFrame::Reflow layout/tables/nsTableFrame.cpp:1787 5 xul.dll nsContainerFrame::ReflowChild layout/generic/nsContainerFrame.cpp:738 6 xul.dll nsTableOuterFrame::Reflow layout/tables/nsTableOuterFrame.cpp:1090 7 @0x8d9aeff I guess this could be fixed by bug 563584.
|
Reporter | |
Comment 1•14 years ago
|
||
|
|
Reporter | |
Comment 2•14 years ago
|
||
Otoh, I seem to have a case where no floats are present.
|
|
Reporter | |
Updated•14 years ago
|
blocking2.0: --- → ?
Works for me in a build with the bug 563584 patches.
blocking2.0: ? → final+
|
|
Reporter | |
Comment 4•14 years ago
|
||
The testcase in this bug doesn't crash anymore, but I still have an unminzimed testcase, that crashes with this stacktrace. I'll try to minimize it and then upload that testcase here.
|
|
Reporter | |
Comment 5•14 years ago
|
||
This testcase still crashes on print preview in current trunk build. http://crash-stats.mozilla.com/report/index/fd3bd5ac-65a0-4326-aedd-7bc602100809 0 xul.dll nsFrameList::InsertFrames layout/generic/nsFrameList.cpp:242 1 xul.dll nsTableFrame::PushChildren layout/tables/nsTableFrame.cpp:1959 2 xul.dll nsTableFrame::ReflowChildren 3 xul.dll nsTableFrame::ReflowTable layout/tables/nsTableFrame.cpp:1883 4 xul.dll nsTableFrame::Reflow layout/tables/nsTableFrame.cpp:1787 5 xul.dll nsContainerFrame::ReflowChild layout/generic/nsContainerFrame.cpp:738 6 xul.dll nsContainerFrame::StealOverflowFrames layout/generic/nsContainerFrame.h:623 7 @0x2 8 @0xe7a2dff
Attachment #455972 -
Attachment is obsolete: true
|
|
Reporter | |
Comment 6•14 years ago
|
||
Still crashes, using: Mozilla/5.0 (Windows NT 6.1; rv:2.0b5pre) Gecko/20100822 Minefield/4.0b5pre
Still crashing?
Assignee: nobody → matspal
|
Assignee | |
Comment 8•14 years ago
|
||
Yes, I can reproduce the crash on x86-64 Linux. I'll take a look.
OS: Windows 7 → All
Hardware: x86 → All
|
|
Assignee | |
Comment 9•14 years ago
|
||
Same test, just changing <span> to <b> for the table-footer so it's easier to tell apart from the table-header in the frame dump.
Attachment #464178 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 10•14 years ago
|
||
There are multiple bugs here, but let's focus on the crash cause first. In the 1st reflow, we find the page break after the header and we call PushChildren on line 2719: http://hg.mozilla.org/mozilla-central/file/070567151424/layout/tables/nsTableFrame.cpp#l2718 since the child we're looking at is the tfoot (which IsRepeatable) there are no frames to push so PushChildren is a NOP and we break out of ReflowChildren with NS_FRAME_NOT_COMPLETE. 2nd reflow we reflow the table next-in-flow, nothing interesting here. 3rd reflow we reflow the first table again, we hit the same PushChildren but this time we have a next-in-flow and we try to insert the empty frame list (which is illegal): http://hg.mozilla.org/mozilla-central/file/070567151424/layout/tables/nsTableFrame.cpp#l1936
|
|
Assignee | |
Comment 11•14 years ago
|
||
This fixes the crash but the rendering is incorrect...
|
|
Assignee | |
Comment 12•14 years ago
|
||
Same as Testcase 1, but with some text in the frames.
|
|
Assignee | |
Comment 13•14 years ago
|
||
This is what Testcase 2 looks like with the patch. Apart from the overlapping content, I still think this is incorrect. I think the correct rendering is a table-header on the first page and a table-footer on the second page, nothing else. Although they are repeatable, there's no table-body so they should not repeat. Is this correct? We should probably spawn off the rendering problem to a separate bug though. The crash fix is pretty trivial so we should get it into 2.0.
(In reply to comment #13) > Is this correct? I think so.
|
|
Assignee | |
Comment 15•14 years ago
|
||
Ok, I'll spawn off the rendering bug.
Attachment #486823 -
Attachment is obsolete: true
Attachment #486832 -
Flags: review?(roc)
Attachment #486832 -
Flags: review?(roc) → review+
Whiteboard: [needs landing]
|
|
Assignee | |
Comment 16•14 years ago
|
||
Filed bug 610245 for the rendering bug. http://hg.mozilla.org/mozilla-central/rev/933bfe553fb0
Status: NEW → RESOLVED
Closed: 14 years ago
Component: Layout → Layout: Tables
Flags: in-testsuite+
QA Contact: layout → layout.tables
Resolution: --- → FIXED
Whiteboard: [needs landing]
Target Milestone: --- → mozilla2.0b8
|
||
Updated•13 years ago
|
Crash Signature: [@ nsFrameList::InsertFrames]
You need to log in
before you can comment on or make changes to this bug.
Description
•