Closed Bug 675246 Opened 13 years ago Closed 13 years ago

Crash [@ nsLayoutUtils::GetStyleFrame(nsIFrame*) ] when printing with tfoot::after position:fixed

Categories

(Core :: Printing: Output, defect, P1)

Product:
Core
Component:
Printing: Output
Platform:
x86
Windows 7
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla8

People

(Reporter: martijn.martijn, Assigned: bzbarsky)

References

(Depends on 1 open bug)

Details

(Keywords: crash, regression, testcase)

Crash Data

Attachments

(2 files)

testcase
205 bytes, application/xhtml+xml
Details
Fix
3.29 KB, patch
roc
: review+
Details | Diff | Splinter Review
Attached file testcase 
See testcase, which crashes current trunk build on print/print preview.

This looks like a regression from bug 577450.

https://crash-stats.mozilla.com/report/index/714bb842-6659-4ca6-9d30-b8b4d2110729
0 	xul.dll 	nsLayoutUtils::GetStyleFrame 	layout/base/nsLayoutUtils.cpp:419
1 	xul.dll 	nsCSSFrameConstructor::ReplicateFixedFrames 	layout/base/nsCSSFrameConstructor.cpp:8705
2 	xul.dll 	nsPageContentFrame::Reflow 	layout/generic/nsPageContentFrame.cpp:85
3 	xul.dll 	nsContainerFrame::ReflowChild 	layout/generic/nsContainerFrame.cpp:959
4 	xul.dll 	nsPageFrame::Reflow 	layout/generic/nsPageFrame.cpp:137
5 		@0xa7ab0ff
So uh....

(gdb) p fixed
$3 = (nsBlockFrame *) 0x107aac6d8
(gdb) p fixed->GetContent()
$4 = (nsXMLElement *) 0x145b0e8e0
(gdb) p fixed->GetContent()->GetPrimaryFrame()
$5 = (Cannot access memory at address 0x0
Assignee: nobody → bzbarsky
Priority: -- → P1
So we're replicating the tfoot, and we create a new generated content _node_ as part of the process.  But the "skip primary frame set" bit is on, of course, so we don't give it a primary frame.
Attached patch FixSplinter Review 

        Attachment #549438 -
        Flags: review?(roc)

    
  
Whiteboard: [need review]

    
  
Whiteboard: [need review] → [need landing]

    
    

    
  
http://hg.mozilla.org/integration/mozilla-inbound/rev/c47fe225ea20
Flags: in-testsuite+
Whiteboard: [need landing]
Target Milestone: --- → mozilla8
Depends on: 675713

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/c47fe225ea20
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: