Closed
Bug 322185
Opened 19 years ago
Closed 19 years ago
Crash [@ nsBox::DoesNeedRecalc] with <svg:g style="display: -moz-grid-line; overflow: hidden;">
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Assigned: bernd_mozilla)
References
Details
(4 keywords, Whiteboard: [rft-dl])
Crash Data
Attachments
(3 files, 2 obsolete files)
|
(deleted),
image/svg+xml
|
Details | |
|
(deleted),
patch
|
Details | Diff | Splinter Review | |
|
(deleted),
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
bzbarsky
:
approval-branch-1.8.1+
dveditz
:
approval1.8.0.2+
|
Details | Diff | Splinter Review |
testcase - crashes Firefox
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20060102 Firefox/1.6a1
To crash, just load the testcase.
Stack trace:
nsBox::DoesNeedRecalc(nsSize const&) + 0
nsFrame::GetPrefSize(nsBoxLayoutState&, nsSize&) + 48
nsSprocketLayout::GetPrefSize(nsIFrame*, nsBoxLayoutState&, nsSize&) + 268
nsGridRowLeafLayout::GetPrefSize(nsIFrame*, nsBoxLayoutState&, nsSize&) + 116
nsBoxFrame::GetPrefSize(nsBoxLayoutState&, nsSize&) + 200
nsXULScrollFrame::GetPrefSize(nsBoxLayoutState&, nsSize&) + 240
nsBoxFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 204
nsXULScrollFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 56
nsSVGOuterSVGFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 256
nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned, unsigned&) + 148
CanvasFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 356
nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned, unsigned&) + 148
nsHTMLScrollFrame::ReflowScrolledFrame(ScrollReflowState const&, int, int, nsHTMLReflowMetrics*, int) + 500
nsHTMLScrollFrame::ReflowContents(ScrollReflowState*, nsHTMLReflowMetrics const&) + 160
nsHTMLScrollFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 848
nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned, unsigned&) + 148
ViewportFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 300
IncrementalReflow::Dispatch(nsPresContext*, nsHTMLReflowMetrics&, nsSize const&, nsIRenderingContext&) + 280
PresShell::ProcessReflowCommands(int) + 524
PresShell::WillPaint() + 88
nsViewManager::FlushPendingInvalidates() + 164
nsViewManager::EnableRefresh(unsigned) + 156
nsViewManager::EndUpdateViewBatch(unsigned) + 132
PresShell::InitialReflow(int, int) + 748
nsContentSink::StartLayout(int) + 208
nsXMLContentSink::StartLayout() + 144
nsXMLContentSink::DidBuildModel() + 456
nsExpatDriver::DidBuildModel(unsigned, int, nsIParser*, nsIContentSink*) + 56
nsParser::DidBuildModel(unsigned) + 120
nsParser::ResumeParse(int, int, int) + 592
nsParser::OnStopRequest(nsIRequest*, nsISupports*, unsigned) + 192
nsDocumentOpenInfo::OnStopRequest(nsIRequest*, nsISupports*, unsigned) + 124
nsBaseChannel::OnStopRequest(nsIRequest*, nsISupports*, unsigned) + 92
nsInputStreamPump::OnStateStop() + 160
nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) + 128
nsAStreamCopier::PostContinuationEvent_Locked() + 1240
PL_HandleEvent + 36
PL_ProcessPendingEvents + 128
...
|
Reporter | |
Comment 1•19 years ago
|
||
The problem here is that xul creates frames based on display type regardless whether they are special content or not. This patch assumes that we want to keep it, otherwise we need to change
// Display types for XUL start here
// First is BOX
if (!newFrame && isXULDisplay) {
it to look up IsSpecialContent.
Assignee: general → bernd_mozilla
Status: NEW → ASSIGNED
Attachment #207426 -
Attachment is obsolete: true
|
||
Comment 4•19 years ago
|
||
Hmmm... I guess this is OK for now pending us having a saner frame construction arch. :(
alternative patch,
does slicing CreateXULFrame into three pieces
one for tag based frame creation
the second one the display based frame moving to createframesbydisplay type
the third, cleanup after frame creation called by both of them count as a sane architecture or do you have something other in mind.
The rearch is(should be) equivalent to the one liner attached as a patch.
|
|
||
Comment 6•19 years ago
|
||
I think I prefer the alternative patch, if there's not too much perf impact. And the rearch I want to do would be a lot more drastic than just slicing up CreateXULFrame. ;)
I hope this miminimizes the performance issue
Attachment #207521 -
Attachment is obsolete: true
Attachment #207737 -
Flags: superreview?(bzbarsky)
Attachment #207737 -
Flags: review?(bzbarsky)
|
|
||
Comment 8•19 years ago
|
||
Comment on attachment 207737 [details] [diff] [review]
rev. patch
Hmm.... r+sr=bzbarsky; let's see how this goes.
Attachment #207737 -
Flags: superreview?(bzbarsky)
Attachment #207737 -
Flags: superreview+
Attachment #207737 -
Flags: review?(bzbarsky)
Attachment #207737 -
Flags: review+
fixed on trunk, I did not see a tp txul or ts change due to the bug.
Martijn this patch touches bugs where xul display types are assigned to mathml or svg tags it will get ignored now ;-)
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
||
Comment 10•19 years ago
|
||
You're spoiling the fun ;-)
Will this patch also fix bug 314244?
|
Assignee | |
Comment 11•19 years ago
|
||
yes that seems to be now wfm and even bug 322656 - wfm, I had my fun today ;-)
|
|
Reporter | |
Comment 12•19 years ago
|
||
*** Bug 317522 has been marked as a duplicate of this bug. ***
|
|
Reporter | |
Comment 13•19 years ago
|
||
*** Bug 316604 has been marked as a duplicate of this bug. ***
|
|
Assignee | |
Comment 14•19 years ago
|
||
Comment on attachment 207737 [details] [diff] [review]
rev. patch
Giving the number of bugs which block bug 306939 that got fixed/or wfm'ed by this it might go with some more baking on branch.
Attachment #207737 -
Flags: approval1.8.1?
Attachment #207737 -
Flags: approval1.8.0.2?
|
||
Updated•19 years ago
|
Attachment #207737 -
Flags: approval1.8.1? → branch-1.8.1?(bzbarsky)
|
|
||
Updated•19 years ago
|
Attachment #207737 -
Flags: branch-1.8.1?(bzbarsky) → branch-1.8.1+
|
||
Updated•19 years ago
|
Flags: blocking1.8.0.2+
|
|
||
Comment 15•19 years ago
|
||
Comment on attachment 207737 [details] [diff] [review]
rev. patch
approved for 1.8.0 branch, a=dveditz
Attachment #207737 -
Flags: approval1.8.0.2? → approval1.8.0.2+
Keywords: fixed1.8.0.2
|
|
||
Comment 16•19 years ago
|
||
Bernd, you're going to land this on the 1.8.1 branch, right?
Flags: blocking1.8.1+
|
|
Assignee | |
Comment 17•19 years ago
|
||
yep, saturday is checkin day, only emergency checkins on weekdays
|
||
Updated•19 years ago
|
Whiteboard: [rft-dl]
|
||
Comment 19•19 years ago
|
||
verified on the 1.8.0 branch using Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.1) Gecko/20060302 Firefox/1.5.0.1. No testcase crash, adding keyword.
Keywords: fixed1.8.0.2 → verified1.8.0.2
|
|
||
Comment 20•18 years ago
|
||
verified on the 1.8.1 branch using Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1b1) Gecko/20060810 BonEcho/2.0b1. The testcase cited in the bug (https://bugzilla.mozilla.org/attachment.cgi?id=207407) does not crash. Adding keyword.
Keywords: fixed1.8.1 → verified1.8.1
|
||
Updated•13 years ago
|
Crash Signature: [@ nsBox::DoesNeedRecalc]
You need to log in
before you can comment on or make changes to this bug.
Description
•