Closed Bug 672080 Opened 14 years ago Closed 14 years ago

Crash [@ nsLineLayout::ReflowFrame ]

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla8
Tracking Flags:
Tracking Status
firefox6 --- affected
firefox7 --- affected
firefox8 --- affected

People

(Reporter: bc, Assigned: MatsPalmgren_bugz)

References

(
URL
)

Details

(Keywords: crash, reproducible, Whiteboard: [sg:dos] null-pointer access [fixed by bug 578977])

Crash Data

The nsLineLayout::ReflowFrame call is from nsFirstLetterFrame::Reflow for a first-letter frame that has no child frame. The frame tree looks very much like the same situation as in bug 578977. Applying the patch in bug 578977 locally fixes it for me. Test builds will be available shortly at: http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/mpalmgren@mozilla.com-e4de685e7bb3/ The posted stack in bug 358173 looks like a different problem since the call comes from nsInlineFrame::ReflowInlineFrame.
Assignee: nobody → matspal
Depends on: 578977
Whiteboard: [sg:dos] null-pointer access
Here's a better build to test (with the latest patch (v3) in bug 578977): http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/mpalmgren@mozilla.com-023d6da70368
Testing the Mac Debug build fixes the crash for me. Mats, do you need me to test the others as well?
Further testing shouldn't be necessary. Thanks. Fixed by bug 578977.
Status: NEW → RESOLVED
Closed: 14 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Whiteboard: [sg:dos] null-pointer access → [sg:dos] null-pointer access [fixed by bug 578977]
Target Milestone: --- → mozilla8
There's no reduced test here so let's say the tests for bug 578977 is enough.
Flags: in-testsuite? → in-testsuite-
You need to log in before you can comment on or make changes to this bug.