Closed
Bug 89101
Opened 23 years ago
Closed 23 years ago
position:fixed form crash [@ gklayout::NS_NewPresShell]
Categories
(Core :: Layout, defect, P2)
Core
Layout
Tracking
()
VERIFIED
FIXED
mozilla0.9.3
People
(Reporter: caustin, Assigned: waterson)
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(3 files)
267 bytes,
text/html
|
Details | |
30.39 KB,
text/plain
|
Details | |
1.26 KB,
patch
|
Details | Diff | Splinter Review |
Open the testcase. Actual results: *crash* Expected results: *crash*
Reporter | ||
Comment 1•23 years ago
|
||
Reporter | ||
Updated•23 years ago
|
Reporter | ||
Comment 2•23 years ago
|
||
Uhhh. No, you don't expect a crash. I meant *not crash*. :)
Updated•23 years ago
|
Summary: position:fixed form crash → position:fixed form crash [@ gklayout::NS_NewPresShell]
Comment 3•23 years ago
|
||
Comment 4•23 years ago
|
||
Over to Layout.
Assignee: asa → karnaze
Component: Browser-General → Layout
QA Contact: doronr → petersen
Comment 5•23 years ago
|
||
I get this Stack trace with win2k build 20010702.. (CVS debug) A part of that stack: nsBlockReflowState::GetAvailableSpace(int 0) line 324 + 20 bytes nsBlockReflowState::GetAvailableSpace() line 55 nsBlockFrame::PrepareResizeReflow(nsBlockReflowState & {...}) line 1623 nsBlockFrame::PrepareInitialReflow(nsBlockReflowState & {...}) line 1456 nsBlockFrame::Reflow(nsBlockFrame * const 0x04da6b3c, nsIPresContext * 0x03cd6590, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 728 + 15 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x04da6b3c, nsIPresContext * 0x03cd6590, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 724 + 31 bytes nsFieldSetFrame::Reflow(nsFieldSetFrame * const 0x04da6f50, nsIPresContext * 0x03cd6590, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 459 ViewportFrame::ReflowFixedFrame(nsIPresContext * 0x03cd6590, const nsHTMLReflowState & {...}, nsIFrame * 0x04da6f50, int 1, unsigned int & 0) line 362 + 37 bytes ViewportFrame::IncrementalReflow(nsIPresContext * 0x03cd6590, const nsHTMLReflowState & {...}) line 457 ViewportFrame::Reflow(ViewportFrame * const 0x04da38f0, nsIPresContext * 0x03cd6590, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 505 nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x03d4fdd0, nsIPresContext * 0x03cd6590, nsHTMLReflowMetrics & {...}, const nsSize & {...}, nsIRenderingContext & {...}) line 145 PresShell::ProcessReflowCommand(nsVoidArray & {...}, int 1, nsHTMLReflowMetrics & {...}, nsSize & {...}, nsIRenderingContext & {...}) line 5830 PresShell::ProcessReflowCommands(int 1) line 5885
Comment 6•23 years ago
|
||
I see this on Linux with a build from 2001-07-03 as well. In an optimized build I crash in nsLineLayout::ReflowFrame() In a debug build, I crash with: #0 0x41aaa943 in nsBlockReflowState::GetAvailableSpace (this=0xbfffe7a0, aY=0) at nsBlockReflowState.cpp:324 #1 0x41c9608a in nsBlockReflowState::GetAvailableSpace (this=0xbfffe7a0) at nsBlockReflowState.h:54 #2 0x41a9f540 in nsBlockFrame::PrepareResizeReflow (this=0x8818320, aState=@0xbfffe7a0) at nsBlockFrame.cpp:1618 #3 0x41a9f0a6 in nsBlockFrame::PrepareInitialReflow (this=0x8818320, aState=@0xbfffe7a0) at nsBlockFrame.cpp:1455 #4 0x41a9d9f4 in nsBlockFrame::Reflow (this=0x8818320, aPresContext=0x85f56d8, aMetrics=@0xbfffebf0, aReflowState=@0xbfffeb04, aStatus=@0xbfffee04) at nsBlockFrame.cpp:728 (gdb) frame 0 #0 0x41aaa943 in nsBlockReflowState::GetAvailableSpace (this=0xbfffe7a0, aY=0) at nsBlockReflowState.cpp:324 324 mSpaceManager->GetTranslation(wx, wy); (gdb) p mSpaceManager $1 = (nsISpaceManager *) 0x0 ccing waterson -- looks like his code.
OS: Windows 2000 → All
Hardware: PC → All
Assignee | ||
Comment 7•23 years ago
|
||
ok, i'll take a look.
Assignee: karnaze → waterson
Priority: -- → P2
Target Milestone: --- → mozilla0.9.3
Assignee | ||
Updated•23 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 8•23 years ago
|
||
Assignee | ||
Comment 9•23 years ago
|
||
The problem was that <fieldset> was not setting itself up properly to contain floaters in the fixed-positioning case. I think that <fieldset> should never allow floaters to spill outside of it, so the above patch sets a space manager on the ``outer'' block frame (which contains the legend and deals with the border) and the ``inner'' area frame (which contains the fieldset contents). Setting a space manager on the outer frame handles the (admittedly bizarre) case where something in the legend was floated.
r=dbaron
Comment 11•23 years ago
|
||
sr=attinasi
Assignee | ||
Comment 12•23 years ago
|
||
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 13•23 years ago
|
||
In the branch or trunk or both?
Comment 14•23 years ago
|
||
bonsai sez trunk-only.
Comment 15•23 years ago
|
||
Marking verified fixed in the Sept 06 build (2001-09-06-03).
Status: RESOLVED → VERIFIED
Comment 16•15 years ago
|
||
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/5a6def05ccbc
Flags: in-testsuite+
Updated•13 years ago
|
Crash Signature: [@ gklayout::NS_NewPresShell]
You need to log in
before you can comment on or make changes to this bug.
Description
•