Closed
Bug 81860
Opened 24 years ago
Closed 24 years ago
crash when mousing over link in block reflow
Categories
(Core :: Layout, defect, P1)
Core
Layout
Tracking
()
mozilla0.9.1
People
(Reporter: blizzard, Assigned: waterson)
References
()
Details
(Keywords: crash, Whiteboard: want for mozilla 0.9.1)
Attachments
(3 files)
Build is from May 20, 2001. [13:13:55] <shaver> ok [13:13:57] <shaver> so go to [13:14:02] <shaver> http://www.xbox.com/news/0105/1102.htm [13:14:09] <shaver> press ctrl-+ to increase the font size once [13:14:22] <shaver> then mouse over the ``comparison between Infogrames' NASCAR Heat...'' link Stack trace follows: #0 0x405498e1 in __libc_nanosleep () from /lib/i686/libc.so.6 #1 0x40549761 in __sleep (seconds=300) at ../sysdeps/unix/sysv/linux/sleep.c:85 #2 0x080507ef in ah_crap_handler (signum=11) at nsSigHandlers.cpp:114 #3 0x401d1935 in pthread_sighandler (signo=11, ctx= {gs = 7, __gsh = 0, fs = 0, __fsh = 0, es = 43, __esh = 0, ds = 43, __dsh = 49168, edi = 1098179284, esi = 0, ebp = 3221198360, esp = 3221198284, ebx = 1098150388, edx = 1108423864, ecx = 3221198608, eax = 3221198312, trapno = 14, err = 4, eip = 4136, cs = 35, __csh = 0, eflags = 66198, esp_at_signal = 3221198284, ss = 43, __ssh = 0, fpstate = 0xbfff9350, oldmask = 2147483648, cr2 = 4136}) at signals.c:97 #4 <signal handler called> #5 0x00001028 in ?? () at eval.c:41 #6 0x415e8ebc in nsBlockFrame::ReflowDirtyLines (this=0x41fbe348, aState=@0xbfff9710) at nsBlockFrame.cpp:2024 #7 0x415e78b0 in nsBlockFrame::Reflow (this=0x41fbe348, aPresContext=0x41cead18, aMetrics=@0xbfff9cb8, aReflowState=@0xbfff9a70, aStatus=@0xbfff9ba0) at nsBlockFrame.cpp:793 #8 0x415eea1d in nsBlockReflowContext::DoReflowBlock (this=0xbfff9c70, aReflowState=@0xbfff9a70, aReason=eReflowReason_Incremental, aFrame=0x41fbe348, aSpace=@0xbfff9bb0, aApplyTopMargin=1, aPrevBottomMargin=180, aIsAdjacentWithTop=0, aComputedOffsets=@0xbfff9bc0, aFrameReflowStatus=@0xbfff9ba0) at nsBlockReflowContext.cpp:568 #9 0x415ee539 in nsBlockReflowContext::ReflowBlock (this=0xbfff9c70, aFrame=0x41fbe348, aSpace=@0xbfff9bb0, aApplyTopMargin=1, aPrevBottomMargin=180, aIsAdjacentWithTop=0, aComputedOffsets=@0xbfff9bc0, aFrameReflowStatus=@0xbfff9ba0) at nsBlockReflowContext.cpp:336 #10 0x415ea31f in nsBlockFrame::ReflowBlockFrame (this=0x41fbdf68, aState=@0xbfff9e90, aLine=0x41fbeb7c, aKeepReflowGoing=0xbfff9dcc) at nsBlockReflowState.h:79 #11 0x415e92c2 in nsBlockFrame::ReflowLine (this=0x41fbdf68, aState=@0xbfff9e90, aLine=0x41fbeb7c, aKeepReflowGoing=0xbfff9dcc, aDamageDirtyArea=1) at nsBlockFrame.cpp:2218 #12 0x415e8edc in nsBlockFrame::ReflowDirtyLines (this=0x41fbdf68, aState=@0xbfff9e90) at nsBlockFrame.cpp:2026 #13 0x415e78b0 in nsBlockFrame::Reflow (this=0x41fbdf68, aPresContext=0x41cead18, aMetrics=@0xbfffa438, aReflowState=@0xbfffa1f0, aStatus=@0xbfffa320) at nsBlockFrame.cpp:793 #14 0x415eea1d in nsBlockReflowContext::DoReflowBlock (this=0xbfffa3f0, aReflowState=@0xbfffa1f0, aReason=eReflowReason_Incremental, aFrame=0x41fbdf68, aSpace=@0xbfffa330, aApplyTopMargin=1, aPrevBottomMargin=0, aIsAdjacentWithTop=0, aComputedOffsets=@0xbfffa340, aFrameReflowStatus=@0xbfffa320) at nsBlockReflowContext.cpp:568 #15 0x415ee539 in nsBlockReflowContext::ReflowBlock (this=0xbfffa3f0, aFrame=0x41fbdf68, aSpace=@0xbfffa330, aApplyTopMargin=1, aPrevBottomMargin=0, aIsAdjacentWithTop=0, aComputedOffsets=@0xbfffa340, aFrameReflowStatus=@0xbfffa320) at nsBlockReflowContext.cpp:336 #16 0x415ea31f in nsBlockFrame::ReflowBlockFrame (this=0x41fb7be0, aState=@0xbfffa610, aLine=0x41fc0854, aKeepReflowGoing=0xbfffa54c) at nsBlockReflowState.h:79 #17 0x415e92c2 in nsBlockFrame::ReflowLine (this=0x41fb7be0, aState=@0xbfffa610, aLine=0x41fc0854, aKeepReflowGoing=0xbfffa54c, aDamageDirtyArea=1) at nsBlockFrame.cpp:2218 #18 0x415e8edc in nsBlockFrame::ReflowDirtyLines (this=0x41fb7be0, aState=@0xbfffa610) at nsBlockFrame.cpp:2026 #19 0x415e78b0 in nsBlockFrame::Reflow (this=0x41fb7be0, aPresContext=0x41cead18, aMetrics=@0xbfffaa20, aReflowState=@0xbfffa970, aStatus=@0xbfffbad0) at nsBlockFrame.cpp:793 #20 0x415f3019 in nsContainerFrame::ReflowChild (this=0x41fb7b88, aKidFrame=0x41fb7be0, aPresContext=0x41cead18, aDesiredSize=@0xbfffaa20, aReflowState=@0xbfffa970, aX=0, aY=0, aFlags=0, aStatus=@0xbfffbad0) at nsContainerFrame.cpp:722 #21 0x416997b9 in nsTableCellFrame::Reflow (this=0x41fb7b88, aPresContext=0x41cead18, aDesiredSize=@0xbfffac60, aReflowState=@0xbfffabb0, aStatus=@0xbfffbad0) at nsTableCellFrame.cpp:812 #22 0x415f3019 in nsContainerFrame::ReflowChild (this=0x41fb7290, aKidFrame=0x41fb7b88, aPresContext=0x41cead18, aDesiredSize=@0xbfffac60, aReflowState=@0xbfffabb0, aX=3210, aY=0, aFlags=0, aStatus=@0xbfffbad0) at nsContainerFrame.cpp:722 #23 0x416a9519 in nsTableRowFrame::IR_TargetIsChild (this=0x41fb7290, aPresContext=0x41cead18, aDesiredSize=@0xbfffae30, aReflowState=@0xbfffae80, aTableFrame=@0x41fb71f4, aStatus=@0xbfffbad0, aNextFrame=0x41fb7b88) at nsTableRowFrame.cpp:1092 #24 0x416a9258 in nsTableRowFrame::IncrementalReflow (this=0x41fb7290, aPresContext=0x41cead18, aDesiredSize=@0xbfffae30, aReflowState=@0xbfffae80, aTableFrame=@0x41fb71f4, aStatus=@0xbfffbad0) at nsTableRowFrame.cpp:986 #25 0x416a9941 in nsTableRowFrame::Reflow (this=0x41fb7290, aPresContext=0x41cead18, aDesiredSize=@0xbfffae30, aReflowState=@0xbfffae80, aStatus=@0xbfffbad0) at nsTableRowFrame.cpp:1258 #26 0x415f3019 in nsContainerFrame::ReflowChild (this=0x41fb7258, aKidFrame=0x41fb7290, aPresContext=0x41cead18, aDesiredSize=@0xbfffae30, aReflowState=@0xbfffae80, aX=0, aY=0, aFlags=0, aStatus=@0xbfffbad0) at nsContainerFrame.cpp:722 #27 0x416ac783 in nsTableRowGroupFrame::IR_TargetIsChild (this=0x41fb7258, aPresContext=0x41cead18, aDesiredSize=@0xbfffb180, aReflowState=@0xbfffafe0, aStatus=@0xbfffbad0, aNextFrame=0x41fb7290) at nsTableRowGroupFrame.cpp:1394 #28 0x416abde5 in nsTableRowGroupFrame::IncrementalReflow (this=0x41fb7258, aPresContext=0x41cead18, aDesiredSize=@0xbfffb180, aReflowState=@0xbfffafe0, aStatus=@0xbfffbad0) at nsTableRowGroupFrame.cpp:1108 #29 0x416abc64 in nsTableRowGroupFrame::Reflow (this=0x41fb7258, aPresContext=0x41cead18, aDesiredSize=@0xbfffb180, aReflowState=@0xbfffb0d0, aStatus=@0xbfffbad0) at nsTableRowGroupFrame.cpp:1031 #30 0x415f3019 in nsContainerFrame::ReflowChild (this=0x41fb71f4, aKidFrame=0x41fb7258, aPresContext=0x41cead18, aDesiredSize=@0xbfffb180, aReflowState=@0xbfffb0d0, aX=0, aY=0, aFlags=0, aStatus=@0xbfffbad0) at nsContainerFrame.cpp:722 #31 0x416a0826 in nsTableFrame::IR_TargetIsChild (this=0x41fb71f4, aPresContext=0x41cead18, aReflowState=@0xbfffb240, aStatus=@0xbfffbad0, aNextFrame=0x41fb7258) at nsTableFrame.cpp:2659 #32 0x416a0385 in nsTableFrame::IncrementalReflow (this=0x41fb71f4, aPresContext=0x41cead18, aReflowState=@0xbfffb3a0, aStatus=@0xbfffbad0) at nsTableFrame.cpp:2501 #33 0x4169ee5e in nsTableFrame::Reflow (this=0x41fb71f4, aPresContext=0x41cead18, aDesiredSize=@0xbfffb5b0, aReflowState=@0xbfffb3a0, aStatus=@0xbfffbad0) at nsTableFrame.cpp:1822 #34 0x415f3019 in nsContainerFrame::ReflowChild (this=0x41fb71ac, aKidFrame=0x41fb71f4, aPresContext=0x41cead18, aDesiredSize=@0xbfffb5b0, aReflowState=@0xbfffb3a0, aX=0, aY=0, aFlags=3, aStatus=@0xbfffbad0) at nsContainerFrame.cpp:722 #35 0x416a5862 in nsTableOuterFrame::OuterReflowChild (this=0x41fb71ac, aPresContext=0x41cead18, aChildFrame=0x41fb71f4, aOuterRS=@0xbfffb9a0, aMetrics=@0xbfffb5b0, aAvailWidth=0x0, aDesiredSize=@0xbfffb620, aMargin=@0xbfffb610, aMarginNoAuto=@0xbfffb600, aPadding=@0xbfffb5f0, aReflowReason=eReflowReason_Incremental, aStatus=@0xbfffbad0) at nsTableOuterFrame.cpp:984 #36 0x416a6400 in nsTableOuterFrame::IR_InnerTableReflow (this=0x41fb71ac, aPresContext=0x41cead18, aOuterMet=@0xbfffbbe8, aOuterRS=@0xbfffb9a0, aStatus=@0xbfffbad0) at nsTableOuterFrame.cpp:1286 #37 0x416a5ac2 in nsTableOuterFrame::IR_TargetIsInnerTableFrame ( this=0x41fb71ac, aPresContext=0x41cead18, aDesiredSize=@0xbfffbbe8, aReflowState=@0xbfffb9a0, aStatus=@0xbfffbad0) at nsTableOuterFrame.cpp:1090 #38 0x416a5a91 in nsTableOuterFrame::IR_TargetIsChild (this=0x41fb71ac, aPresContext=0x41cead18, aDesiredSize=@0xbfffbbe8, aReflowState=@0xbfffb9a0, aStatus=@0xbfffbad0, aNextFrame=0x41fb71f4) at nsTableOuterFrame.cpp:1074 #39 0x416a59f5 in nsTableOuterFrame::IncrementalReflow (this=0x41fb71ac, aPresContext=0x41cead18, aDesiredSize=@0xbfffbbe8, aReflowState=@0xbfffb9a0, aStatus=@0xbfffbad0) at nsTableOuterFrame.cpp:1041 #40 0x416a6e8c in nsTableOuterFrame::Reflow (this=0x41fb71ac, aPresContext=0x41cead18, aDesiredSize=@0xbfffbbe8, aOuterRS=@0xbfffb9a0, aStatus=@0xbfffbad0) at nsTableOuterFrame.cpp:1497 #41 0x415eea1d in nsBlockReflowContext::DoReflowBlock (this=0xbfffbba0, aReflowState=@0xbfffb9a0, aReason=eReflowReason_Incremental, aFrame=0x41fb71ac, aSpace=@0xbfffbae0, aApplyTopMargin=1, aPrevBottomMargin=0, aIsAdjacentWithTop=1, aComputedOffsets=@0xbfffbaf0, aFrameReflowStatus=@0xbfffbad0) at nsBlockReflowContext.cpp:568 #42 0x415ee539 in nsBlockReflowContext::ReflowBlock (this=0xbfffbba0, aFrame=0x41fb71ac, aSpace=@0xbfffbae0, aApplyTopMargin=1, aPrevBottomMargin=0, aIsAdjacentWithTop=1, aComputedOffsets=@0xbfffbaf0, aFrameReflowStatus=@0xbfffbad0) at nsBlockReflowContext.cpp:336 #43 0x415ea31f in nsBlockFrame::ReflowBlockFrame (this=0x41fb7128, aState=@0xbfffbdc0, aLine=0x41fa97d4, aKeepReflowGoing=0xbfffbcfc) at nsBlockReflowState.h:79 #44 0x415e92c2 in nsBlockFrame::ReflowLine (this=0x41fb7128, aState=@0xbfffbdc0, aLine=0x41fa97d4, aKeepReflowGoing=0xbfffbcfc, aDamageDirtyArea=1) at nsBlockFrame.cpp:2218 #45 0x415e8edc in nsBlockFrame::ReflowDirtyLines (this=0x41fb7128, aState=@0xbfffbdc0) at nsBlockFrame.cpp:2026 #46 0x415e78b0 in nsBlockFrame::Reflow (this=0x41fb7128, aPresContext=0x41cead18, aMetrics=@0xbfffc1d0, aReflowState=@0xbfffc120, aStatus=@0xbfffd280) at nsBlockFrame.cpp:793 #47 0x415f3019 in nsContainerFrame::ReflowChild (this=0x41fb0558, aKidFrame=0x41fb7128, aPresContext=0x41cead18, aDesiredSize=@0xbfffc1d0, aReflowState=@0xbfffc120, aX=0, aY=0, aFlags=0, aStatus=@0xbfffd280) at nsContainerFrame.cpp:722 #48 0x416997b9 in nsTableCellFrame::Reflow (this=0x41fb0558, aPresContext=0x41cead18, aDesiredSize=@0xbfffc410, aReflowState=@0xbfffc360, aStatus=@0xbfffd280) at nsTableCellFrame.cpp:812 #49 0x415f3019 in nsContainerFrame::ReflowChild (this=0x41fb0514, aKidFrame=0x41fb0558, aPresContext=0x41cead18, aDesiredSize=@0xbfffc410, aReflowState=@0xbfffc360, aX=0, aY=0, aFlags=0, aStatus=@0xbfffd280) at nsContainerFrame.cpp:722 #50 0x416a9519 in nsTableRowFrame::IR_TargetIsChild (this=0x41fb0514, aPresContext=0x41cead18, aDesiredSize=@0xbfffc5e0, aReflowState=@0xbfffc630, aTableFrame=@0x41ccd410, aStatus=@0xbfffd280, aNextFrame=0x41fb0558) at nsTableRowFrame.cpp:1092 #51 0x416a9258 in nsTableRowFrame::IncrementalReflow (this=0x41fb0514, aPresContext=0x41cead18, aDesiredSize=@0xbfffc5e0, aReflowState=@0xbfffc630, aTableFrame=@0x41ccd410, aStatus=@0xbfffd280) at nsTableRowFrame.cpp:986 #52 0x416a9941 in nsTableRowFrame::Reflow (this=0x41fb0514, aPresContext=0x41cead18, aDesiredSize=@0xbfffc5e0, aReflowState=@0xbfffc630, aStatus=@0xbfffd280) at nsTableRowFrame.cpp:1258 #53 0x415f3019 in nsContainerFrame::ReflowChild (this=0x41ccd474, aKidFrame=0x41fb0514, aPresContext=0x41cead18, aDesiredSize=@0xbfffc5e0, aReflowState=@0xbfffc630, aX=0, aY=2040, aFlags=0, aStatus=@0xbfffd280) at nsContainerFrame.cpp:722 #54 0x416ac783 in nsTableRowGroupFrame::IR_TargetIsChild (this=0x41ccd474, aPresContext=0x41cead18, aDesiredSize=@0xbfffc930, aReflowState=@0xbfffc790, aStatus=@0xbfffd280, aNextFrame=0x41fb0514) at nsTableRowGroupFrame.cpp:1394 #55 0x416abde5 in nsTableRowGroupFrame::IncrementalReflow (this=0x41ccd474, aPresContext=0x41cead18, aDesiredSize=@0xbfffc930, aReflowState=@0xbfffc790, aStatus=@0xbfffd280) at nsTableRowGroupFrame.cpp:1108 #56 0x416abc64 in nsTableRowGroupFrame::Reflow (this=0x41ccd474, aPresContext=0x41cead18, aDesiredSize=@0xbfffc930, aReflowState=@0xbfffc880, aStatus=@0xbfffd280) at nsTableRowGroupFrame.cpp:1031 #57 0x415f3019 in nsContainerFrame::ReflowChild (this=0x41ccd410, aKidFrame=0x41ccd474, aPresContext=0x41cead18, aDesiredSize=@0xbfffc930, aReflowState=@0xbfffc880, aX=0, aY=0, aFlags=0, aStatus=@0xbfffd280) at nsContainerFrame.cpp:722 #58 0x416a0826 in nsTableFrame::IR_TargetIsChild (this=0x41ccd410, aPresContext=0x41cead18, aReflowState=@0xbfffc9f0, aStatus=@0xbfffd280, aNextFrame=0x41ccd474) at nsTableFrame.cpp:2659 #59 0x416a0385 in nsTableFrame::IncrementalReflow (this=0x41ccd410, aPresContext=0x41cead18, aReflowState=@0xbfffcb50, aStatus=@0xbfffd280) at nsTableFrame.cpp:2501 #60 0x4169ee5e in nsTableFrame::Reflow (this=0x41ccd410, aPresContext=0x41cead18, aDesiredSize=@0xbfffcd60, aReflowState=@0xbfffcb50, aStatus=@0xbfffd280) at nsTableFrame.cpp:1822 #61 0x415f3019 in nsContainerFrame::ReflowChild (this=0x41ccd3c8, aKidFrame=0x41ccd410, aPresContext=0x41cead18, aDesiredSize=@0xbfffcd60, aReflowState=@0xbfffcb50, aX=2122, aY=0, aFlags=3, aStatus=@0xbfffd280) at nsContainerFrame.cpp:722 #62 0x416a5862 in nsTableOuterFrame::OuterReflowChild (this=0x41ccd3c8, aPresContext=0x41cead18, aChildFrame=0x41ccd410, aOuterRS=@0xbfffd150, aMetrics=@0xbfffcd60, aAvailWidth=0x0, aDesiredSize=@0xbfffcdd0, aMargin=@0xbfffcdc0, aMarginNoAuto=@0xbfffcdb0, aPadding=@0xbfffcda0, aReflowReason=eReflowReason_Incremental, aStatus=@0xbfffd280) at nsTableOuterFrame.cpp:984 #63 0x416a6400 in nsTableOuterFrame::IR_InnerTableReflow (this=0x41ccd3c8, aPresContext=0x41cead18, aOuterMet=@0xbfffd398, aOuterRS=@0xbfffd150, aStatus=@0xbfffd280) at nsTableOuterFrame.cpp:1286 #64 0x416a5ac2 in nsTableOuterFrame::IR_TargetIsInnerTableFrame ( this=0x41ccd3c8, aPresContext=0x41cead18, aDesiredSize=@0xbfffd398, aReflowState=@0xbfffd150, aStatus=@0xbfffd280) at nsTableOuterFrame.cpp:1090 #65 0x416a5a91 in nsTableOuterFrame::IR_TargetIsChild (this=0x41ccd3c8, aPresContext=0x41cead18, aDesiredSize=@0xbfffd398, aReflowState=@0xbfffd150, aStatus=@0xbfffd280, aNextFrame=0x41ccd410) at nsTableOuterFrame.cpp:1074 #66 0x416a59f5 in nsTableOuterFrame::IncrementalReflow (this=0x41ccd3c8, aPresContext=0x41cead18, aDesiredSize=@0xbfffd398, aReflowState=@0xbfffd150, aStatus=@0xbfffd280) at nsTableOuterFrame.cpp:1041 #67 0x416a6e8c in nsTableOuterFrame::Reflow (this=0x41ccd3c8, aPresContext=0x41cead18, aDesiredSize=@0xbfffd398, aOuterRS=@0xbfffd150, aStatus=@0xbfffd280) at nsTableOuterFrame.cpp:1497 #68 0x415eea1d in nsBlockReflowContext::DoReflowBlock (this=0xbfffd350, aReflowState=@0xbfffd150, aReason=eReflowReason_Incremental, aFrame=0x41ccd3c8, aSpace=@0xbfffd290, aApplyTopMargin=0, aPrevBottomMargin=0, aIsAdjacentWithTop=1, aComputedOffsets=@0xbfffd2a0, aFrameReflowStatus=@0xbfffd280) at nsBlockReflowContext.cpp:568 #69 0x415ee539 in nsBlockReflowContext::ReflowBlock (this=0xbfffd350, aFrame=0x41ccd3c8, aSpace=@0xbfffd290, aApplyTopMargin=0, aPrevBottomMargin=0, aIsAdjacentWithTop=1, aComputedOffsets=@0xbfffd2a0, aFrameReflowStatus=@0xbfffd280) at nsBlockReflowContext.cpp:336 #70 0x415ea31f in nsBlockFrame::ReflowBlockFrame (this=0x41ccd27c, aState=@0xbfffd570, aLine=0x41fd11d8, aKeepReflowGoing=0xbfffd4ac) at nsBlockReflowState.h:79 #71 0x415e92c2 in nsBlockFrame::ReflowLine (this=0x41ccd27c, aState=@0xbfffd570, aLine=0x41fd11d8, aKeepReflowGoing=0xbfffd4ac, aDamageDirtyArea=1) at nsBlockFrame.cpp:2218 #72 0x415e8edc in nsBlockFrame::ReflowDirtyLines (this=0x41ccd27c, aState=@0xbfffd570) at nsBlockFrame.cpp:2026 #73 0x415e78b0 in nsBlockFrame::Reflow (this=0x41ccd27c, aPresContext=0x41cead18, aMetrics=@0xbfffdb18, aReflowState=@0xbfffd8d0, aStatus=@0xbfffda00) at nsBlockFrame.cpp:793 #74 0x415eea1d in nsBlockReflowContext::DoReflowBlock (this=0xbfffdad0, aReflowState=@0xbfffd8d0, aReason=eReflowReason_Incremental, aFrame=0x41ccd27c, aSpace=@0xbfffda10, aApplyTopMargin=1, aPrevBottomMargin=0, aIsAdjacentWithTop=1, aComputedOffsets=@0xbfffda20, aFrameReflowStatus=@0xbfffda00) at nsBlockReflowContext.cpp:568 #75 0x415ee539 in nsBlockReflowContext::ReflowBlock (this=0xbfffdad0, aFrame=0x41ccd27c, aSpace=@0xbfffda10, aApplyTopMargin=1, aPrevBottomMargin=0, aIsAdjacentWithTop=1, aComputedOffsets=@0xbfffda20, aFrameReflowStatus=@0xbfffda00) at nsBlockReflowContext.cpp:336 #76 0x415ea31f in nsBlockFrame::ReflowBlockFrame (this=0x41ccd1f8, aState=@0xbfffdcf0, aLine=0x41ccd2ec, aKeepReflowGoing=0xbfffdc2c) at nsBlockReflowState.h:79 #77 0x415e92c2 in nsBlockFrame::ReflowLine (this=0x41ccd1f8, aState=@0xbfffdcf0, aLine=0x41ccd2ec, aKeepReflowGoing=0xbfffdc2c, aDamageDirtyArea=1) at nsBlockFrame.cpp:2218 #78 0x415e8edc in nsBlockFrame::ReflowDirtyLines (this=0x41ccd1f8, aState=@0xbfffdcf0) at nsBlockFrame.cpp:2026 #79 0x415e78b0 in nsBlockFrame::Reflow (this=0x41ccd1f8, aPresContext=0x41cead18, aMetrics=@0xbfffe0e0, aReflowState=@0xbfffe030, aStatus=@0xbfffe368) at nsBlockFrame.cpp:793 #80 0x415f3019 in nsContainerFrame::ReflowChild (this=0x41ccc4f8, aKidFrame=0x41ccd1f8, aPresContext=0x41cead18, aDesiredSize=@0xbfffe0e0, aReflowState=@0xbfffe030, aX=0, aY=0, aFlags=0, aStatus=@0xbfffe368) at nsContainerFrame.cpp:722 #81 0x41600902 in CanvasFrame::Reflow (this=0x41ccc4f8, aPresContext=0x41cead18, aDesiredSize=@0xbfffe380, aReflowState=@0xbfffe1a0, aStatus=@0xbfffe368) at nsHTMLFrame.cpp:319 #82 0x416c5732 in nsBoxToBlockAdaptor::Reflow (this=0x41ccd18c, aState=@0xbfffe7d0, aPresContext=0x41cead18, aDesiredSize=@0xbfffe380, aReflowState=@0xbfffe970, aStatus=@0xbfffe368, aX=0, aY=0, aWidth=15930, aHeight=11895, aMoveFrame=1) at nsBoxToBlockAdaptor.cpp:864 #83 0x416c4f7e in nsBoxToBlockAdaptor::DoLayout (this=0x41ccd18c, aState=@0xbfffe7d0) at nsBoxToBlockAdaptor.cpp:523 #84 0x416c2b61 in nsBox::Layout (this=0x41ccd18c, aState=@0xbfffe7d0) at nsBox.cpp:983 #85 0x416ae817 in nsScrollBoxFrame::DoLayout (this=0x41ccc5cc, aState=@0xbfffe7d0) at nsScrollBoxFrame.cpp:377 #86 0x416c2b61 in nsBox::Layout (this=0x41ccc600, aState=@0xbfffe7d0) at nsBox.cpp:983 #87 0x416c7064 in nsContainerBox::LayoutChildAt (aState=@0xbfffe7d0, aBox=0x41ccc600, aRect=@0xbfffe680) at nsContainerBox.cpp:591 #88 0x41639240 in nsGfxScrollFrameInner::LayoutBox (this=0x41ccb6a8, aState=@0xbfffe7d0, aBox=0x41ccc600, aRect=@0xbfffe680) at nsGfxScrollFrame.cpp:1038 #89 0x416394af in nsGfxScrollFrameInner::Layout (this=0x41ccb6a8, aState=@0xbfffe7d0) at nsGfxScrollFrame.cpp:1141 #90 0x41639287 in nsGfxScrollFrame::DoLayout (this=0x41ccc52c, aState=@0xbfffe7d0) at nsGfxScrollFrame.cpp:1046 #91 0x416c2b61 in nsBox::Layout (this=0x41ccc560, aState=@0xbfffe7d0) at nsBox.cpp:983 #92 0x416d221b in nsBoxFrame::Reflow (this=0x41ccc52c, aPresContext=0x41cead18, aDesiredSize=@0xbfffea30, aReflowState=@0xbfffe970, aStatus=@0xbfffeac8) at nsBoxFrame.cpp:778 #93 0x41638862 in nsGfxScrollFrame::Reflow (this=0x41ccc52c, aPresContext=0x41cead18, aDesiredSize=@0xbfffea30, aReflowState=@0xbfffe970, aStatus=@0xbfffeac8) at nsGfxScrollFrame.cpp:735 #94 0x415f3019 in nsContainerFrame::ReflowChild (this=0x41ccc4c0, aKidFrame=0x41ccc52c, aPresContext=0x41cead18, aDesiredSize=@0xbfffea30, aReflowState=@0xbfffe970, aX=0, aY=0, aFlags=0, aStatus=@0xbfffeac8) at nsContainerFrame.cpp:722 #95 0x416372e4 in ViewportFrame::Reflow (this=0x41ccc4c0, aPresContext=0x41cead18, aDesiredSize=@0xbfffec30, aReflowState=@0xbfffead0, aStatus=@0xbfffeac8) at nsViewportFrame.cpp:537 #96 0x41601dff in nsHTMLReflowCommand::Dispatch (this=0x8418238, aPresContext=0x41cead18, aDesiredSize=@0xbfffec30, aMaxSize=@0xbfffec20, aRendContext=@0x83db738) at nsHTMLReflowCommand.cpp:144 #97 0x41624eac in PresShell::ProcessReflowCommand (this=0x8409608, aQueue=@0x8409654, aAccumulateTime=0, aDesiredSize=@0xbfffec30, aMaxSize=@0xbfffec20, aRenderingContext=@0x83db738) at ../../../../dist/include/nsCOMPtr.h:642 #98 0x41625045 in PresShell::ProcessReflowCommands (this=0x8409608, aInterruptible=0) at nsPresShell.cpp:5766 #99 0x4162391b in PresShell::FlushPendingNotifications (this=0x8409608) at nsPresShell.cpp:4740 #100 0x411d5616 in nsEventStateManager::FlushPendingEvents (this=0x41cd1ef8, aPresContext=0x41cead18) at ../../../dist/include/nsCOMPtr.h:648 #101 0x411cd612 in nsEventStateManager::PreHandleEvent (this=0x41cd1ef8, aPresContext=0x41cead18, aEvent=0xbffff250, aTargetFrame=0x41fbe4ac, aStatus=0xbffff188, aView=0x41f6c4f8) at nsEventStateManager.cpp:340 #102 0x41624984 in PresShell::HandleEventInternal (this=0x8409608, aEvent=0xbffff250, aView=0x41f6c4f8, aFlags=1, aStatus=0xbffff188) at ../../../../dist/include/nsCOMPtr.h:642 #103 0x4162483f in PresShell::HandleEvent (this=0x8409608, aView=0x41f6c4f8, aEvent=0xbffff250, aEventStatus=0xbffff188, aForceHandle=0, aHandled=@0xbffff104) at nsPresShell.cpp:5439 #104 0x41758836 in nsView::HandleEvent (this=0x41f6c4f8, event=0xbffff250, aEventFlags=8, aStatus=0xbffff188, aForceHandle=0, aHandled=@0xbffff104) at nsView.cpp:364 #105 0x417587db in nsView::HandleEvent (this=0x41f6c1b8, event=0xbffff250, aEventFlags=8, aStatus=0xbffff188, aForceHandle=0, aHandled=@0xbffff104) at nsView.cpp:348 #106 0x417587db in nsView::HandleEvent (this=0x83d87f0, event=0xbffff250, aEventFlags=28, aStatus=0xbffff188, aForceHandle=1, aHandled=@0xbffff104) at nsView.cpp:348 #107 0x417626d5 in nsViewManager::DispatchEvent (this=0x83d8718, aEvent=0xbffff250, aStatus=0xbffff188) at nsViewManager.cpp:2054 #108 0x417581a2 in HandleEvent (aEvent=0xbffff250) at nsView.cpp:67 #109 0x40782c6a in nsWidget::DispatchEvent (this=0x41f6c240, aEvent=0xbffff250, aStatus=@0xbffff1dc) at nsWidget.cpp:1370 #110 0x40782b8a in nsWidget::DispatchWindowEvent (this=0x41f6c240, event=0xbffff250) at nsWidget.cpp:1261 #111 0x40782d00 in nsWidget::DispatchMouseEvent (this=0x41f6c240, aEvent=@0xbffff250) at nsWidget.cpp:1397 #112 0x40783105 in nsWidget::OnMotionNotifySignal (this=0x41f6c240, aGdkMotionEvent=0x81c64c0) at nsWidget.cpp:1631 #113 0x4078726d in nsWindow::HandleGDKEvent (this=0x41f6c240, event=0x81c64c0) at nsWindow.cpp:1523 #114 0x4077d7de in dispatch_superwin_event (event=0x81c64c0, window=0x41f6c240) at nsGtkEventHandler.cpp:1022 #115 0x4077d496 in handle_gdk_event (event=0x81c64c0, data=0x0) at nsGtkEventHandler.cpp:843 #116 0x4032dd5f in gdk_event_dispatch () from /usr/lib/libgdk-1.2.so.0 #117 0x40360783 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0 #118 0x40360d49 in g_main_iterate () from /usr/lib/libglib-1.2.so.0 #119 0x40360efc in g_main_run () from /usr/lib/libglib-1.2.so.0 #120 0x402758f3 in gtk_main () from /usr/lib/libgtk-1.2.so.0 #121 0x40775046 in nsAppShell::Run (this=0x80ece58) at nsAppShell.cpp:360 #122 0x4074ae5a in nsAppShellService::Run (this=0x80e0858) at ../../../dist/include/nsCOMPtr.h:649 #123 0x0804fa37 in main1 (argc=1, argv=0xbffff82c, nativeApp=0x0) at ../../dist/include/nsCOMPtr.h:649 #124 0x080502d3 in main (argc=1, argv=0xbffff82c) at nsAppRunner.cpp:1391 #125 0x404ab177 in __libc_start_main (main=0x8050188 <main>, argc=1, ubp_av=0xbffff82c, init=0x804be88 <_init>, fini=0x805211c <_fini>, rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff81c) at ../sysdeps/generic/libc-start.c:129
I reproduced this twice. The first time, I got the same stack as above, but the
second I got something slightly different that makes a lot more sense:
#0 0x40653241 in __libc_nanosleep () from /lib/libc.so.6
#1 0x406530c1 in __sleep (seconds=300)
at ../sysdeps/unix/sysv/linux/sleep.c:85
#2 0x0805abb1 in ah_crap_handler(int) (signum=11)
at /builds/seamonkey/mozilla/xpfe/bootstrap/nsSigHandlers.cpp:124
#3 0x402e207e in pthread_sighandler (signo=11, ctx=
{gs = 0, __gsh = 0, fs = 0, __fsh = 0, es = 43, __esh = 0, ds = 43, __dsh
= 0, edi = 3221203208, esi = 3221199784, ebp = 3221193152, esp = 3221193080, ebx
= 1092788116, edx = 76, ecx = 1114135464, eax = 3221193136, trapno = 14, err =
4, eip = 1090154914, cs = 35, __csh = 0, eflags = 66050, esp_at_signal =
3221193080, ss = 43, __ssh = 0, fpstate = 0xbfff7ef8, oldmask = 2147483648, cr2
= 76})
at signals.c:97
#4 <signal handler called>
#5 0x40fa71a2 in
nsBlockFrame::IsIncrementalDamageConstrained(nsBlockReflowState const&) const
(this=0x42825e70, aState=@0xbfff8478)
at /builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp:1937
#6 0x40fa75bb in nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) (
this=0x42825e70, aState=@0xbfff8478)
at /builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp:2026
#7 0x40fa4e02 in nsBlockFrame::Reflow(nsIPresContext*, nsHTMLReflowMetrics&,
nsHTMLReflowState const&, unsigned&) (this=0x42825e70, aPresContext=0x85a46e0,
aMetrics=@0xbfff8a70, aReflowState=@0xbfff87f8, aStatus=@0xbfff893c)
at /builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp:793
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) frame 5
#5 0x40fa71a2 in
nsBlockFrame::IsIncrementalDamageConstrained(nsBlockReflowState const&) const
(this=0x42825e70, aState=@0xbfff8478)
at /builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp:1937
1937 target->GetParent(&parent);
Current language: auto; currently c++
(gdb) p target
$1 = (nsIFrame *) 0x428c44b8
(gdb) p *target
$2 = {<nsISupports> = {_vptr.nsISupports = 0x0}, <No data fields>}
(gdb) x/wa *(void**)aState.mReflowState.reflowCommand
0x412120a8 <_ZTV19nsHTMLReflowCommand+8>: 0x40fd1650
<_ZN19nsHTMLReflowCommand14QueryInterfaceERK4nsIDPPv>
(gdb) p *(nsHTMLReflowCommand*)aState.mReflowState.reflowCommand
$7 = {<nsIReflowCommand> = {<nsISupports> = {
_vptr.nsISupports = 0x412120a8}, <No data fields>},
mRefCnt = 1701602660, _mOwningThread = 0x76286574, mType = 711223663,
mTargetFrame = 0x51, mChildFrame = 0x1, mPrevSiblingFrame = 0x1,
mAttribute = 0x426fecf0, mListName = 0x0, mPath = <incomplete type>,
mFlags = 0}
I am seeing the same trace as dbaron on Win2K. It crashes when attempting to do
"target->GetParent(&parent)" because the (non null) target pointer is corrupted
(its __vfptr is null in the debugger).
PRBool nsBlockFrame::IsIncrementalDamageConstrained(const nsBlockReflowState&
aState) const
{
// see if the reflow will go through a text control. if so, we can optimize
// because we know the text control won't change size.
if (aState.mReflowState.reflowCommand)
{
nsIFrame *target;
aState.mReflowState.reflowCommand->GetTarget(target);
while (target)
{ // starting with the target's parent, scan for a text control
nsIFrame *parent;
==> target->GetParent(&parent);
The crash happens when a link is wrapped inside a table-cell.
To reproduce:
1 - load the attached testcase
2a - Pick a window size so that the 'Hello World' is _wrapped_ in two lines
2b - Ctrl++ to zoom the text
3 - -> crash
You have to pick a window size in 2a & 2b, so that you start with
a wrapped 'Hello World, and after Ctrl+, you still have a wrapped
'Hello World'. The starting zoom level from where to achieve this
doesn't matter.
As I am typing this, I am realising that I could have picked a longer
sentence in the link element to make reproducing the crash easier. I will
attach another patch. (I have verified that it is not a regression from
my checkin in bug 43914.)
|
Assignee | |
Comment 10•24 years ago
|
||
taking off karnaze's list.
Assignee: karnaze → waterson
Priority: -- → P1
Target Milestone: --- → mozilla0.9.1
|
||
Comment 11•24 years ago
|
||
*** Bug 82052 has been marked as a duplicate of this bug. ***
|
|
||
Comment 13•24 years ago
|
||
Dup - same stack trace and symptoms. Marking as dup since the other one has a full analysis with a patch. *** This bug has been marked as a duplicate of 79508 ***
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•