position:fixed form crash [@ gklayout::NS_NewPresShell]

VERIFIED FIXED in mozilla0.9.3

Status

()

Core
Layout
P2
critical
VERIFIED FIXED
17 years ago
9 years ago

People

(Reporter: Chad Austin, Assigned: Chris Waterson)

Tracking

({crash, testcase})

Trunk
mozilla0.9.3
crash, testcase
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(3 attachments)

(Reporter)

Description

17 years ago
Open the testcase.

Actual results:  *crash*

Expected results:  *crash*
(Reporter)

Comment 1

17 years ago
Created attachment 41081 [details]
testcase
(Reporter)

Updated

17 years ago
Keywords: crash, testcase
(Reporter)

Comment 2

17 years ago
Uhhh.  No, you don't expect a crash.  I meant *not crash*.  :)

Updated

17 years ago
Summary: position:fixed form crash → position:fixed form crash [@ gklayout::NS_NewPresShell]

Comment 3

17 years ago
Created attachment 41084 [details]
Dr. Watson log, TB32483095Z

Comment 4

17 years ago
Over to Layout.
Assignee: asa → karnaze
Component: Browser-General → Layout
QA Contact: doronr → petersen
I get this Stack trace with win2k build 20010702.. (CVS debug)

A part of that stack:
nsBlockReflowState::GetAvailableSpace(int 0) line 324 + 20 bytes
nsBlockReflowState::GetAvailableSpace() line 55
nsBlockFrame::PrepareResizeReflow(nsBlockReflowState & {...}) line 1623
nsBlockFrame::PrepareInitialReflow(nsBlockReflowState & {...}) line 1456
nsBlockFrame::Reflow(nsBlockFrame * const 0x04da6b3c, nsIPresContext * 
0x03cd6590, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 728 + 15 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x04da6b3c, nsIPresContext * 
0x03cd6590, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, 
int 0, unsigned int 0, unsigned int & 0) line 724 + 31 bytes
nsFieldSetFrame::Reflow(nsFieldSetFrame * const 0x04da6f50, nsIPresContext * 
0x03cd6590, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 459
ViewportFrame::ReflowFixedFrame(nsIPresContext * 0x03cd6590, const 
nsHTMLReflowState & {...}, nsIFrame * 0x04da6f50, int 1, unsigned int & 0) line 
362 + 37 bytes
ViewportFrame::IncrementalReflow(nsIPresContext * 0x03cd6590, const 
nsHTMLReflowState & {...}) line 457
ViewportFrame::Reflow(ViewportFrame * const 0x04da38f0, nsIPresContext * 
0x03cd6590, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 505
nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x03d4fdd0, 
nsIPresContext * 0x03cd6590, nsHTMLReflowMetrics & {...}, const nsSize & {...}, 
nsIRenderingContext & {...}) line 145
PresShell::ProcessReflowCommand(nsVoidArray & {...}, int 1, nsHTMLReflowMetrics 
& {...}, nsSize & {...}, nsIRenderingContext & {...}) line 5830
PresShell::ProcessReflowCommands(int 1) line 5885
I see this on Linux with a build from 2001-07-03 as well.

In an optimized build I crash in nsLineLayout::ReflowFrame()

In a debug build, I crash with:

#0  0x41aaa943 in nsBlockReflowState::GetAvailableSpace (this=0xbfffe7a0, aY=0)
    at nsBlockReflowState.cpp:324
#1  0x41c9608a in nsBlockReflowState::GetAvailableSpace (this=0xbfffe7a0)
    at nsBlockReflowState.h:54
#2  0x41a9f540 in nsBlockFrame::PrepareResizeReflow (this=0x8818320,
aState=@0xbfffe7a0)
    at nsBlockFrame.cpp:1618
#3  0x41a9f0a6 in nsBlockFrame::PrepareInitialReflow (this=0x8818320,
aState=@0xbfffe7a0)
    at nsBlockFrame.cpp:1455
#4  0x41a9d9f4 in nsBlockFrame::Reflow (this=0x8818320, aPresContext=0x85f56d8, 
    aMetrics=@0xbfffebf0, aReflowState=@0xbfffeb04, aStatus=@0xbfffee04)
    at nsBlockFrame.cpp:728

(gdb) frame 0
#0  0x41aaa943 in nsBlockReflowState::GetAvailableSpace (this=0xbfffe7a0, aY=0)
    at nsBlockReflowState.cpp:324
324       mSpaceManager->GetTranslation(wx, wy);
(gdb) p mSpaceManager
$1 = (nsISpaceManager *) 0x0


ccing waterson -- looks like his code.
OS: Windows 2000 → All
Hardware: PC → All
(Assignee)

Comment 7

17 years ago
ok, i'll take a look.
Assignee: karnaze → waterson
Priority: -- → P2
Target Milestone: --- → mozilla0.9.3
(Assignee)

Updated

17 years ago
Status: NEW → ASSIGNED
(Assignee)

Comment 8

17 years ago
Created attachment 41309 [details] [diff] [review]
fieldset's outer and inner should each always have a space manager
(Assignee)

Comment 9

17 years ago
The problem was that <fieldset> was not setting itself up properly to contain
floaters in the fixed-positioning case. I think that <fieldset> should never
allow floaters to spill outside of it, so the above patch sets a space manager
on the ``outer'' block frame (which contains the legend and deals with the
border) and the ``inner'' area frame (which contains the fieldset contents).
Setting a space manager on the outer frame handles the (admittedly bizarre) case
where something in the legend was floated.
(Assignee)

Updated

17 years ago
Keywords: patch
r=dbaron

Comment 11

17 years ago
sr=attinasi
(Assignee)

Comment 12

17 years ago
Fix checked in.
Status: ASSIGNED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
(Reporter)

Comment 13

17 years ago
In the branch or trunk or both?

Comment 14

17 years ago
bonsai sez trunk-only.

Comment 15

17 years ago
Marking verified fixed in the Sept 06 build (2001-09-06-03).
Status: RESOLVED → VERIFIED

Comment 16

9 years ago
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/5a6def05ccbc
Flags: in-testsuite+
Crash Signature: [@ gklayout::NS_NewPresShell]
You need to log in before you can comment on or make changes to this bug.