Closed
Bug 873275
Opened 11 years ago
Closed 8 years ago
crash in nsDisplayList::RemoveBottom
Categories
(Core :: Web Painting, defect)
Core
Web Painting
Tracking
()
People
(Reporter: wsmwk, Unassigned)
Details
(Keywords: crash, Whiteboard: [tbird crash])
Crash Data
not a new crash for thunderbird. bp-4b2735c5-dfdc-41c6-bc18-5a8412130515 TB22.0a2 ============================================================= 0 xul.dll nsDisplayList::RemoveBottom layout/base/nsDisplayList.cpp:1230 1 xul.dll nsDisplayList::DeleteAll layout/base/nsDisplayList.cpp:1241 2 xul.dll nsDisplayListCollection::~nsDisplayListCollection 3 xul.dll nsBoxFrame::BuildDisplayList layout/xul/base/src/nsBoxFrame.cpp:1344 4 xul.dll nsIFrame::BuildDisplayListForChild layout/generic/nsFrame.cpp:2234 5 xul.dll nsBoxFrame::BuildDisplayListForChildren layout/xul/base/src/nsBoxFrame.cpp:1357 6 xul.dll nsBoxFrame::BuildDisplayList layout/xul/base/src/nsBoxFrame.cpp:1323 7 xul.dll nsIFrame::BuildDisplayListForChild layout/generic/nsFrame.cpp:2234 8 xul.dll nsBoxFrame::BuildDisplayListForChildren layout/xul/base/src/nsBoxFrame.cpp:1357 9 xul.dll nsBoxFrame::BuildDisplayList layout/xul/base/src/nsBoxFrame.cpp:1323 hg@1 1226nsDisplayItem* nsDisplayList::RemoveBottom() { hg@1 1227 nsDisplayItem* item = mSentinel.mAbove; hg@1 1228 if (!item) ayg@103959 1229 return nullptr; hg@1 1230 mSentinel.mAbove = item->mAbove;
|
||
Updated•11 years ago
|
Component: General → Layout
Product: Thunderbird → Core
|
||
Comment 1•10 years ago
|
||
I looked through some of the recent reports on this signature and they don't match the stack above. Instead, the current stack on Windows is: nsDisplayList::RemoveBottom() PresShell::Paint(nsView*, nsRegion const&, unsigned int) nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) which doesn't really make sense. The Linux crashes have a better stack: nsDisplayList::RemoveBottom() nsDisplayList::FlattenTo(nsTArray<nsDisplayItem*>*) nsDisplayList::FlattenTo(nsTArray<nsDisplayItem*>*) nsDisplayList::ComputeVisibilityForSublist(nsDisplayListBuilder*, nsRegion*, nsRect const&, nsRect const&, nsIFrame*) nsDisplayList::ComputeVisibilityForRoot(nsDisplayListBuilder*, nsRegion*, nsIFrame*) nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, unsigned int) PresShell::Paint(nsView*, nsRegion const&, unsigned int) nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) nsRefreshDriver::Tick(long, mozilla::TimeStamp) bp-b0c13d16-7e9b-4217-a2a3-5ae572141008 bp-1a44a9b8-d957-4be1-993e-720ae2140925 About 250 reported crashes in the past 4 weeks.
OS: Windows NT → All
Hardware: x86 → All
|
||
Updated•9 years ago
|
Crash Signature: [@ nsDisplayList::RemoveBottom()] → [@ nsDisplayList::RemoveBottom()]
[@ nsDisplayList::RemoveBottom]
|
Reporter | |
Comment 2•8 years ago
|
||
(In reply to Mats Palmgren (:mats) from comment #1) > I looked through some of the recent reports on this signature and they don't > match the stack above. Instead, the current stack on Windows is: > > nsDisplayList::RemoveBottom() > PresShell::Paint(nsView*, nsRegion const&, unsigned int) > nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) > nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) only 2 crashes per week now for thunderbird, and stacks still do not match. From a thunderbird POV, not worth keeping open. But maybe for firefox? ... > which doesn't really make sense. The Linux crashes have a better stack: > > nsDisplayList::RemoveBottom() > nsDisplayList::FlattenTo(nsTArray<nsDisplayItem*>*) > nsDisplayList::FlattenTo(nsTArray<nsDisplayItem*>*) > nsDisplayList::ComputeVisibilityForSublist(nsDisplayListBuilder*, nsRegion*, > nsRect const&, nsRect const&, nsIFrame*) > nsDisplayList::ComputeVisibilityForRoot(nsDisplayListBuilder*, nsRegion*, > nsIFrame*) > nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, > unsigned int, unsigned int) > PresShell::Paint(nsView*, nsRegion const&, unsigned int) > nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) > nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) > nsRefreshDriver::Tick(long, mozilla::TimeStamp) > > bp-b0c13d16-7e9b-4217-a2a3-5ae572141008 > bp-1a44a9b8-d957-4be1-993e-720ae2140925 > > About 250 reported crashes in the past 4 weeks. about the same rate now - 65 in the past week
|
||
Comment 3•8 years ago
|
||
Crash volume for signature 'nsDisplayList::RemoveBottom':
- nightly (version 50): 1 crash from 2016-06-06.
- aurora (version 49): 3 crashes from 2016-06-07.
- beta (version 48): 46 crashes from 2016-06-06.
- release (version 47): 84 crashes from 2016-05-31.
- esr (version 45): 3 crashes from 2016-04-07.
Crash volume on the last weeks:
Week N-1 Week N-2 Week N-3 Week N-4 Week N-5 Week N-6 Week N-7
- nightly 0 0 0 0 1 0 0
- aurora 0 0 0 2 1 0 0
- beta 10 6 5 7 8 8 0
- release 14 19 11 11 9 14 4
- esr 0 0 1 1 0 1 0
Affected platforms: Windows, Mac OS X, Linux
status-firefox47:
--- → affected
status-firefox48:
--- → affected
status-firefox49:
--- → affected
status-firefox50:
--- → affected
status-firefox-esr45:
--- → affected
|
|
||
Updated•8 years ago
|
Component: Layout → Layout: View Rendering
|
|
Reporter | |
Comment 4•8 years ago
|
||
This is currently quite rare. I sampled a few both Thunderbird and Firefox crashes - only a few per week. Firefox crashes not match the stack of comment 0. Plus I sampled a few Thunderbird users with emails and they have a variety of signatures - so I think the original Thunderbird crash is gone or morhped to another signature. In short I do not believe there is an actionable crash in the layout code via this bug report
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Whiteboard: [tbird crash]
|
|
Reporter | |
Updated•8 years ago
|
Resolution: FIXED → WORKSFORME
|
Assignee | |
Updated•6 years ago
|
Component: Layout: View Rendering → Layout: Web Painting
|
||
Updated•2 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•