This bug was filed from the Socorro interface and is
report bp-2a675e02-4a6c-4395-a343-725de2111018 .
My Linux 32bit FF7 always crashes when selecting "print preview" on both "_crash" testcases attached.
Furter reducing the testcases is tricky: as soon as any vertical dimension changes, the crash disappears for me.
I created _nocrash to test if it depended on page height only: The first table is exactly as high as first+second in _crash. In my case, this makes the crash disappear.
Also, replacing the IMG with a DIV of identical dimensions makes the crash disappear.
I have reports of FF10.0a1 on Win7 32 bit crashing even on a print preview of _nocrash.
On the other hand, I have a report of a SeaMonkey 2.7a1 (which is Gecko 10.0a1) on Linux only crashing on print preview of the original, unreduced testcase and on none of mine.
Also, no reduced testcase crash for FF7 on Win7 64 bit, but crash on unreduced testcase.
Same crash for SeaMonkey: bp-b21a6804-f60d-41ed-b63d-028fb2111018
Might be closely related to bug 679787, but I don't see a crash on links provided by the crash stats there.
Created attachment 567821 [details]
Created attachment 567823 [details]
reduced testcase 1
Created attachment 567824 [details]
reduced testcase 2
Created attachment 567825 [details]
reduced testcase 3 - doesn't crash FF7
Ahhh, Bugzilla eats file names in the primary bug view - sorry about that.
The reduced testcases I reference by name above are:
_crash: reduced testcases 1+2 (695430_test_crash.html and 695430_test_crash_noborders.html)
_nocrash: reduced testcase 3 (695430_test_nocrash.html)
I hereby take back he "nocrash" for Firefox 7. With official Mozilla builds, I see a crash there too.
Reports suggest that paper size and justification matter. In my case, that's A4 portrait and US letter portrait.
32bit Linux crashes from official builds (probably overkill, since the crash should be the same one in every case, but meh):
Firefox 7.0.1 bp-bf1b0b04-554b-434f-9d12-5d87c2111018
Aurora 9.0a2 bp-ae9d8d11-8912-44cd-bd2f-f02a82111018
Trunk (10.0a1/20111018) bp-2fcd00b5-9e2e-4506-ac06-a0ab92111018
Firefox 7.0.1 bp-e9e14674-7388-45b3-93a4-b9ffa2111018
Aurora 9.0a2 bp-46388f86-27b7-44ce-a7c8-538482111018
Trunk (10.0a1/20111018) bp-f791101b-a5e6-4d24-8198-e586f2111018
Firefox 7.0.1 bp-d9489cbf-cbaa-4354-8a8a-7584e2111018
Aurora 9.0a2 bp-242c575b-c294-494c-b8cc-343a82111018
Trunk (10.0a1/20111018) bp-808b71c1-7124-48a3-9ab6-4b56e2111018
*** Bug 695338 has been marked as a duplicate of this bug. ***
Print Preview A4 Portrait with my SM 2.7a1/Linux for testcases 1,2,3: crashes with some scale values, especially 100%, 200% and Shrink To Fit but no crash with other scale values e.g. 70%, 80% and 90%.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a1pre) Gecko/20090918 Minefield/3.7a1pre ID:20090918042213
Fails(crashes with attachment 567821 [details]):
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a1pre) Gecko/20090919 Minefield/3.7a1pre ID:20090919050513
Bug 233463 - Have faster methods for getting at last frames
Created attachment 568888 [details]
the crash with attachment 568888 [details] occures with 90% scaling on A4. If it does not crash for you just adapt the spacer height till the image should be at the page boundary.
this is bug in table code
Created attachment 568889 [details] [diff] [review]
where the problem is
(In reply to Bernd from comment #13)
> Created attachment 568889 [details] [diff] [review] [diff] [details] [review]
> where the problem is
Applying this attachment solves the problem for my SM 2.7a1/Linux. For all testcases and also for the webpage which was the reason for filing this bug.
Created attachment 568927 [details] [diff] [review]
InsertFrames was previously tolerant against inserting empty frame lists, it did warn but it did not crash.
Try run for 12b61a5aeb6d is complete.
Detailed breakdown of the results available here:
Results (out of 33 total builds):
Builds available at http://firstname.lastname@example.org
the test failures are
/bin/sh: line 1: 8616 Segmentation fault XPCOM_DEBUG_BREAK=stack-and-abort /builds/slave/try-lnx/build/obj-firefox/dist/bin/run-mozilla.sh ../../../../../dist/bin/$f
make: *** [check] Error 139
make: Leaving directory `/builds/slave/try-lnx/build/obj-firefox/toolkit/components/places/tests/cpp'
This is a permaorange on try.
Comment on attachment 568927 [details] [diff] [review]
r=me. Sorry about the semantics change to InsertFrames and insufficient caller auditing. :( Serves me right for assuming that assertions aren't being triggered....