Closed Bug 675490 Opened 8 years ago Closed 8 years ago
Crash [@ ns
Frame List::Remove Frame] on printing/print preview
See testcase, which crashes current trunk build on printing/print preview. Previous bug, bug 642088. https://crash-stats.mozilla.com/report/index/bp-8f6eb718-2f41-4018-8ef5-50bf72110730 0 xul.dll nsFrameList::RemoveFrame layout/generic/nsFrameList.cpp:129 1 xul.dll nsTableFrame::PushChildren layout/tables/nsTableFrame.cpp:1958 2 xul.dll nsTableFrame::ReflowChildren 3 xul.dll nsTableFrame::ReflowTable layout/tables/nsTableFrame.cpp:1900 4 xul.dll nsTableFrame::Reflow layout/tables/nsTableFrame.cpp:1804 5 xul.dll nsContainerFrame::ReflowChild layout/generic/nsContainerFrame.cpp:959 6 xul.dll nsContainerFrame::StealOverflowFrames layout/generic/nsContainerFrame.h:643 7 xul.dll PL_DHashTableOperate obj-firefox/xpcom/build/pldhash.c:625
I will look into it once my debug builds compiles...
I see it in my debug build.
Assignee: nobody → bernd_mozilla
the structure now avoids table pseudo frame creation. Its important that thead is not the first child of the table
what happens here is that on the first page tbody splits at the available space and creates a next inflow the table puts the nif on its overflow list. the table height computation reports a slightly larger desired size (2 px) than available so the table gets marked as truncated and gets pushed entirely on to second page then the same table frame is reflowed and gets back the frame from the overflow list now the mFrames are tfoot > tbody > thead > tbody_nif where > stands for next sibling relation ship
this fixes the crash but does not fix the problem with the tfoots that are not placed due to size constraints.
The problem comes here from the fact that a repeatable tfoot can't be placed. If it is not pushed it will cause in CalcDesiredHeight a increase by one cellspacing and misplaced tfoot on the page where it does not fit.
Attachment #550779 - Attachment is obsolete: true
This also crash Aurora7.0a2 http://hg.mozilla.org/releases/mozilla-aurora/rev/bd419b4cdaea Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0a2) Gecko/20110806 Firefox/7.0a2 ID:20110806042002 bp-7e67d10e-da21-4eae-b882-641902110806
Comment on attachment 551274 [details] [diff] [review] patch Boris, we compute the repeatability of tfoot as a quarter of the page size, however we are not guaranteed that the tfoot will fit. The patch here says if it does not fit then we remove the repeatability and push the tfoot to the next inflow. Otherwise tfoot will end as a not placed frame at 0,0 relative to the table and spoil nsTableFrame::CalcDesiredHeight at http://mxr.mozilla.org/mozilla-central/source/layout/tables/nsTableFrame.cpp#2977 by addinga 0 height and one cellspacing in excess. I will push this over to try, once my commit is reenabled (bug 677040)
Attachment #551274 - Flags: review?(bzbarsky)
Comment on attachment 551274 [details] [diff] [review] patch r=me
Attachment #551274 - Flags: review?(bzbarsky) → review+
http://tbpl.mozilla.org/?tree=Try&rev=1de37cd663c7 shows a consistent failure pattern in crashtests REFTEST TEST-UNEXPECTED-FAIL | file:///c:/talos-slave/test/build/reftest/tests/layout/tables/crashtests/576890-1.html | assertion count 2 is more than expected 0 assertions REFTEST TEST-UNEXPECTED-FAIL | file:///c:/talos-slave/test/build/reftest/tests/layout/tables/crashtests/576890-2.html | assertion count 12 is more than expected 0 assertions REFTEST TEST-UNEXPECTED-FAIL | file:///c:/talos-slave/test/build/reftest/tests/layout/tables/crashtests/576890-3.html | assertion count 2 is more than expected 0 assertions ==> more work required
more work is means bug 610245
http://hg.mozilla.org/integration/mozilla-inbound/rev/6f4b90a6c292 pushed together with the patch for bug 678447, when pushing this to aurora or beta both patches are required otherwise crash tests will go orange.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla8
You need to log in before you can comment on or make changes to this bug.