Closed Bug 793473 Opened 7 years ago Closed 7 years ago

crash in nsPrintEngine::ReconstructAndReflow

Categories

(Core :: Layout, defect, critical)

18 Branch
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla18

People

(Reporter: scoobidiver, Assigned: smaug)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

It first appeared in 18.0a1/20120921. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=1e56d3016820&tochange=48c4938eaf57
It's likely a regression from bug 468568.

Signature 	nsPrintEngine::ReconstructAndReflow(bool) More Reports Search
UUID	7cfa9e2c-d3c3-42de-a15c-f251a2120922
Date Processed	2012-09-22 16:49:10
Uptime	11
Last Crash	32 seconds before submission
Install Age	1.1 days since version was first installed.
Install Time	2012-09-21 14:39:14
Product	Firefox
Version	18.0a1
Build ID	20120921030601
Release Channel	nightly
OS	Windows NT
OS Version	6.0.6002 Service Pack 2
Build Architecture	x86
Build Architecture Info	AuthenticAMD family 16 model 4 stepping 2
Crash Reason	EXCEPTION_ACCESS_VIOLATION_WRITE
Crash Address	0xb4
User Comments	Trying to print a webpage.
App Notes 	
AdapterVendorID: 0x10de, AdapterDeviceID: 0x0640, AdapterSubsysID: 00000000, AdapterDriverVersion: 8.17.12.7533
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ 
EMCheckCompatibility	True
Adapter Vendor ID	0x10de
Adapter Device ID	0x0640
Total Virtual Memory	4294836224
Available Virtual Memory	3765301248
System Memory Use Percentage	43
Available Page File	6781706240
Available Physical Memory	2428968960

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsPrintEngine::ReconstructAndReflow 	layout/printing/nsPrintEngine.cpp:1656
1 	xul.dll 	nsPrintEngine::SetupToPrintContent 	layout/printing/nsPrintEngine.cpp:1723
2 	xul.dll 	nsPrintEngine::DocumentReadyForPrinting 	layout/printing/nsPrintEngine.cpp:1491
3 	xul.dll 	nsPrintEngine::AfterNetworkPrint 	layout/printing/nsPrintEngine.cpp:1905
4 	xul.dll 	nsPrintEngine::InitPrintDocConstruction 	layout/printing/nsPrintEngine.cpp:1890
5 	xul.dll 	nsPrintEngine::Observe 	layout/printing/nsPrintEngine.cpp:3619
6 	xul.dll 	nsPrintProgress::DoneIniting 	embedding/components/printingui/src/win/nsPrintProgress.cpp:191
7 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:70
8 	xul.dll 	XPCWrappedNative::CallMethod 	js/xpconnect/src/XPCWrappedNative.cpp:2405
9 	xul.dll 	XPC_WN_CallMethod 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1469
10 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:367
11 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2454
12 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:378
13 	xul.dll 	XPC_WN_JSOp_ThisObject 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1275
14 	xul.dll 	nsSHistory::GetTransactionAtIndex 	docshell/shistory/src/nsSHistory.cpp:550
15 	xul.dll 	nsEffectiveTLDService::GetBaseDomainInternal 	netwerk/dns/nsEffectiveTLDService.cpp:261
16 		@0xffffff86

More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsPrintEngine%3A%3AReconstructAndReflow%28bool%29
https://crash-stats.mozilla.com/report/list?signature=nsPrintEngine%3A%3AReconstructAndReflow
Crash Signature: [@ nsPrintEngine::ReconstructAndReflow(bool)] [@ nsPrintEngine::ReconstructAndReflow] → [@ nsPrintEngine::ReconstructAndReflow(bool) ] [@ nsPrintEngine::ReconstructAndReflow ]
Looks like null pointer crash (0 + offset). Looking.
Assignee: nobody → bugs
Attached patch patchSplinter Review
Since we now create and iterate POs a bit differently, need to be
more careful to make the descendants of non-printable POs to be non-printables 
too.

I don't have a test case, but based on code inspection this could help.
Attachment #663811 - Flags: review?(roc)
https://hg.mozilla.org/mozilla-central/rev/0ba97d9a1564

Marking this bug fixed. If there are still crashes, please open a new bug.
(I'll try to remember to check crash-stat too)
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
You need to log in before you can comment on or make changes to this bug.