Closed
Bug 1429
Opened 26 years ago
Closed 26 years ago
Beyond Stack Write
Categories
(Core :: Layout: Tables, defect, P1)
Tracking
()
People
(Reporter: troy, Assigned: buster)
References
()
Details
[E] BSW: Beyond stack write in nsTableFrame::GetNextAvailRowIndex(void)const {1
occurrence}
Writing 4 bytes to 0x0013d768 (top of stack is at 0x0013d76c))
Address 0x0013d768 points into a thread's stack
Address 0x0013d768 is the local variable 'cellMap' in
nsTableFrame::GetNextAvailRowIndex(void)const
Thread ID: 0xca
Error location
nsTableFrame::GetNextAvailRowIndex(void)const [nsTableFrame.cpp:786]
PRInt32 nsTableFrame::GetNextAvailRowIndex() const
{
PRInt32 result=0;
=> nsCellMap *cellMap = GetCellMap();
NS_PRECONDITION (nsnull!=cellMap, "null cellMap.");
if (nsnull!=cellMap)
{
nsTableRowFrame::InitChildren(int) [nsTableRowFrame.cpp:127]
mInitializedChildren=PR_TRUE;
PRInt32 rowIndex;
if (-1==aRowIndex)
=> rowIndex = table->GetNextAvailRowIndex();
else
rowIndex = aRowIndex;
SetRowIndex(rowIndex);
nsTableFrame::DidAppendRowGroup(nsTableRowGroupFrame *)
[nsTableFrame.cpp:336]
nextRow->GetStyleData(eStyleStruct_Display, (nsStyleStruct
*&)rowDisplay);
if (NS_STYLE_DISPLAY_TABLE_ROW==rowDisplay->mDisplay)
{
=> rv = ((nsTableRowFrame *)nextRow)->InitChildren();
if (NS_FAILED(rv))
return rv;
}
nsTableFrame::SetInitialChildList(nsIPresContext&,nsIAtom *,nsIFrame *)
[nsTableFrame.cpp:317]
HTMLStyleSheetImpl::ConstructTableFrame(nsIPresContext *,nsIContent
*,nsIFrame *,nsIStyleContext *,nsIFrame *&) [nsHTMLStyleSheet.cpp:1131]
HTMLStyleSheetImpl::ConstructFrameByDisplayType(nsIPresContext
*,nsStyleDisplay const*,nsIContent *,nsIFrame *,nsIStyleContext *,nsIFrame *&)
[nsHTMLStyleSheet.cpp:1467]
HTMLStyleSheetImpl::ConstructFrame(nsIPresContext *,nsIContent
*,nsIFrame *,nsIFrame *&) [nsHTMLStyleSheet.cpp:1767]
HTMLStyleSheetImpl::ProcessChildren(nsIPresContext *,nsIFrame
*,nsIContent *,nsIFrame *&) [nsHTMLStyleSheet.cpp:877]
HTMLStyleSheetImpl::ConstructFrameByDisplayType(nsIPresContext
*,nsStyleDisplay const*,nsIContent *,nsIFrame *,nsIStyleContext *,nsIFrame *&)
[nsHTMLStyleSheet.cpp:1540]
HTMLStyleSheetImpl::ConstructFrame(nsIPresContext *,nsIContent
*,nsIFrame *,nsIFrame *&) [nsHTMLStyleSheet.cpp:1767]
Causes a crash on http://www.citibank.com/ as well
this appears to be a duplicate of 1379, but I'm leaving it open until I verify
the fix in purify. The problem is that a table frame's style context is getting
mapped incorrectly (possibly due to it getting inappropriately wrapped in a
scrolling wrappper frame.) Lots of code in table frame land relies on that
display type to be correct.
*** Bug 1426 has been marked as a duplicate of this bug. ***
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → DUPLICATE
verified that this is a duplicate of 1379 using purify
*** This bug has been marked as a duplicate of 1379 ***
You need to log in
before you can comment on or make changes to this bug.
Description
•