Crash [@ nsTextFrame::ClearTextRun] with rtl

RESOLVED FIXED in mozilla7

Status

()

Core
Layout
--
critical
RESOLVED FIXED
6 years ago
3 years ago

People

(Reporter: Jesse Ruderman, Assigned: mats)

Tracking

(Blocks: 2 bugs, {crash, regression, testcase})

Trunk
mozilla7
crash, regression, testcase
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [inbound], crash signature)

Attachments

(3 attachments)

(Reporter)

Description

6 years ago
Created attachment 541767 [details]
testcase (crashes Firefox when loaded)

bp-4b872138-932e-4dbf-b72b-134d42110624

Regression between Jun 23 and Jun 24 nightly builds, I think.
(Reporter)

Comment 1

6 years ago
Created attachment 541768 [details]
stack trace
tracking-firefox7: --- → ?
(Assignee)

Comment 2

6 years ago
With nsContainerFrame::RemoveFrame on stack, bug 654002 is the likely culprit.
(Assignee)

Comment 3

6 years ago
Confirmed - reverting bug 654002 in a local build makes the crash go away.
Assignee: nobody → matspal
Blocks: 654002
OS: Mac OS X → All
Hardware: x86_64 → All
(Assignee)

Comment 4

6 years ago
I suspect that it's the "!mPrevContinuation" on line 3837 that is now
true in cases where it didn't use to be...
http://mxr.mozilla.org/mozilla-central/source/layout/generic/nsTextFrameThebes.cpp#3823
(Assignee)

Comment 5

6 years ago
Created attachment 541884 [details]
Frame dump + stack

The problem is that ClearAllTextRunReferences() depends on an intact
next-continuation in order to clear mTextRun on the frames.
I think this is worse than the problem bug 654002 was trying to solve,
so I'll just back that out for now.
(Assignee)

Comment 6

6 years ago
http://hg.mozilla.org/integration/mozilla-inbound/rev/12b5e82f6ffd
http://hg.mozilla.org/integration/mozilla-inbound/rev/25c5fc68db1f
Flags: in-testsuite+
Whiteboard: [inbound]
http://hg.mozilla.org/mozilla-central/rev/12b5e82f6ffd
http://hg.mozilla.org/mozilla-central/rev/25c5fc68db1f

Someone please mark bug 654002 as backed out on central since I can't access it.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla7

Updated

6 years ago
tracking-firefox7: ? → ---

Updated

6 years ago
Crash Signature: [@ nsTextFrame::ClearTextRun ]
You need to log in before you can comment on or make changes to this bug.