Closed
Bug 695430
Opened 13 years ago
Closed 13 years ago
crash on print preview - nsFrameList::InsertFrames
Categories
(Core :: Layout: Tables, defect)
Tracking
()
RESOLVED
FIXED
mozilla10
People
(Reporter: bugzilla, Assigned: bernd_mozilla)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(7 files)
This bug was filed from the Socorro interface and is report bp-2a675e02-4a6c-4395-a343-725de2111018 . ============================================================= My Linux 32bit FF7 always crashes when selecting "print preview" on both "_crash" testcases attached. Furter reducing the testcases is tricky: as soon as any vertical dimension changes, the crash disappears for me. I created _nocrash to test if it depended on page height only: The first table is exactly as high as first+second in _crash. In my case, this makes the crash disappear. Also, replacing the IMG with a DIV of identical dimensions makes the crash disappear. I have reports of FF10.0a1 on Win7 32 bit crashing even on a print preview of _nocrash. On the other hand, I have a report of a SeaMonkey 2.7a1 (which is Gecko 10.0a1) on Linux only crashing on print preview of the original, unreduced testcase and on none of mine. Also, no reduced testcase crash for FF7 on Win7 64 bit, but crash on unreduced testcase. Same crash for SeaMonkey: bp-b21a6804-f60d-41ed-b63d-028fb2111018 Might be closely related to bug 679787, but I don't see a crash on links provided by the crash stats there.
Reporter | ||
Comment 1•13 years ago
|
||
Reporter | ||
Comment 2•13 years ago
|
||
Reporter | ||
Comment 3•13 years ago
|
||
Reporter | ||
Comment 4•13 years ago
|
||
Reporter | ||
Comment 5•13 years ago
|
||
Ahhh, Bugzilla eats file names in the primary bug view - sorry about that. The reduced testcases I reference by name above are: _crash: reduced testcases 1+2 (695430_test_crash.html and 695430_test_crash_noborders.html) _nocrash: reduced testcase 3 (695430_test_nocrash.html)
Updated•13 years ago
|
Component: General → Layout
Product: Firefox → Core
QA Contact: general → layout
Reporter | ||
Comment 6•13 years ago
|
||
I hereby take back he "nocrash" for Firefox 7. With official Mozilla builds, I see a crash there too. Reports suggest that paper size and justification matter. In my case, that's A4 portrait and US letter portrait. 32bit Linux crashes from official builds (probably overkill, since the crash should be the same one in every case, but meh): testcase 1 Firefox 7.0.1 bp-bf1b0b04-554b-434f-9d12-5d87c2111018 Aurora 9.0a2 bp-ae9d8d11-8912-44cd-bd2f-f02a82111018 Trunk (10.0a1/20111018) bp-2fcd00b5-9e2e-4506-ac06-a0ab92111018 testcase 2 Firefox 7.0.1 bp-e9e14674-7388-45b3-93a4-b9ffa2111018 Aurora 9.0a2 bp-46388f86-27b7-44ce-a7c8-538482111018 Trunk (10.0a1/20111018) bp-f791101b-a5e6-4d24-8198-e586f2111018 testcase 3 Firefox 7.0.1 bp-d9489cbf-cbaa-4354-8a8a-7584e2111018 Aurora 9.0a2 bp-242c575b-c294-494c-b8cc-343a82111018 Trunk (10.0a1/20111018) bp-808b71c1-7124-48a3-9ab6-4b56e2111018
Comment 8•13 years ago
|
||
Print Preview A4 Portrait with my SM 2.7a1/Linux for testcases 1,2,3: crashes with some scale values, especially 100%, 200% and Shrink To Fit but no crash with other scale values e.g. 70%, 80% and 90%.
Comment 9•13 years ago
|
||
Regression window, Works: http://hg.mozilla.org/mozilla-central/rev/41dd493c42c9 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a1pre) Gecko/20090918 Minefield/3.7a1pre ID:20090918042213 Fails(crashes with attachment 567821 [details]): http://hg.mozilla.org/mozilla-central/rev/333967132e88 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a1pre) Gecko/20090919 Minefield/3.7a1pre ID:20090919050513 Pushlog: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=41dd493c42c9&tochange=333967132e88 Triggered by: Bug 233463 - Have faster methods for getting at last frames
Blocks: 233463
Keywords: regression
Assignee | ||
Comment 10•13 years ago
|
||
Assignee | ||
Comment 11•13 years ago
|
||
the crash with attachment 568888 [details] occures with 90% scaling on A4. If it does not crash for you just adapt the spacer height till the image should be at the page boundary.
Assignee | ||
Comment 12•13 years ago
|
||
this is bug in table code
Component: Layout → Layout: Tables
QA Contact: layout → layout.tables
Assignee | ||
Comment 13•13 years ago
|
||
Comment 14•13 years ago
|
||
(In reply to Bernd from comment #13) > Created attachment 568889 [details] [diff] [review] [diff] [details] [review] > where the problem is Applying this attachment solves the problem for my SM 2.7a1/Linux. For all testcases and also for the webpage which was the reason for filing this bug.
Assignee | ||
Comment 15•13 years ago
|
||
InsertFrames was previously tolerant against inserting empty frame lists, it did warn but it did not crash.
Attachment #568927 -
Flags: review?(bzbarsky)
Comment 16•13 years ago
|
||
Try run for 12b61a5aeb6d is complete. Detailed breakdown of the results available here: https://tbpl.mozilla.org/?tree=Try&rev=12b61a5aeb6d Results (out of 33 total builds): success: 30 warnings: 3 Builds available at http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/bmlk@gmx.de-12b61a5aeb6d
Assignee | ||
Comment 17•13 years ago
|
||
the test failures are /bin/sh: line 1: 8616 Segmentation fault XPCOM_DEBUG_BREAK=stack-and-abort /builds/slave/try-lnx/build/obj-firefox/dist/bin/run-mozilla.sh ../../../../../dist/bin/$f make[5]: *** [check] Error 139 make[5]: Leaving directory `/builds/slave/try-lnx/build/obj-firefox/toolkit/components/places/tests/cpp' This is a permaorange on try.
Comment 18•13 years ago
|
||
Comment on attachment 568927 [details] [diff] [review] patch r=me. Sorry about the semantics change to InsertFrames and insufficient caller auditing. :( Serves me right for assuming that assertions aren't being triggered....
Attachment #568927 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 19•13 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/ce4005246dc9
Comment 20•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/ce4005246dc9
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla10
Updated•13 years ago
|
Crash Signature: [@ nsFrameList::InsertFrames] → [@ nsFrameList::InsertFrames(nsIFrame*, nsIFrame*, nsFrameList&) ]
[@ nsFrameList::InsertFrames]
You need to log in
before you can comment on or make changes to this bug.
Description
•