Closed
Bug 131008
Opened 23 years ago
Closed 18 years ago
Crash with 1 line of XUL [@ nsHTMLContainerFrame::CreateViewForFrame ][@ nsIFrame::GetView ]
Categories
(Core :: Layout, defect, P4)
Core
Layout
Tracking
()
RESOLVED
WORKSFORME
Future
People
(Reporter: mike, Unassigned)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(2 files)
... or maybe it isn't XUL. First off, this is almost certainly invalid markup,
but it gives me definite, 100% repeatable crashes on 0.9.9 Win98:
<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
<window xmlns:html="http://www.w3.org/1999/xhtml"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
id="MainWindow"
title="IWindow Test">
<div style="width: 200px; height: 200px; background: lightblue; display:float;
position:absolute">abc</div>
</window>
Okay, there's almost certainly something wrong with that style, it's ages since
I did any CSS and I was never especially good at it anyway ;) Talkback IDs for
this one are:
TB4049014W
TB4049006H
email: mike@theoretic.com
|
||
Comment 1•23 years ago
|
||
Stack trace from talkback (both id's have identical stacks):
nsHTMLContainerFrame::CreateViewForFrame
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsHTMLContainerFrame.cpp, line
555]
nsCSSFrameConstructor::ConstructFrameByDisplayType
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6103]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7107]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6963]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 12048]
nsCSSFrameConstructor::ConstructDocElementFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 3296]
nsCSSFrameConstructor::ContentInserted
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 8598]
StyleSetImpl::ContentInserted
[d:\builds\seamonkey\mozilla\content\base\src\nsStyleSet.cpp, line 1452]
PresShell::InitialReflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 2633]
nsXULDocument::StartLayout
[d:\builds\seamonkey\mozilla\content\xul\document\src\nsXULDocument.cpp, line 4403]
nsXULDocument::ResumeWalk
[d:\builds\seamonkey\mozilla\content\xul\document\src\nsXULDocument.cpp, line 5945]
nsXULDocument::OnStreamComplete
[d:\builds\seamonkey\mozilla\content\xul\document\src\nsXULDocument.cpp, line 6162]
nsStreamLoader::OnStopRequest
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamLoader.cpp, line 163]
nsFileChannel::OnStopRequest
[d:\builds\seamonkey\mozilla\netwerk\protocol\file\src\nsFileChannel.cpp, line 483]
nsOnStopRequestEvent::HandleEvent
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsRequestObserverProxy.cpp, line 213]
PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 591]
PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c,
line 524]
_md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line
1072]
KERNEL32.DLL + 0x242e7 (0xbff942e7)
0x00648c16
|
||
Comment 2•23 years ago
|
||
All that's needed is the "position:absolute"
|
||
Comment 3•23 years ago
|
||
Also crashing build 2002031221 on Linux.
OS -> All.
|
||
Updated•23 years ago
|
Target Milestone: --- → Future
|
|
||
Comment 5•22 years ago
|
||
still crashing using Linux build 20021128, same stack as comment 1.
Keywords: clean-report
Summary: Crash with 1 line of XUL → Crash with 1 line of XUL [@ nsHTMLContainerFrame::CreateViewForFrame ]
|
||
Comment 7•22 years ago
|
||
ran into this myself, nasty.
|
|
||
Comment 8•22 years ago
|
||
So the problem here is that nsCSSFrameConstructor::ConstructDocElementFrame only
pushes the root element as an absolute containing block if isBlockFrame is set.
For XUL, it is _not_ set (it's not a blockframe).
The result is that we end up constructing an abs pos frame with a null parent
later on, and nsHTMLContainerFrame::CreateViewForFrame does not null-check the
result of GetParent().
It's not clear to me, frankly, how exactly a XUL box would go about being an
absolute containing block (I think I can see how it would have to act; we would
need a lot of work to get that working, though...).
|
||
Comment 9•21 years ago
|
||
(My crashes (TB23304148, TB23287311) on minimal testcase were with
nsIFrame::GetView signature, so adding it to summary)
Summary: Crash with 1 line of XUL [@ nsHTMLContainerFrame::CreateViewForFrame ] → Crash with 1 line of XUL [@ nsHTMLContainerFrame::CreateViewForFrame ][@ nsIFrame::GetView ]
|
||
Comment 10•21 years ago
|
||
same crash, but on Mac OS X 10.2.8
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7a) Gecko/20031223
|
|
||
Comment 11•21 years ago
|
||
Oh I see, that it's probably the same as bug 229263
|
||
Comment 12•20 years ago
|
||
wfm winxp 2004111204
|
|
||
Comment 13•20 years ago
|
||
This is covered over on trunk by some null-checks that effectively disable
positioning in XUL.... Those really need to be removed, though.
Depends on: 137216
|
||
Comment 14•20 years ago
|
||
|
||
Comment 15•18 years ago
|
||
The Minimal testcase WFM using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060526 Minefield/3.0a1 ID:2006052604
|
||
Comment 16•18 years ago
|
||
The testcase is also wfm with:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060916
Minefield/3.0a1
Most likely fixed by bug 231776.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
|
||
Comment 17•16 years ago
|
||
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/54417ebbaea2
Flags: in-testsuite+
|
||
Updated•13 years ago
|
Crash Signature: [@ nsHTMLContainerFrame::CreateViewForFrame ]
[@ nsIFrame::GetView ]
You need to log in
before you can comment on or make changes to this bug.
Description
•