Closed Bug 99776 Opened 23 years ago Closed 23 years ago

[fix] crash in GetNearestContainingBlock()

Categories

(Core :: Layout, defect, P1)

Product:
Core
Component:
Layout
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla0.9.6

People

(Reporter: MatsPalmgren_bugz, Assigned: attinasi)

References

(
URL
)

Details

(Keywords: crash, testcase)

Attachments

(3 files)

Testcase
152 bytes, text/html
Details
Full stack trace
9.38 KB, text/plain
Details
PATCH to fix the way the ALT frames are created for positioned applets
2.12 KB, patch
dbaron
: review+
Details | Diff | Splinter Review 
DESCRIPTION:
MOZILLA caused an invalid page fault in
module GKLAYOUT.DLL at 0167:60375b86.

STEPS TO REPRODUCE:
1. go to http://www.unicode.com/index_flash.asp

ACTUAL RESULTS:
crash in GKLAYOUT.DLL

EXPECTED RESULTS:
no crash

DOES NOT WORK CORRECTLY ON:
Mozilla nightly build 2001-09-14-03 on Windows 98 SE.

WORKS CORRECTLY ON:
Communicator 4.7 on Windows 98 SE.
IE 5.00 on Windows 98 SE.

ADDITIONAL INFO:
The page contains a Flash animation.
Talkback IDs: TB35419056K and TB35419016X
Keywords: crash
Attached file Testcase 

    
    

    
  
It's an applet element with position:absolute that is the culprit. I have no
JVM plugin installed and Java is turned off in my preferences. Seems purely
Layout related so reassigning there.
Assignee: asa → attinasi
Component: Browser-General → Layout
Keywords: testcase
QA Contact: doronr → petersen

    
    

    
  
Since the testcase is a one-liner, here it is:
<applet style="position:absolute;left:7;top:73;"></applet>


    
    

    
  
Seeing this on current linux cvs too

###!!! ASSERTION: unexpected frame type: 'IsPlaceholderFrame(newFrame)', file
nsCSSFrameConstructor.cpp, line 10355
###!!! Break: at file nsCSSFrameConstructor.cpp, line 10355
###!!! ASSERTION: containing block height must be constrained:
'containingBlockHeight != NS_AUTOHEIGHT', file nsHTMLReflowState.cpp, line 904
###!!! Break: at file nsHTMLReflowState.cpp, line 904
###!!! ASSERTION: no placeholder frame: 'nsnull != placeholderFrame', file
nsHTMLReflowState.cpp, line 912
###!!! Break: at file nsHTMLReflowState.cpp, line 912

#0  0x41e82a80 in GetNearestContainingBlock (aFrame=0x0, aContentArea=@0xbfffcb34)
    at nsHTMLReflowState.cpp:489
#1  0x41e837b4 in nsHTMLReflowState::InitAbsoluteConstraints (this=0xbfffcdac, 
    aPresContext=0x88bb338, cbrs=0xbfffdad8, containingBlockWidth=11250, 
    containingBlockHeight=1073741824) at nsHTMLReflowState.cpp:917
#2  0x41e8518f in nsHTMLReflowState::InitConstraints (this=0xbfffcdac, 
    aPresContext=0x88bb338, aContainingBlockWidth=11250, 
    aContainingBlockHeight=1073741824) at nsHTMLReflowState.cpp:1801
(gdb) frame 0
#0  0x41e82a80 in GetNearestContainingBlock (aFrame=0x0, aContentArea=@0xbfffcb34)
    at nsHTMLReflowState.cpp:489
489       aFrame->GetParent(&aFrame);
(gdb) p aFrame
$1 = (nsIFrame *) 0x0
(gdb) frame 1
#1  0x41e837b4 in nsHTMLReflowState::InitAbsoluteConstraints (this=0xbfffcdac, 
    aPresContext=0x88bb338, cbrs=0xbfffdad8, containingBlockWidth=11250, 
    containingBlockHeight=1073741824) at nsHTMLReflowState.cpp:917
917       nsIFrame* blockFrame = GetNearestContainingBlock(placeholderFrame,
(gdb) p placeholderFrame
$2 = (nsIFrame *) 0x0

OS: Windows 98 → All
Hardware: PC → All
Summary: crash in GKLAYOUT.DLL → crash in GetNearestContainingBlock()

    
    

    
  
nsCSSFrameConstructor::CantRenderReplacedElement does not really handle absPos
applets correctly. I think the best thing to do is to fix the way the
placeholder is used for the alt-frame like is done for images. Easier still,
just prevent positioned applets from generating alt-text (probably adequate for
now considering our sad story for alt text in general).


Status: NEW → ASSIGNED

    
    

    
  
updates to priority and milestone.
Priority: -- → P1
Target Milestone: --- → mozilla0.9.6

    
    

    
  
Patch is attached that creates the alt-text frame correctly for applets. The old
way was just plain wrong, and now it uses the exact same mechanism as we use for
positioned images. 

Looking for reviews.

    
  
Summary: crash in GetNearestContainingBlock() → [fix] crash in GetNearestContainingBlock()

    
    

    
  
sr=hyatt


    
    

    
  
Comment on attachment 54126 [details] [diff] [review]
PATCH to fix the way the ALT frames are created for positioned applets

r=dbaron

        Attachment #54126 -
        Flags: review+

    
    

    
  
Checking in nsCSSFrameConstructor.cpp;
/cvsroot/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp,v  <--  
nsCSSFrameConstructor.cpp
new revision: 1.644; previous revision: 1.643

Marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

    
    

    
  
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/54417ebbaea2
Flags: in-testsuite+
Depends on: 483779

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: