Closed Bug 710137 Opened 9 years ago Closed 9 years ago

crash nsLayoutUtils::IsContainerForFontSizeInflation

Categories

(Firefox for Android Graveyard :: General, defect, P5)

ARM
Android
defect

Tracking

(firefox10 unaffected, firefox11 verified, firefox12 unaffected, firefox13 unaffected, fennec11+)

VERIFIED FIXED
Firefox 11
Tracking Status
firefox10 --- unaffected
firefox11 --- verified
firefox12 --- unaffected
firefox13 --- unaffected
fennec 11+ ---

People

(Reporter: akeybl, Assigned: mats)

References

Details

(Keywords: crash, reproducible, Whiteboard: [native-crash] [MTD][readability])

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-d6016eb9-cb72-4762-9b9b-4888a2111212 .
============================================================= 

Str:

1. go to ddg.gg
2. type test into box
3. hit search, crash
Frame 	Module 	Signature [Expand] 	Source
0 	libxul.so 	nsLayoutUtils::IsContainerForFontSizeInflation 	layout/base/nsLayoutUtils.cpp:4567
1 	libxul.so 	nsLayoutUtils::InflationMinFontSizeFor 	layout/base/nsLayoutUtils.cpp:4644
2 	libxul.so 	nsLayoutUtils::FontSizeInflationFor 	layout/base/nsLayoutUtils.cpp:4758
3 	libxul.so 	nsHTMLReflowState::CalcLineHeight 	layout/generic/nsHTMLReflowState.cpp:2198
4 	libxul.so 	nsBlockReflowState::nsBlockReflowState 	layout/generic/nsBlockReflowState.cpp:148
5 	libxul.so 	nsBlockFrame::Reflow 	layout/generic/nsBlockFrame.cpp:1006
6 	libxul.so 	nsAbsoluteContainingBlock::ReflowAbsoluteFrame 	layout/generic/nsAbsoluteContainingBlock.cpp:444
7 	libxul.so 	nsAbsoluteContainingBlock::Reflow 	layout/generic/nsAbsoluteContainingBlock.cpp:158
8 	libxul.so 	ViewportFrame::Reflow 	layout/generic/nsViewportFrame.cpp:272
9 	libxul.so 	PresShell::DoReflow 	layout/base/nsPresShell.cpp:7293
10 	libxul.so 	PresShell::ProcessReflowCommands 	layout/base/nsPresShell.cpp:7433
11 	libxul.so 	PresShell::FlushPendingNotifications 	layout/base/nsPresShell.cpp:4096
12 	libxul.so 	nsDocument::FlushPendingNotifications 	content/base/src/nsDocument.cpp:6272
13 	libxul.so 	nsGlobalWindow::FlushPendingNotifications 	dom/base/nsGlobalWindow.cpp:9837
14 	libxul.so 	nsGlobalWindow::ScrollTo 	dom/base/nsGlobalWindow.cpp:5420
15 	libxul.so 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp:194
16 	libxul.so 	XPCWrappedNative::CallMethod 	js/xpconnect/src/XPCWrappedNative.cpp:2929
17 	libxul.so 	XPC_WN_CallMethod 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1554
18 	libxul.so 	js::InvokeKernel 	js/src/jscntxtinlines.h:311
19 	libxul.so 	js::Interpret 	js/src/jsinterp.cpp:3499
20 	libxul.so 	js::RunScript 	js/src/jsinterp.cpp:580
21 	libxul.so 	js::InvokeGetterOrSetter 	js/src/jsinterp.cpp:643
22 	libxul.so 	js::Shape::set 	js/src/jsscopeinlines.h:262
23 	libxul.so 	js_SetPropertyHelper 	js/src/jsobj.cpp:6232
24 	libxul.so 	js::Interpret 	js/src/jsinterp.cpp:3289
25 	libxul.so 	js::RunScript 	js/src/jsinterp.cpp:580
26 	libxul.so 	js::Invoke 	js/src/jsinterp.cpp:643
27 	libxul.so 	JS_CallFunctionValue 	js/src/jsapi.cpp:5178
28 	libxul.so 	nsXPCWrappedJSClass::CallMethod 	js/xpconnect/src/XPCWrappedJSClass.cpp:1530
29 	libxul.so 	nsXPCWrappedJS::CallMethod 	js/xpconnect/src/XPCWrappedJS.cpp:611
30 	libxul.so 	PrepareAndDispatch 	xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:131
31 	libxul.so 	libxul.so@0x9e2cfb 	
32 	libxul.so 	nsObserverList::NotifyObservers 	xpcom/ds/nsObserverList.cpp:130
Keywords: reproducible
Whiteboard: [native-crash]
Whiteboard: [native-crash] → [native-crash] [MTD]
OS: Linux → Android
Hardware: All → ARM
Priority: -- → P5
Whiteboard: [native-crash] [MTD] → [native-crash] [MTD][readability]
I saw this crash a few days ago, but I don't anymore.
tracking-fennec: --- → 11+
(In reply to David Baron [:dbaron] from comment #3)
> I saw this crash a few days ago, but I don't anymore.

I don't see this crash anymore, either...
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
(In reply to Naoki Hirata :nhirata from comment #5)
> Crash signatures in Socorro indicate that this bug isn't resolved in Aurora:
> https://crash-stats.mozilla.com/report/
> list?range_value=7&range_unit=days&date=2012-01-
> 29&signature=nsLayoutUtils%3A%3AIsContainerForFontSizeInflation&version=Fenne
> cAndroid%3A11.0a2

My mistake. 

Naoki, could we get URLs for this crash?
Keywords: needURLs
The only URLs that were listed are : 
about:home
http://duckduckgo.com/?q=weather
Attached patch fixSplinter Review
This is for the mozilla-beta branch; the method
nsLayoutUtils::InflationMinFontSizeFor(const nsHTMLReflowState &aReflowState)
does not exist in aurora/trunk, so the crash only occurs in the Fx11 branch.

Let's just add some null-checks here to avoid crashing....
Attachment #593772 - Flags: review?(sjohnson)
Comment on attachment 593772 [details] [diff] [review]
fix

Review of attachment 593772 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good to me.
Attachment #593772 - Flags: review?(sjohnson) → review+
Comment on attachment 593772 [details] [diff] [review]
fix

[Approval Request Comment]
Regression caused by (bug #): font-inflation feature
User impact if declined: occasional null-pointer crashes
Testing completed (on m-c, etc.): none, patch only applies to Fx11
Risk to taking this patch (and alternatives if risky): low
String changes made by this patch: none
Attachment #593772 - Flags: approval-mozilla-beta?
Assignee: nobody → matspal
Comment on attachment 593772 [details] [diff] [review]
fix

[Triage Comment]
Mobile only - approved for Beta 11.
Attachment #593772 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
https://hg.mozilla.org/releases/mozilla-beta/rev/3cf7e2290ea1
Status: REOPENED → RESOLVED
Closed: 9 years ago9 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 11
Verified fixed on build:
Firefox 11 (tinderbox build): 	1328738704/	08-Feb-2012 15:44
20120208140504
Device: LG Optimus 2X (Android 2.2.2)
Status: RESOLVED → VERIFIED
Keywords: needURLs
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.