Closed
Bug 635329
Opened 13 years ago
Closed 13 years ago
Crash [@ nsBidiPresUtils::RemoveBidiContinuation] with large margin, changing text node
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | final+ |
People
(Reporter: jruderman, Assigned: smontagu)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression, testcase, Whiteboard: [sg:dos (critical w/out frame-poisoning)] [softblocker][has patch])
Crash Data
Attachments
(3 files, 1 obsolete file)
|
364 bytes,
text/html
|
Details | |
|
16.14 KB,
text/plain
|
Details | |
|
9.83 KB,
patch
|
roc
:
review+
roc
:
approval2.0+
|
Details | Diff | Splinter Review |
No description provided.
|
Reporter | |
Comment 1•13 years ago
|
||
Nominating for blocking because this might be the same as a topcrash with the same signature (bug 632828).
blocking2.0: --- → ?
|
|
Reporter | |
Comment 2•13 years ago
|
||
|
|
Reporter | |
Updated•13 years ago
|
OS: Windows 7 → All
Assignee: nobody → smontagu
blocking2.0: ? → final+
Whiteboard: [sg:dos (critical w/out frame-poisoning)] → [sg:dos (critical w/out frame-poisoning)] [softblocker]
|
Assignee | |
Comment 3•13 years ago
|
||
This turns out to be caused by bug 597627 deleting frames during bidi resolution. I think that we won't be losing much if we just don't do that optimization when SetLength is called from AdjustOffsetsForBidi, since bidi resolution blows away text runs for all frames it touches anyway. Mats, does that make sense?
Depends on: 597627
|
|
Assignee | |
Comment 4•13 years ago
|
||
Attachment #513850 -
Flags: review?(roc)
Attachment #513850 -
Flags: feedback?(matspal)
|
|
Assignee | |
Updated•13 years ago
|
Whiteboard: [sg:dos (critical w/out frame-poisoning)] [softblocker] → [sg:dos (critical w/out frame-poisoning)] [softblocker][has patch]
|
||
Updated•13 years ago
|
|
||
Comment 5•13 years ago
|
||
Comment on attachment 513850 [details] [diff] [review] Patch Yes, this looks good to me. Nit: prefix the parameter with "a"
Attachment #513850 -
Flags: feedback?(matspal) → feedback+
Comment on attachment 513850 [details] [diff] [review] Patch + PRBool inBidiResolution = PR_FALSE); I think you should just have a flags word with a flag "ALLOW_FRAME_CREATION_DESTRUCTION", and the default (0) should not allow it.
|
|
Assignee | |
Comment 7•13 years ago
|
||
Attachment #513850 -
Attachment is obsolete: true
Attachment #513896 -
Flags: review?(roc)
Attachment #513850 -
Flags: review?(roc)
Comment on attachment 513896 [details] [diff] [review] Addressed comments +#define ALLOW_FRAME_CREATION_DESTRUCTION 1 Hmm, might as well make it ALLOW_FRAME_CREATION_AND_DESTRUCTION :-). Also, make it 0x01. Also, should be an enum in nsTextFrame.h next to SetLength, i.e. enum { ALLOW_FRAME_CREATION_AND_DESTRUCTION = 0x01 };
Attachment #513896 -
Flags: review?(roc) → review+
Comment on attachment 513896 [details] [diff] [review] Addressed comments This should be very safe since it just enables selective non-use of the optimizations added in bug 597627.
Attachment #513896 -
Flags: approval2.0+
|
|
Assignee | |
Comment 10•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/3db6693e136e
Status: NEW → RESOLVED
Closed: 13 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
|
||
Updated•13 years ago
|
Crash Signature: [@ nsBidiPresUtils::RemoveBidiContinuation]
You need to log in
before you can comment on or make changes to this bug.
Description
•