Open Bug 682647 Opened 13 years ago Updated 2 years ago

"ASSERTION: unexpected max block size" with -moz-element background and -moz-column

Categories

(Core :: Layout, defect)

x86_64
All
defect

Tracking

()

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: assertion, testcase)

Attachments

(3 files)

Attached file testcase
###!!! ABORT: image ratio with nonsense width: 'aIntrinsicRatio.width >= 0', file layout/base/nsCSSRendering.cpp, line 3931 The abort was added in bug 609714, but I don't know if there was also a more recent regression.
Attached file stack trace
Confirmed in my Linux x86_64 debug build. I get this series of warning messages in my terminal, leading up to the abort: { WARNING: Overflowed nscoord_MAX in conversion to nscoord: 'aValue <= nscoord_MAX', file ../../dist/include/nsCoord.h, line 114 WARNING: Overflowed nscoord_MAX in conversion to nscoord: 'aValue <= nscoord_MAX', file ../../dist/include/nsCoord.h, line 114 WARNING: Overflowed nscoord_MAX in conversion to nscoord: 'aValue <= nscoord_MAX', file ../../dist/include/nsCoord.h, line 114 WARNING: Overflowed nscoord_MAX in conversion to nscoord: 'aValue <= nscoord_MAX', file ../../dist/include/nsCoord.h, line 114 nsBlockReflowContext: ColumnSet(div)(0)@0x7faae07d2670 metrics=-2147483648,-2147483648! ###!!! ASSERTION: illegal width for combined area: 'aOverflowAreas.Overflow(otype).width >= 0', file ../../../mozilla/layout/generic/nsLineBox.cpp, line 498 ###!!! ASSERTION: illegal height for combined area: 'aOverflowAreas.Overflow(otype).height >= 0', file ../../../mozilla/layout/generic/nsLineBox.cpp, line 500 ###!!! ASSERTION: illegal width for combined area: 'aOverflowAreas.Overflow(otype).width >= 0', file ../../../mozilla/layout/generic/nsLineBox.cpp, line 498 ###!!! ASSERTION: illegal height for combined area: 'aOverflowAreas.Overflow(otype).height >= 0', file ../../../mozilla/layout/generic/nsLineBox.cpp, line 500 nsBlockReflowContext: ColumnSet(div)(0)@0x7faae07d2670 metrics=-2147483648,-2147483648! ###!!! ASSERTION: illegal width for combined area: 'aOverflowAreas.Overflow(otype).width >= 0', file ../../../mozilla/layout/generic/nsLineBox.cpp, line 498 ###!!! ASSERTION: illegal height for combined area: 'aOverflowAreas.Overflow(otype).height >= 0', file ../../../mozilla/layout/generic/nsLineBox.cpp, line 500 ###!!! ASSERTION: illegal width for combined area: 'aOverflowAreas.Overflow(otype).width >= 0', file ../../../mozilla/layout/generic/nsLineBox.cpp, line 498 ###!!! ASSERTION: illegal height for combined area: 'aOverflowAreas.Overflow(otype).height >= 0', file ../../../mozilla/layout/generic/nsLineBox.cpp, line 500 ###!!! ABORT: image ratio with nonsense width: 'aIntrinsicRatio.width >= 0', file ../../../mozilla/layout/base/nsCSSRendering.cpp, line 3931 }
OS: Mac OS X → All
Bug 690619 might be related.
Attached patch fix+testSplinter Review
Clamp negative layout width/height values to zero image width/height. (this is in the eStyleImageType_Element case) http://hg.mozilla.org/mozilla-central/annotate/c232bec6974d/layout/base/nsCSSRendering.cpp#l4375 This is effectively what we do for eStyleImageType_Image too - nsLayoutUtils::ComputeSizeForDrawing() calls imgIContainer::GetWidth() which returns mSize, which rejects negative values, e.g.: http://hg.mozilla.org/mozilla-central/annotate/c232bec6974d/image/src/RasterImage.cpp#l1409 I'll file a follow-up bug for the remaining non-fatal assertions in this test. ("ASSERTION: illegal width/height for combined area") https://tbpl.mozilla.org/?tree=Try&rev=f39faf2370c6
Assignee: nobody → matspal
Attachment #733686 - Flags: review?(roc)
Still asserts on trunk: ASSERTION: unexpected max block size: 'aBSize >= 0', file /builds/slave/m-cen-l64-d-000000000000000000/build/src/layout/generic/nsFloatManager.cpp, line 128 Mats, is the attached patch still relevant?
Flags: needinfo?(mats)
Summary: "ABORT: image ratio with nonsense width" with -moz-element background and -moz-column → "ASSERTION: unexpected max block size" with -moz-element background and -moz-column
No, I don't think so. I probably realized at some point that it's just wallpaper and it would be better to do something a bit more general. The root of the problem is of course the "padding: 8589934593in;" in the test. This is capped to NS_MAXSIZE so we have: (gdb) p borderPadding $7 = { mWritingMode = { mWritingMode = 0 '\000' }, mMargin = { <mozilla::gfx::BaseMargin<int, nsMargin>> = { top = 1073741824, right = 1073741824, bottom = 1073741824, left = 1073741824 }, <No data fields>} } (gdb) p borderPadding.IStartEnd(wm) $8 = -2147483648 which leads to a frame having negative width/height. I've proposed in the past that we should cap these values much more aggressively in the style system so that situations like this would rarely occur... We could also make nsIFrame::SetRect and nsHTMLReflowMetrics::SetSize clamp negative width/height. FWIW, doing the latter makes the nsFloatManager assert go away.
Assignee: mats → nobody
Severity: critical → normal
Flags: needinfo?(mats)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: