Build: 2000031608 I noticed that 2000.0316.08 crashed for me on NT 2000 after a few (5) seconds of resizing the following pages: A. http://www.slashdot.org B. http://www.mozillazine.org C. http://www.w3c.org D. http://docs.iplanet.com/docs/manuals/psm/psm-mozilla/index.html - it did not crash on the following: www.infoseek.com cnn.com mozilla.org yahoo.com I finally decided to isolate the HTML causing the problem - I chose D. to do this with. I reduced it down the following HTML: <html> <head> <title>Netscape PSM for Mozilla</title> </head> <body> <FONT FACE="Arial, Helvetica" SIZE="-1"> <tt>heres some TT text</tt> Normal Text <tt>More TT text</tt> </body> </html> ----------------------------- It seems like the you need to have the following criteria satisfied to crash: - FONT FACE tags - at least 2 TT tags, with some regular text in between. To try this out, paste the provided HTML into a file, load up that file in mozilla, and resize at a fairly moderate pace for 10-15 seconds. (Grab the right-hand window border when resizing). Also, you have to resize small enough that reflows are happening for the crash to happen. Note - I have 2 CPU's in my machine. I don't know how much impact that has. Let me know if you cannot reproduce this, and I will try to re-run it on a talkback build. Doctor watson report shows this for each error: The application, mozilla.exe, generated an application error The error occurred on 03/16/2000 @ 19:34:51.328 The exception generated was c0000005 at address 601943AB (nsStyleChangeList::Count) I am not sure if A. B. C. D. have the same root problem as D. did.

Here's some more DrWatson: Here's the Assembly dump from around the fault address: function: nsStyleChangeList::Count 60194392 89450c mov [ebp+0xc],eax ss:00935e2e=???????? 60194395 746b jz NS_NewPresShell+0x422e (6019cf02) 60194397 8b4dfc mov ecx,[ebp+0xfc] ss:00935e2e=???????? 6019439a 837e0c00 cmp dword ptr [esi+0xc],0x0 ds:00935e56=???????? 6019439e 0fb6492f movzx ecx,byte ptr [ecx+0x2f] ds:0080d5d7=?? 601943a2 894d10 mov [ebp+0x10],ecx ss:00935e2e=???????? 601943a5 740a jz NS_NewPresShell+0x41dd (6019ceb1) 601943a7 8b08 mov ecx,[eax] ds:01db048c=00000000 601943a9 53 push ebx 601943aa 50 push eax FAULT ->601943ab ff5148 call dword ptr [ecx+0x48] ds:0080d5d6=???????? 601943ae 8b450c mov eax,[ebp+0xc] ss:00935e2e=???????? 601943b1 ff7518 push dword ptr [ebp+0x18] ss:00935e2e=???????? 601943b4 8bcb mov ecx,ebx 601943b6 50 push eax 601943b7 56 push esi FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00128858 60194312 01EA9630 01DB048C 00000000 00128970 gkhtml!nsStyleChangeList::Count 00128894 601A37E0 018DE33C 01EA9630 00128970 018DE308 gkhtml!nsStyleChangeList::Count 001289D4 601AB953 018DE33C 000004B0 00128A08 00000000 gkhtml!NS_NewPresShell 00128A10 601AB7F4 0012923C 00128A6C 018DE370 018DE33C gkhtml!NS_NewFrameManager 00128A44 601AB6E5 0012923C 00128A6C 018DE33C 0012921C gkhtml!NS_NewFrameManager etc. etc.

Didn't crash for me, and I also ran under Purify and it didn't report any suspicious memory problems either. Based on the reference to nsStyleChangeList::Count changing component to Style System

Actually it crashes when the window is under a certain size. You don't even have to resize it. Just make the window pretty small and load up /. (Slashdot). Pow. Crash in GKHTML.DLL. I am building a debug now to post a call stack.

Woops. Confirming on Win2000 200031508.

On resizing Slashdot, I get this: NTDLL! 77f9f9df() nsDebug::Assertion(const char * 0x016d9764, const char * 0x016d975c, const char * 0x016d9718, int 810) line 189 + 13 bytes nsContainerFrame::DeleteChildsNextInFlow(nsIPresContext * 0x03733f10, nsIFrame * 0x03914dd8) line 810 + 34 bytes nsLineLayout::ReflowFrame(nsIFrame * 0x03914dd8, nsIFrame * * 0x00128304, unsigned int & 0, nsHTMLReflowMetrics * 0x00000000, int & 0) line 1155 + 35 bytes nsInlineFrame::ReflowInlineFrame(nsIPresContext * 0x03733f10, const nsHTMLReflowState & {...}, nsInlineFrame::InlineReflowState & {...}, nsIFrame * 0x03914dd8, unsigned int & 0) line 524 + 26 bytes nsInlineFrame::ReflowFrames(nsIPresContext * 0x03733f10, const nsHTMLReflowState & {...}, nsInlineFrame::InlineReflowState & {...}, nsHTMLReflowMetrics & {...}, unsigned int & 0) line 376 + 28 bytes nsInlineFrame::Reflow(nsInlineFrame * const 0x03a10688, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 300 + 28 bytes nsLineLayout::ReflowFrame(nsIFrame * 0x03a10688, nsIFrame * * 0x00129134, unsigned int & 0, nsHTMLReflowMetrics * 0x00000000, int & 0) line 987 + 44 bytes nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineLayout & {...}, nsLineBox * 0x03a1b4a8, nsIFrame * 0x03a10688, unsigned char * 0x00128534) line 4011 + 32 bytes nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState & {...}, nsLineLayout & {...}, nsLineBox * 0x03a1b4a8, int * 0x00128e08, unsigned char * 0x00128c58, int 0) line 3895 + 28 bytes nsBlockFrame::DoReflowInlineFramesAuto(nsBlockReflowState & {...}, nsLineBox * 0x03a1b4a8, int * 0x00128e08, unsigned char * 0x00128c58, int 0) line 3836 + 38 bytes nsBlockFrame::ReflowInlineFrames(nsBlockReflowState & {...}, nsLineBox * 0x03a1b4a8, int * 0x00128e08, int 0) line 3781 + 28 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x03a1b4a8, int * 0x00128e08, int 0) line 2953 + 25 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2658 + 27 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x038f279c, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1577 + 15 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x038f279c, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 646 + 33 bytes nsTableCellFrame::Reflow(nsTableCellFrame * const 0x038f2740, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 694 nsContainerFrame::ReflowChild(nsIFrame * 0x038f2740, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 1170, int 0, unsigned int 0, unsigned int & 0) line 646 + 33 bytes nsTableRowFrame::ResizeReflow(nsTableRowFrame * const 0x038dc690, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, RowReflowState & {...}, unsigned int & 0, int 0) line 829 + 55 bytes nsTableRowFrame::Reflow(nsTableRowFrame * const 0x038dc690, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1374 + 35 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x038dc690, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 646 + 33 bytes nsTableRowGroupFrame::ReflowMappedChildren(nsTableRowGroupFrame * const 0x038dc650, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, RowGroupReflowState & {...}, unsigned int & 0, nsTableRowFrame * 0x00000000, nsReflowReason eReflowReason_Resize, int 1, int 0) line 433 + 45 bytes nsTableRowGroupFrame::Reflow(nsTableRowGroupFrame * const 0x038dc650, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1088 + 38 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x038dc650, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 646 + 33 bytes nsTableFrame::ReflowMappedChildren(nsTableFrame * const 0x038d8668, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, InnerTableReflowState & {...}, unsigned int & 0) line 2941 + 41 bytes nsTableFrame::ResizeReflowPass2(nsTableFrame * const 0x038d8668, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1952 + 33 bytes nsTableFrame::Reflow(nsTableFrame * const 0x038d8668, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1596 + 36 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x038d8668, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 646 + 33 bytes nsTableOuterFrame::Reflow(nsTableOuterFrame * const 0x038d8614, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1003 + 43 bytes nsBlockReflowContext::ReflowBlock(nsIFrame * 0x038d8614, const nsRect & {...}, int 1, int 0, int 0, nsMargin & {...}, unsigned int & 0) line 449 + 47 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox * 0x039749c8, int * 0x0012a6a8) line 3538 + 59 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x039749c8, int * 0x0012a6a8, int 0) line 2851 + 23 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2658 + 27 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x038a57fc, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1577 + 15 bytes nsBlockReflowContext::ReflowBlock(nsIFrame * 0x038a57fc, const nsRect & {...}, int 1, int 0, int 1, nsMargin & {...}, unsigned int & 0) line 449 + 47 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox * 0x038a5844, int * 0x0012b038) line 3538 + 59 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x038a5844, int * 0x0012b038, int 0) line 2851 + 23 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2658 + 27 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x038a57b0, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1577 + 15 bytes nsAreaFrame::Reflow(nsAreaFrame * const 0x038a57b0, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 272 + 25 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x038a57b0, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 646 + 33 bytes RootFrame::Reflow(RootFrame * const 0x0378012c, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 331 nsContainerFrame::ReflowChild(nsIFrame * 0x0378012c, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 1, unsigned int & 0) line 646 + 33 bytes nsScrollPortFrame::Reflow(nsScrollPortFrame * const 0x037801b4, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 480 nsContainerFrame::ReflowChild(nsIFrame * 0x037801b4, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 3, unsigned int & 0) line 646 + 33 bytes nsGfxScrollFrameInner::ReflowFrame(nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0, nsIFrame * 0x037801b4, const nsSize & {...}, const nsSize & {...}, int & 0, nsIFrame * & 0x00000000) line 1361 nsGfxScrollFrameInner::ReflowScrollArea(nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0, nsIFrame * & 0x00000000) line 1428 nsGfxScrollFrame::Reflow(nsGfxScrollFrame * const 0x03780168, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 582 nsContainerFrame::ReflowChild(nsIFrame * 0x03780168, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 646 + 33 bytes ViewportFrame::Reflow(ViewportFrame * const 0x037800f0, nsIPresContext * 0x03733f10, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 531 PresShell::ResizeReflow(PresShell * const 0x0374da10, int 9480, int 4920) line 1380 + 50 bytes PresShell::ResizeReflow(PresShell * const 0x0374da14, nsIView * 0x0381d658, int 9480, int 4920) line 3095 + 26 bytes nsViewManager2::SetWindowDimensions(nsViewManager2 * const 0x0381d3f8, int 9480, int 4920) line 389 + 38 bytes nsViewManager2::DispatchEvent(nsViewManager2 * const 0x0381d3f8, nsGUIEvent * 0x0012c518, nsEventStatus * 0x0012c470) line 1155 + 48 bytes HandleEvent(nsGUIEvent * 0x0012c518) line 68 + 22 bytes nsWindow::DispatchEvent(nsWindow * const 0x0374d734, nsGUIEvent * 0x0012c518, nsEventStatus & nsEventStatus_eIgnore) line 493 + 12 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012c518) line 513 + 29 bytes nsWindow::OnResize(nsRect & {...}) line 2918 + 17 bytes nsWindow::ProcessMessage(unsigned int 71, unsigned int 0, long 1230936, long * 0x0012c7c8) line 2458 + 26 bytes nsWindow::WindowProc(HWND__ * 0x000f03c0, unsigned int 71, unsigned int 0, long 1230936) line 671 + 29 bytes USER32! 77e13eb0() USER32! 77e1591b() USER32! 77e165dc() NTDLL! 77f9fb83() DocumentViewerImpl::SetBounds(DocumentViewerImpl * const 0x038b6f20, const nsRect & {...}) line 598 + 57 bytes nsDocShell::SetPositionAndSize(nsDocShell * const 0x0370f064, int 0, int 0, int 632, int 328, int 0) line 1296 + 32 bytes nsWebShell::SetPositionAndSize(nsWebShell * const 0x0370f064, int 0, int 0, int 632, int 328, int 0) line 3100 nsHTMLFrameInnerFrame::Reflow(nsHTMLFrameInnerFrame * const 0x036fa974, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 938 + 67 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x036fa974, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 646 + 33 bytes nsHTMLFrameOuterFrame::Reflow(nsHTMLFrameOuterFrame * const 0x036d3aa0, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 377 nsBoxFrameInner::FlowChildAt(nsIFrame * 0x036d3aa0, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0, nsCalculatedBoxInfo & {...}, int 0, int 0, int 1, nsIFrame * & 0x00000000, int & 0, const nsString & {...}) line 2261 + 36 bytes nsBoxFrameInner::FlowChildren(nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0, nsIFrame * & 0x00000000, nsRect & {...}, nsSize & {...}, int & 3000) line 1479 nsBoxFrame::Reflow(nsBoxFrame * const 0x036d3a38, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1206 nsBoxFrameInner::FlowChildAt(nsIFrame * 0x036d3a38, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0, nsCalculatedBoxInfo & {...}, int 0, int 0, int 1, nsIFrame * & 0x00000000, int & 0, const nsString & {...}) line 2286 + 36 bytes nsBoxFrameInner::FlowChildren(nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0, nsIFrame * & 0x00000000, nsRect & {...}, nsSize & {...}, int & 3000) line 1479 nsBoxFrame::Reflow(nsBoxFrame * const 0x036d39d0, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1206 nsBoxFrameInner::FlowChildAt(nsIFrame * 0x036d39d0, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0, nsCalculatedBoxInfo & {...}, int 0, int 0, int 1, nsIFrame * & 0x00000000, int & 0, const nsString & {...}) line 2286 + 36 bytes nsBoxFrameInner::FlowChildren(nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0, nsIFrame * & 0x00000000, nsRect & {...}, nsSize & {...}, int & 3210) line 1479 nsBoxFrame::Reflow(nsBoxFrame * const 0x036fff68, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1206 nsBoxFrameInner::FlowChildAt(nsIFrame * 0x036fff68, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0, nsCalculatedBoxInfo & {...}, int 0, int 1365, int 1, nsIFrame * & 0x00000000, int & 1, const nsString & {...}) line 2286 + 36 bytes nsBoxFrameInner::FlowChildren(nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0, nsIFrame * & 0x00000000, nsRect & {...}, nsSize & {...}, int & 3210) line 1479 nsBoxFrame::Reflow(nsBoxFrame * const 0x036a36c8, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1206 nsContainerFrame::ReflowChild(nsIFrame * 0x036a36c8, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 646 + 33 bytes RootFrame::Reflow(RootFrame * const 0x036a368c, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 331 nsContainerFrame::ReflowChild(nsIFrame * 0x036a368c, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, int 0, unsigned int 0, unsigned int & 0) line 646 + 33 bytes ViewportFrame::Reflow(ViewportFrame * const 0x036a3650, nsIPresContext * 0x032ab7e8, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 531 PresShell::ResizeReflow(PresShell * const 0x031be9d8, int 9480, int 6795) line 1380 + 50 bytes PresShell::ResizeReflow(PresShell * const 0x031be9dc, nsIView * 0x03321eb0, int 9480, int 6795) line 3095 + 26 bytes nsViewManager2::SetWindowDimensions(nsViewManager2 * const 0x03321ca8, int 9480, int 6795) line 389 + 38 bytes nsViewManager2::DispatchEvent(nsViewManager2 * const 0x03321ca8, nsGUIEvent * 0x0012f0c4, nsEventStatus * 0x0012f01c) line 1155 + 48 bytes HandleEvent(nsGUIEvent * 0x0012f0c4) line 68 + 22 bytes nsWindow::DispatchEvent(nsWindow * const 0x032ab2a4, nsGUIEvent * 0x0012f0c4, nsEventStatus & nsEventStatus_eIgnore) line 493 + 12 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f0c4) line 513 + 29 bytes nsWindow::OnResize(nsRect & {...}) line 2918 + 17 bytes nsWindow::ProcessMessage(unsigned int 71, unsigned int 0, long 1242116, long * 0x0012f374) line 2458 + 26 bytes nsWindow::WindowProc(HWND__ * 0x001103ae, unsigned int 71, unsigned int 0, long 1242116) line 671 + 29 bytes USER32! 77e13eb0() USER32! 77e1591b() USER32! 77e165dc() NTDLL! 77f9fb83() DocumentViewerImpl::SetBounds(DocumentViewerImpl * const 0x031be818, const nsRect & {...}) line 598 + 57 bytes nsDocShell::SetPositionAndSize(nsDocShell * const 0x0308a11c, int 0, int 0, int 632, int 453, int 0) line 1296 + 32 bytes nsWebShell::SetPositionAndSize(nsWebShell * const 0x0308a11c, int 0, int 0, int 632, int 453, int 0) line 3100 nsWebShellWindow::HandleEvent(nsGUIEvent * 0x0012f6a4) line 432 + 60 bytes nsWindow::DispatchEvent(nsWindow * const 0x0306f2ec, nsGUIEvent * 0x0012f6a4, nsEventStatus & nsEventStatus_eIgnore) line 493 + 12 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f6a4) line 513 + 29 bytes nsWindow::OnResize(nsRect & {...}) line 2918 + 17 bytes nsWindow::ProcessMessage(unsigned int 71, unsigned int 0, long 1243620, long * 0x0012f954) line 2458 + 26 bytes nsWindow::WindowProc(HWND__ * 0x001802d8, unsigned int 71, unsigned int 0, long 1243620) line 671 + 29 bytes USER32! 77e13eb0() USER32! 77e1591b() USER32! 77e165dc() NTDLL! 77f9fb83() USER32! 77e169a7() USER32! 77e13eb0() USER32! 77e16469() USER32! 77e1a6f8() nsWindow::WindowProc(HWND__ * 0x001802d8, unsigned int 274, unsigned int 61728, long 656353) line 678 + 33 bytes USER32! 77e13eb0() USER32! 77e1591b() USER32! 77e1595d() NTDLL! 77f9fb83() USER32! 77e169a7() USER32! 77e13eb0() USER32! 77e16469() USER32! 77e1a6f8() nsWindow::WindowProc(HWND__ * 0x001802d8, unsigned int 161, unsigned int 9, long 656353) line 678 + 33 bytes USER32! 77e13eb0() USER32! 77e1401a() USER32! 77e192da() nsAppShellService::Run(nsAppShellService * const 0x00f12750) line 391 + 20 bytes main1(int 1, char * * 0x00b976b8, nsISplashScreen * 0x00000000) line 761 + 34 bytes main(int 1, char * * 0x00b976b8) line 881 + 17 bytes mainCRTStartup() line 338 + 17 bytes KERNEL

drat. based on the stack jerry submitted (thanks!), it looks like a layout problem. tentatively assigning to myself, troy if you have time feel free to take this one. Chris, it would be good to know if this crashed on the beta branch.

I do not see this with a build of the nscp_beta1 branch I pulled fresh and built about an hour ago.

I didn't either. Marking it WORKSFORME, and let's let QA verify it on all platforms

Whoa, it still does happen on the Mozilla branch. Are we not supposed to report Mozilla bugs to Bugzilla anymore?

hold on, tiger. there's no question this is a real bug. I can reproduce at will using the iplanet URL. re-opening.

the small test case given by stevep@slip.net does not crash for me. I'm working on a minimized test case now, based on the iplanet page. But I'm not able to get the page minimized very far before the crash goes away. frustrating.

I tried last night's builds (2000 0317.10) mozilla-win32-installer-nb1b.exe - could not get it to crash (2000 0317.08) mozilla-win32-installer.exe - crashed the same way as before. Has anyone been able to reproduce on a single-cpu machine? is this a factor?

my machine has only a single CPU, and I am reproducing the crash using the iplanet page. I also reproduced on slashdot. Haven't tried the others.

1. The crash is because FrameA has FrameB as *both* it's first child and its second child, and it's next-in-flow. At some point we call FrameA->DeleteChildsNextInFlow(), which deletes FrameB. This hits the following assert: NS_ASSERTION(result, "failed to remove frame"); Continuing past the assert, later FrameA tries to reflow FrameB and we crash 2. The assert/crash does not happen every time, that might be why some see it and other's do not. Even on my fairly reliable test case, sometimes I need to resize the window quite a bit before it crashes.

my last comment should have read: 1. The crash is because FrameA has FrameB as *both* its second child, and its next-in-flow. So FrameB is both in the child list of FrameA (just once!), and FrameA's next-in-flow.

re-assigning to troy, who has a similar bug already

Confirming on Build Id 2000031815 NT4! It crashed on resizing, mimizing and changing "my sidebar" width, in www.slashdot.org! VC++ said it's an "Unhandled exception in mozilla(GKHTML.DLL):0xC0000005:Access Violation". I believe bug 32250 he a dup of this one.

*** Bug 32250 has been marked as a duplicate of this bug. ***

The problem was a regression caused by a recent (two week ago) performance improvement I had made. I found the case that I missed and the problem is fixed now

verifying using 2000062520 nightly on w2k

Mass removing self from CC list.

Now I feel sumb because I have to add back. Sorry for the spam.