Closed
Bug 317547
Opened 19 years ago
Closed 19 years ago
Crash [@ 035db954()] called from nsHTMLReflowState::ComputePadding() line 2444
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: bc, Assigned: sicking)
References
Details
(Keywords: crash, Whiteboard: [sg:dupe?] mentions stirdom)
Crash Data
Automated StirDOM testing on WinXP with today's FF trunk: stirdom: http://golem.ph.utexas.edu/~distler/blog/archives/000635.html parameters: 187,217,44,181 This is a duplicate stack from nsHTMLReflowState::ComputePadding and up to Bug 305386. Filing separate and marking confidential since it is stirdom related. 035db954() nsHTMLReflowState::ComputePadding(int 0x00002913, const nsHTMLReflowState * 0x001298e8) line 2444 + 20 bytes nsHTMLReflowState::InitConstraints(nsPresContext * 0x033d7b70, int 0x00002913, int 0x40000000, nsMargin * 0x00000000, nsMargin * 0x00000000) line 1763 nsHTMLReflowState::Init(nsPresContext * 0x033d7b70, int 0xffffffff, int 0xffffffff, nsMargin * 0x00000000, nsMargin * 0x00000000) line 343 nsHTMLReflowState::nsHTMLReflowState(nsPresContext * 0x033d7b70, const nsHTMLReflowState & {...}, nsIFrame * 0x035d0fac, const nsSize & {...}, nsReflowReason eReflowReason_Incremental, int 0x00000001) line 217 nsLineLayout::ReflowFrame(nsIFrame * 0x035d0fac, unsigned int & 0x00000000, nsHTMLReflowMetrics * 0x00000000, int & 0x00000000) line 912 nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineLayout & {...}, nsLineList_iterator {...}, nsIFrame * 0x035d0fac, unsigned char * 0x00128d37) line 4028 + 22 bytes nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState & {...}, nsLineLayout & {...}, nsLineList_iterator {...}, int * 0x001290f0, unsigned char * 0x00128e3b, int 0x00000000, int 0x00000001) line 3867 + 32 bytes nsBlockFrame::ReflowInlineFrames(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x001290f0, int 0x00000001, int 0x00000000) line 3740 + 46 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x001290f0, int 0x00000001) line 2735 + 33 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}, int 0x00000001) line 2269 + 31 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x03640018, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 902 + 17 bytes nsBlockReflowContext::ReflowBlock(const nsRect & {...}, int 0x00000001, nsCollapsingMargin & {...}, int 0x00000000, int 0x00000000, nsMargin & {...}, nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 605 + 42 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x00129d3c) line 3455 + 66 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x00129d3c, int 0x00000001) line 2617 + 27 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}, int 0x00000001) line 2269 + 31 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x034d6210, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 902 + 17 bytes nsBlockReflowContext::ReflowBlock(const nsRect & {...}, int 0x00000001, nsCollapsingMargin & {...}, int 0x00000000, int 0x00000001, nsMargin & {...}, nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 605 + 42 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0012a988) line 3455 + 66 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0012a988, int 0x00000001) line 2617 + 27 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}, int 0x00000001) line 2269 + 31 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x0354f5a0, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 902 + 17 bytes nsBlockReflowContext::ReflowBlock(const nsRect & {...}, int 0x00000000, nsCollapsingMargin & {...}, int 0x00000000, int 0x00000001, nsMargin & {...}, nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 605 + 42 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0012b5d4) line 3455 + 66 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0012b5d4, int 0x00000001) line 2617 + 27 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}, int 0x00000001) line 2269 + 31 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x0354f410, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 902 + 17 bytes nsBlockReflowContext::ReflowBlock(const nsRect & {...}, int 0x00000000, nsCollapsingMargin & {...}, int 0x00000000, int 0x00000001, nsMargin & {...}, nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 605 + 42 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0012c220) line 3455 + 66 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0012c220, int 0x00000001) line 2617 + 27 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}, int 0x00000001) line 2269 + 31 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x0354f280, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 902 + 17 bytes nsBlockReflowContext::ReflowBlock(const nsRect & {...}, int 0x00000000, nsCollapsingMargin & {...}, int 0x00000000, int 0x00000001, nsMargin & {...}, nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 605 + 42 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0012ce6c) line 3455 + 66 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0012ce6c, int 0x00000001) line 2617 + 27 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}, int 0x00000001) line 2269 + 31 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x0354f010, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 902 + 17 bytes nsBlockReflowContext::ReflowBlock(const nsRect & {...}, int 0x00000000, nsCollapsingMargin & {...}, int 0x00000000, int 0x00000001, nsMargin & {...}, nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 605 + 42 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0012dab8) line 3455 + 66 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0012dab8, int 0x00000001) line 2617 + 27 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}, int 0x00000001) line 2269 + 31 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x0354eee0, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 902 + 17 bytes nsBlockReflowContext::ReflowBlock(const nsRect & {...}, int 0x00000001, nsCollapsingMargin & {...}, int 0x00000000, int 0x00000001, nsMargin & {...}, nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 605 + 42 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0012e704) line 3455 + 66 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineList_iterator {...}, int * 0x0012e704, int 0x00000001) line 2617 + 27 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}, int 0x00000001) line 2269 + 31 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x0354ec8c, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 902 + 17 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x0354ec8c, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0x00000000, int 0x00000000, unsigned int 0x00000000, unsigned int & 0x00000000) line 891 + 31 bytes CanvasFrame::Reflow(CanvasFrame * const 0x034d2dc8, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 525 nsContainerFrame::ReflowChild(nsIFrame * 0x034d2dc8, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0x00000000, int 0x00000000, unsigned int 0x00000003, unsigned int & 0x00000000) line 891 + 31 bytes nsHTMLScrollFrame::ReflowScrolledFrame(const ScrollReflowState & {...}, int 0x00000000, int 0x00000001, nsHTMLReflowMetrics * 0x0012efe4, int 0x00000001) line 513 + 54 bytes nsHTMLScrollFrame::ReflowContents(ScrollReflowState * 0x0012f18c, const nsHTMLReflowMetrics & {...}) line 583 + 27 bytes nsHTMLScrollFrame::Reflow(nsHTMLScrollFrame * const 0x034d2f14, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 780 + 16 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x034d2f14, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0x00000000, int 0x00000000, unsigned int 0x00000000, unsigned int & 0x00000000) line 891 + 31 bytes ViewportFrame::Reflow(ViewportFrame * const 0x034d2d34, nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 229 + 43 bytes IncrementalReflow::Dispatch(nsPresContext * 0x033d7b70, nsHTMLReflowMetrics & {...}, const nsSize & {...}, nsIRenderingContext & {...}) line 857 PresShell::ProcessReflowCommands(int 0x00000001) line 6484 ReflowEvent::HandleEvent() line 6308 HandlePLEvent(PLEvent * 0x03750e50) line 6326 PL_HandleEvent(PLEvent * 0x03750e50) line 688 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00f512d8) line 623 + 9 bytes nsEventQueueImpl::ProcessPendingEvents(nsEventQueueImpl * const 0x00f293f0) line 417 + 12 bytes nsWindow::DispatchPendingEvents() line 4114 nsWindow::ProcessMessage(unsigned int 0x00000200, unsigned int 0x00000000, long 0x021f025a, long * 0x0012fb88) line 4495 nsWindow::WindowProc(HWND__ * 0x000c03d4, unsigned int 0x00000200, unsigned int 0x00000000, long 0x021f025a) line 1330 + 27 bytes USER32! 77d48734() USER32! 77d48816() USER32! 77d489cd() USER32! 77d48a10() nsAppShell::Run(nsAppShell * const 0x00f72a08) line 135 nsAppStartup::Run(nsAppStartup * const 0x00f72968) line 161 + 26 bytes XRE_main(int 0x00000004, char * * 0x003f6d28, const nsXREAppData * 0x0042101c kAppData) line 2289 + 35 bytes main(int 0x00000004, char * * 0x003f6d28) line 61 + 18 bytes mainCRTStartup() line 338 + 17 bytes
Comment 1•19 years ago
|
||
On the 1.5 branch I got a completely different stack, VerifyContextParent() in nsFrameManager.cpp is passed a deleted aFrame object.
Whiteboard: [sg:fix]
Updated•19 years ago
|
Flags: blocking1.8.0.1?
Updated•19 years ago
|
Assignee: nobody → bugmail
Comment 2•19 years ago
|
||
I'm seeing the top of the stack be: #5 <signal handler called> #6 0x013d8a2d in nsMathMLContainerFrame::GetType (this=0xa033d54) at /builds/trunk/mozilla/layout/mathml/base/src/nsMathMLContainerFrame.cpp:1167 #7 0x01010618 in nsHTMLReflowState::ComputePadding (this=0xbf864870, aContainingBlockWidth=10515, aContainingBlockRS=0xbf8655e8) at /builds/trunk/mozilla/layout/generic/nsHTMLReflowState.cpp:2444 #8 0x010129d3 in nsHTMLReflowState::InitConstraints (this=0xbf864870, aPresContext=0x9dd62d8, aContainingBlockWidth=10515, aContainingBlockHeight=1073741824, aBorder=0x0, aPadding=0x0) at /builds/trunk/mozilla/layout/generic/nsHTMLReflowState.cpp:1761 #9 0x01012c71 in nsHTMLReflowState::Init (this=0xbf864870, aPresContext=0x9dd62d8, aContainingBlockWidth=-1, aContainingBlockHeight=-1, aBorder=0x0, aPadding=0x0) at /builds/trunk/mozilla/layout/generic/nsHTMLReflowState.cpp:342 #10 0x01013428 in nsHTMLReflowState (this=0xbf864870, aPresContext=0x9dd62d8, aParentReflowState=@0xbf8655e8, aFrame=0xa033d54, aAvailableSpace=@0xbf864978, aReason=eReflowReason_Incremental, aInit=1) at /builds/trunk/mozilla/layout/generic/nsHTMLReflowState.cpp:212 #11 0x01024a93 in nsLineLayout::ReflowFrame (this=0xbf864b30, aFrame=0xa033d54, aReflowStatus=@0xbf864a34, aMetrics=0x0, aPushedFrame=@0xbf864a30) at /builds/trunk/mozilla/layout/generic/nsLineLayout.cpp:911 (gdb) frame 6 #6 0x013d8a2d in nsMathMLContainerFrame::GetType (this=0xa033d54) at /builds/trunk/mozilla/layout/mathml/base/src/nsMathMLContainerFrame.cpp:1167 1167 return mPresentationData.baseFrame->GetType(); (gdb) p mPresentatioinData No symbol "mPresentatioinData" in current context. (gdb) p mPresentationData $1 = {flags = 0, baseFrame = 0xa077d48, mstyle = 0x0, scriptLevel = 0} (gdb) p mPresentationData.baseFrame $2 = (class nsIFrame *) 0xa077d48 (gdb) x/wa *(void**) mPresentationData.baseFrame 0xa07747c: 0xa042f3c which makes it look a bit MathML-related.
Updated•19 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [sg:fix] → [sg:critical?]
Updated•19 years ago
|
Flags: blocking1.8.0.2?
Flags: blocking1.8.0.1?
Flags: blocking1.8.0.1-
Comment 3•19 years ago
|
||
WFM on WinXP with today's Firefox trunk build (on the QA machine closest to where Marcia sits). The status bar counter gets past 5000 without a crash. Several MathML StirDOM bugs have been fixed recently, so I'm guessing it got fixed through one of them. dbaron or bc, please reopen if you can still reproduce.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
Updated•19 years ago
|
Flags: blocking1.8.0.2? → blocking1.8.0.2-
Updated•18 years ago
|
Whiteboard: [sg:critical?] → [sg:dupe?] mentions stirdom
Updated•13 years ago
|
Crash Signature: [@ 035db954()]
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•