Closed
Bug 384527
Opened 17 years ago
Closed 17 years ago
Crash [@ nsTextFrameUtils::TransformText] with inline-table, floating first-letter and direction: rtl
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
RESOLVED
FIXED
People
(Reporter: martijn.martijn, Assigned: smontagu)
References
Details
(Keywords: crash, rtl, testcase, Whiteboard: [sg:critical?] post 1.8-branch)
Crash Data
Attachments
(2 files)
(deleted),
text/html
|
Details | |
(deleted),
patch
|
roc
:
review+
roc
:
superreview+
|
Details | Diff | Splinter Review |
The textframe build of 2007-06-14 crashes on this html:
<html><head style="display: inline-table;">
<style style="display: block; direction: rtl;">
style::first-letter {float: right;}
</style>
</head>
<body>
</body>
</html>
Reporter | ||
Comment 1•17 years ago
|
||
I tried to come up with a more sane testcase (moving stuff out of the head, etc), but it only seems to crash in this weird combination.
Reporter | ||
Comment 2•17 years ago
|
||
Worksforme, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a6pre) Gecko/20070620 Minefield/3.0a6pre
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
Updated•17 years ago
|
Flags: in-testsuite?
Reporter | ||
Comment 3•17 years ago
|
||
Oh, it's crashing for me again, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a6pre) Gecko/20070626 Minefield/3.0a6pre
I guess I was too hasty by closing it.
It might be the same as bug 385751, though, not sure.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Reporter | ||
Updated•17 years ago
|
Flags: blocking1.9?
Reporter | ||
Comment 4•17 years ago
|
||
Often, the breakpad agent doesn't come up at all.
http://crash-stats.mozilla.com/report/index/a45b88ee-50cd-11dc-92e7-001a4bd43e5c
0 nsTextFrameUtils::TransformText(unsigned char const*, unsigned int, unsigned char*, int, unsigned char*, gfxSkipCharsBuilder*, unsigned int*) nsTextFrameUtils.cpp:3.8:210
1 BuildTextRunsScanner::BuildTextRunForFrames(void*) nsTextFrameThebes.cpp:3.71:1635
2 BuildTextRunsScanner::FlushFrames(int) nsTextFrameThebes.cpp:3.71:1267
3 @0x13e0200
(this is with current trunk build)
Summary: Crash with inline-table, floating first-letter and direction: rtl (new textrame) → Crash [@ nsTextFrameUtils::TransformText] with inline-table, floating first-letter and direction: rtl
Comment 5•17 years ago
|
||
Despite being on a different platform (I'm on Mac while Martijn is on Windows), I see the same thing: a crash [@ nsTextFrameUtils::TransformText] with the same next two frames and a similar cutoff of stack information. On Mac, the crash is consistently an attempt to dereference 0xc0000000.
Mac OS X Crash Reporter frequently gets confused and often dumps the log for this crash into files like "dniw).crash.log" rather than the correct log file "firefox-bin.crash.log". I've never seen that happen with other crashes.
OS: Windows XP → All
Hardware: PC → All
Whiteboard: [sg:critical?]
crashes involving floating first-letters and RTL are probably all related; the bidi resolver currently doesn't handle floating first-letters at all.
Assignee | ||
Comment 7•17 years ago
|
||
I have a patch which prevents the crash here and in bug 385751, but there seems to be a separate bug that first-letter style is not applied to rtl elements if there is white space before the first letter.
Assignee | ||
Comment 8•17 years ago
|
||
More correctly, first-letter style is not applied to a first letter with a different directionality from the base directionality (i.e. rtl letter in an ltr paragraph or ltr letter in an rtl paragraph) if there is white space before the first letter.
Assignee | ||
Comment 9•17 years ago
|
||
Assignee: nobody → smontagu
Status: REOPENED → ASSIGNED
Attachment #278544 -
Flags: superreview?(roc)
Attachment #278544 -
Flags: review?(roc)
Updated•17 years ago
|
Flags: blocking1.9? → blocking1.9+
Blocks: 393923
bug 393923 seems to cover the underlying styling issue (it's probably mine)
Comment on attachment 278544 [details] [diff] [review]
Patch
I don't really understand this code, but rubber-stamp=me
Attachment #278544 -
Flags: superreview?(roc)
Attachment #278544 -
Flags: superreview+
Attachment #278544 -
Flags: review?(roc)
Attachment #278544 -
Flags: review+
Assignee | ||
Comment 12•17 years ago
|
||
Checked in with a typo corrected: s/H/h/ in |#include "nsPlaceHolderframe.h"|
Status: ASSIGNED → RESOLVED
Closed: 17 years ago → 17 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•17 years ago
|
Flags: in-testsuite? → in-testsuite+
Updated•17 years ago
|
Flags: wanted1.8.1.x-
Whiteboard: [sg:critical?] → [sg:critical?] post 1.8-branch
Comment 13•17 years ago
|
||
Mass-assigning the new rtl keyword to RTL-related (see bug 349193).
Keywords: rtl
Updated•13 years ago
|
Crash Signature: [@ nsTextFrameUtils::TransformText]
You need to log in
before you can comment on or make changes to this bug.
Description
•