Closed
Bug 52275
Opened 24 years ago
Closed 24 years ago
Page causes Mozilla to crash (nsImageGTK::DrawComposited)
Categories
(SeaMonkey :: UI Design, defect, P2)
Tracking
(Not tracked)
VERIFIED
FIXED
M18
People
(Reporter: Uraeus, Assigned: pavlov)
References
()
Details
(Keywords: crash, testcase, Whiteboard: [nsbeta3-][rtm++])
Attachments
(4 files)
(deleted),
image/png
|
Details | |
(deleted),
text/html
|
Details | |
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review |
Using the latest nightly builds this page causes Mozilla Linux to crash.
The builds tested are from the 10 and the 12 of September.
Also tested with latest windows build (12) which doesn't crash.
Comment 1•24 years ago
|
||
i see this also linux 2000091108
Comment 2•24 years ago
|
||
unable to reproduce with 091212 mozilla linux build. can one of you install the
installer build with talkback and let me know if it generates a report. I
should be able to get a stack trace if it does.
Comment 3•24 years ago
|
||
I'm also seeing this on a debug build pulled 2000-09-11. Stack trace:
#0 0x410265c7 in nsImageGTK::DrawComposited (this=0x87d6e60,
aContext=@0x863fd00, aSurface=0x858fcf0, aX=837, aY=31, aWidth=0,
aHeight=0) at nsImageGTK.cpp:727
#1 0x410256c8 in nsImageGTK::Draw (this=0x87d6e60, aContext=@0x863fd00,
aSurface=0x858fcf0, aX=837, aY=31, aWidth=0, aHeight=0)
at nsImageGTK.cpp:905
#2 0x4102b8a6 in nsRenderingContextGTK::DrawImage (this=0x863fd00,
aImage=0x87d6e60, aX=0, aY=0, aWidth=1, aHeight=1)
at nsRenderingContextGTK.cpp:1498
#3 0x4102b814 in nsRenderingContextGTK::DrawImage (this=0x863fd00,
aImage=0x87d6e60, aRect=@0xbfffe16c) at nsRenderingContextGTK.cpp:1467
#4 0x415aec06 in nsImageFrame::Paint (this=0x874fc18, aPresContext=0x85f3bd8,
aRenderingContext=@0x863fd00, aDirtyRect=@0xbfffe1bc,
aWhichLayer=eFramePaintLayer_Overlay) at nsImageFrame.cpp:647
#5 0x4158c387 in nsContainerFrame::PaintChild (this=0x874fbcc,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffe488, aFrame=0x874fc18,
aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#6 0x41585f9e in nsBlockFrame::PaintChildren (this=0x874fbcc,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffe488, aWhichLayer=eFramePaintLayer_Overlay)
at nsBlockFrame.cpp:6383
#7 0x41585cd9 in nsBlockFrame::Paint (this=0x874fbcc, aPresContext=0x85f3bd8,
aRenderingContext=@0x863fd00, aDirtyRect=@0xbfffe488,
aWhichLayer=eFramePaintLayer_Overlay) at nsBlockFrame.cpp:6260
#8 0x4158c387 in nsContainerFrame::PaintChild (this=0x874fb6c,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffe620, aFrame=0x874fbcc,
aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#9 0x4158c226 in nsContainerFrame::PaintChildren (this=0x874fb6c,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffe620, aWhichLayer=eFramePaintLayer_Overlay)
at nsContainerFrame.cpp:154
#10 0x417b5e39 in nsTableCellFrame::Paint (this=0x874fb6c,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffe620, aWhichLayer=eFramePaintLayer_Overlay)
at nsTableCellFrame.cpp:365
#11 0x417ca5e5 in nsTableRowFrame::PaintChildren (this=0x850a518,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffe704, aWhichLayer=eFramePaintLayer_Overlay)
at nsTableRowFrame.cpp:596
#12 0x417ca47e in nsTableRowFrame::Paint (this=0x850a518,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffe704, aWhichLayer=eFramePaintLayer_Overlay)
at nsTableRowFrame.cpp:551
#13 0x417cd1fe in nsTableRowGroupFrame::PaintChildren (this=0x850a4d4,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffe7e0, aWhichLayer=eFramePaintLayer_Overlay)
at nsTableRowGroupFrame.cpp:261
#14 0x417cd0b9 in nsTableRowGroupFrame::Paint (this=0x850a4d4,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffe7e0, aWhichLayer=eFramePaintLayer_Overlay)
---Type <return> to continue, or q <return> to quit---
at nsTableRowGroupFrame.cpp:217
#15 0x4158c387 in nsContainerFrame::PaintChild (this=0x850a46c,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffe8fc, aFrame=0x850a4d4,
aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#16 0x4158c226 in nsContainerFrame::PaintChildren (this=0x850a46c,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffe8fc, aWhichLayer=eFramePaintLayer_Overlay)
at nsContainerFrame.cpp:154
#17 0x417bd675 in nsTableFrame::Paint (this=0x850a46c, aPresContext=0x85f3bd8,
aRenderingContext=@0x863fd00, aDirtyRect=@0xbfffe8fc,
aWhichLayer=eFramePaintLayer_Overlay) at nsTableFrame.cpp:1313
#18 0x4158c387 in nsContainerFrame::PaintChild (this=0x850a418,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffe9c0, aFrame=0x850a46c,
aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#19 0x417c5fca in nsTableOuterFrame::Paint (this=0x850a418,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffe9c0, aWhichLayer=eFramePaintLayer_Overlay)
at nsTableOuterFrame.cpp:351
#20 0x4158c387 in nsContainerFrame::PaintChild (this=0x850a340,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffec8c, aFrame=0x850a418,
aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#21 0x41585f9e in nsBlockFrame::PaintChildren (this=0x850a340,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffec8c, aWhichLayer=eFramePaintLayer_Overlay)
at nsBlockFrame.cpp:6383
#22 0x41585cd9 in nsBlockFrame::Paint (this=0x850a340, aPresContext=0x85f3bd8,
aRenderingContext=@0x863fd00, aDirtyRect=@0xbfffec8c,
aWhichLayer=eFramePaintLayer_Overlay) at nsBlockFrame.cpp:6260
#23 0x4158c387 in nsContainerFrame::PaintChild (this=0x850a2b8,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffef58, aFrame=0x850a340,
aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#24 0x41585f9e in nsBlockFrame::PaintChildren (this=0x850a2b8,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbfffef58, aWhichLayer=eFramePaintLayer_Overlay)
at nsBlockFrame.cpp:6383
#25 0x41585cd9 in nsBlockFrame::Paint (this=0x850a2b8, aPresContext=0x85f3bd8,
aRenderingContext=@0x863fd00, aDirtyRect=@0xbfffef58,
aWhichLayer=eFramePaintLayer_Overlay) at nsBlockFrame.cpp:6260
#26 0x4158c387 in nsContainerFrame::PaintChild (this=0x85095e4,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbffff14c, aFrame=0x850a2b8,
aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#27 0x4158c226 in nsContainerFrame::PaintChildren (this=0x85095e4,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
aDirtyRect=@0xbffff14c, aWhichLayer=eFramePaintLayer_Overlay)
at nsContainerFrame.cpp:154
#28 0x415a4ed9 in nsHTMLContainerFrame::Paint (this=0x85095e4,
aPresContext=0x85f3bd8, aRenderingContext=@0x863fd00,
---Type <return> to continue, or q <return> to quit---
aDirtyRect=@0xbffff14c, aWhichLayer=eFramePaintLayer_Overlay)
at nsHTMLContainerFrame.cpp:105
#29 0x415d0292 in PresShell::Paint (this=0x86b6208, aView=0x85e19f8,
aRenderingContext=@0x863fd00, aDirtyRect=@0xbffff14c)
at nsPresShell.cpp:3928
#30 0x41bbc100 in nsView::Paint (this=0x85e19f8, rc=@0x863fd00,
rect=@0xbffff14c, aPaintFlags=128, aResult=@0xbffff164) at nsView.cpp:282
#31 0x41bc57d8 in nsViewManager2::RenderDisplayListElement (this=0x85e8998,
element=0x86896f0, aRC=@0x863fd00) at nsViewManager2.cpp:847
#32 0x41bc557a in nsViewManager2::RenderViews (this=0x85e8998,
aRootView=0x85e12a8, aRC=@0x863fd00, aRect=@0xbffff258,
aResult=@0xbffff270) at nsViewManager2.cpp:793
#33 0x41bc50cd in nsViewManager2::Refresh (this=0x85e8998, aView=0x85e12a8,
aContext=0x863fd00, rect=0xbffff2f0, aUpdateFlags=1)
at nsViewManager2.cpp:674
#34 0x41bc6b7d in nsViewManager2::DispatchEvent (this=0x85e8998,
aEvent=0xbffff414, aStatus=0xbffff334) at nsViewManager2.cpp:1338
#35 0x41bbb9cc in HandleEvent (aEvent=0xbffff414) at nsView.cpp:67
#36 0x40c2ecfc in nsWidget::DispatchEvent (this=0x85e1338, aEvent=0xbffff414,
aStatus=@0xbffff3d0) at nsWidget.cpp:1475
#37 0x40c2e938 in nsWidget::DispatchWindowEvent (this=0x85e1338,
event=0xbffff414) at nsWidget.cpp:1366
#38 0x40c34c8e in nsWindow::DoPaint (this=0x85e1338, aX=0, aY=0, aWidth=849,
aHeight=826, aClipRegion=0x85e1468) at nsWindow.cpp:670
#39 0x40c34f4e in nsWindow::Update (this=0x85e1338) at nsWindow.cpp:716
#40 0x40c3515f in nsWindow::Update (this=0x8512a88) at nsWindow.cpp:740
#41 0x40c349db in nsWindow::UpdateIdle (data=0x0) at nsWindow.cpp:582
#42 0x40dd966c in g_idle_dispatch (source_data=0x40c3496c,
dispatch_time=0xbffff6b0, user_data=0x0) at gmain.c:1365
#43 0x40dd8717 in g_main_dispatch (dispatch_time=0xbffff6b0) at gmain.c:656
#44 0x40dd8cdb in g_main_iterate (block=1, dispatch=1) at gmain.c:877
#45 0x40dd8e59 in g_main_run (loop=0x8135658) at gmain.c:935
#46 0x40d07069 in gtk_main () at gtkmain.c:476
#47 0x40c1b829 in nsAppShell::Run (this=0x80a1ec0) at nsAppShell.cpp:335
#48 0x4069a50c in nsAppShellService::Run (this=0x80c63d8)
at nsAppShellService.cpp:378
#49 0x80553e0 in main1 (argc=2, argv=0xbffff994, nativeApp=0x0)
at nsAppRunner.cpp:958
#50 0x8055ab4 in main (argc=2, argv=0xbffff994) at nsAppRunner.cpp:1139
#51 0x403712e7 in __libc_start_main () from /lib/libc.so.6
Comment 4•24 years ago
|
||
I've found that if you comment out the eleventh line that mentions image = src
"logo.png" the page will load.
Comment 5•24 years ago
|
||
robin shaw - could you post a small testcase which crashes mozilla? thanks!
Comment 6•24 years ago
|
||
Comment 7•24 years ago
|
||
Compositing with with==0 and/or height==0 crashes.
My patch in bug 37779 fixes this.
Comment 10•24 years ago
|
||
page loads with 2000-09-13
Comment 11•24 years ago
|
||
WFM with 091408 mozilla linux build
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WORKSFORME
Comment 12•24 years ago
|
||
From what I've heard on irc, this seems to be something of a race condition
(happens when everything is local). It can either be fixed with a trivial
change to the existing code or by applying alex's patch for 37779, which
helps a number of other issues.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Comment 13•24 years ago
|
||
Assigning to myself, so I'll remember to checkin the trivial fix if 37779
is denied for some reason.
Assignee: asa → tor
Status: REOPENED → NEW
Component: Browser-General → XP Apps
Comment 14•24 years ago
|
||
crashes with 2000-09-15-08 linux
Comment 15•24 years ago
|
||
*** Bug 52820 has been marked as a duplicate of this bug. ***
Comment 16•24 years ago
|
||
*** Bug 52986 has been marked as a duplicate of this bug. ***
Comment 17•24 years ago
|
||
*** Bug 52980 has been marked as a duplicate of this bug. ***
Comment 19•24 years ago
|
||
don't crash (going to the above url) when i'm using 2000.09.18.06 opt comm bits
on linux (modern theme). i feel left out. ;)
would this perchance be a mozilla-only bug? but, asa doesn't seem to repro this.
Comment 20•24 years ago
|
||
*** Bug 53175 has been marked as a duplicate of this bug. ***
Reporter | ||
Comment 21•24 years ago
|
||
After reading Libermans comment about Mozilla not crashing I tested myself
with nightly build -> Mozilla/5.0 (X11; U; Linux 2.2.14-5.0 i686; en-US; m18)
Gecko/20000919
It still crashes for me. I have PSM installed if that makes a difference, and is
using RH6.2 and the Helix GNOME updates running on an Athlon.
Comment 22•24 years ago
|
||
*** Bug 52946 has been marked as a duplicate of this bug. ***
Comment 23•24 years ago
|
||
hm, still cannot get this to crash either using comm or mozilla 2000.09.20.08
bits. however, the moz bits i have don't have psm (although the comm bits do,
which is odd)...
asa/junruh, have you tried using mozilla + psm to see if this occurs?
Comment 24•24 years ago
|
||
This url crashes the 091921 commercial linux build. win98 and Mac are OK.
Comment 25•24 years ago
|
||
Probable cause of problem: appalling English on the page. No other page on the
Internet displays such a lamentable grasp of the English language, so this is
not an important problem.
Comment 26•24 years ago
|
||
Assignee | ||
Comment 27•24 years ago
|
||
r=pavlov
Comment 28•24 years ago
|
||
r=scc for the 9/22 patch
Comment 29•24 years ago
|
||
are these unexpected conditions you are testing for? If so, it would be good to
add assertions, so that when the conditions are encountered somebody with a
debugger can hopefully trace back and see what caused them. I'm not against
adding band-aid fixes like this, but I don't want to lose sight of the need to
get to the root cause.
a=buster, if you add the assertions (or convince me they're unnecessary because
the conditions are legal and expected.)
Comment 30•24 years ago
|
||
The first condition is a result of the layout engine asking
nsRenderingContextGTK to render a 1x1 portion of the image (presumably
in twips, though I'm not familiar about the layout engine's various
coordinate systems). nsRenderingContextGTK pumps it through mTranMatrix,
at which point the width and height come out to be zero pixels. Checking
for a zero width or height image is a valid check and avoids needless
calculations (and calling XGetImage() on a zero dimension image, which
it doesn't like).
XGetImage() failing is a more serious problem, so I added an assertion
as you suggested.
How does this sound?
Comment 31•24 years ago
|
||
Comment 32•24 years ago
|
||
*** Bug 53232 has been marked as a duplicate of this bug. ***
Comment 33•24 years ago
|
||
Checked into the trunk - adding nsbeta3 and rtm to get the attention of PDT
for the Netscape 6.0 branch.
Comment 34•24 years ago
|
||
Thanks Tim! Perhaps it would be a good idea to assign this over to pavlov.
[nsbeta3/rtm are more likely to not drop off the radar when assigned to
a NS engineer. (I know, they shouldn't, but it has happened in the past).]
Summary: Page causes Mozilla to crash → Page causes Mozilla to crash (nsImageGTK::DrawComposited)
Comment 35•24 years ago
|
||
oh, i was able to crash going to www.linuxfr.org... i no longer feel left out.
;)
Comment 36•24 years ago
|
||
Assigning to pavlov to bring this up for consideration for checkin
on the branch.
Assignee: tor → pavlov
Comment 37•24 years ago
|
||
nsbeta3+, crashes on popular Linux sites, fixed on trunk where it has been used
for a few days without incident. change restricted to gtk, no risk on
Win32/Mac.
Whiteboard: [nsbeta3+] PDT: please consider for nsbeta3
Target Milestone: --- → M18
Comment 38•24 years ago
|
||
Marking nsbeta3-, rtm+. No longer worth risk for nsbeta3, but need for rtm.
Whiteboard: [nsbeta3+] PDT: please consider for nsbeta3 → [nsbeta3-] [rtm+] TRUNK-TESTED FIX READY TO LAND
Comment 39•24 years ago
|
||
Clearing [nsbeta3-] for reconsideration - the fix has been in the trunk for
about a week now without any problem, and fixes a problem which has high
visibility on linux.
The patch itself is extremely low risk, as it only adds some argument
verification and error checking. It doesn't even allocate/free/write memory.
Whiteboard: [nsbeta3-] [rtm+] TRUNK-TESTED FIX READY TO LAND → [rtm+] TRUNK-TESTED FIX READY TO LAND
Comment 40•24 years ago
|
||
All of this has been considered. If it were more commonly seen, I'd agree with
you, but it is too late to be landing this on the beta branch. The branch has to
be firmed up today, and we can't just keep adding stuff to it. nsbeta3-
Whiteboard: [rtm+] TRUNK-TESTED FIX READY TO LAND → [nsbeta3-][rtm+] TRUNK-TESTED FIX READY TO LAND
Comment 41•24 years ago
|
||
marking rtm++. Let's check this puppy into the branch.
Whiteboard: [nsbeta3-][rtm+] TRUNK-TESTED FIX READY TO LAND → [nsbeta3-][rtm++] TRUNK-TESTED FIX READY TO LAND
Updated•24 years ago
|
Priority: P3 → P2
Assignee | ||
Comment 42•24 years ago
|
||
checked in to branch.
Status: NEW → RESOLVED
Closed: 24 years ago → 24 years ago
Resolution: --- → FIXED
Comment 43•24 years ago
|
||
vrfy fixed using 2000.10.06.10-n6 [opt comm branch] bits on linux. needs final
vrf'tion on trunk bits...
Keywords: vtrunk
Whiteboard: [nsbeta3-][rtm++] TRUNK-TESTED FIX READY TO LAND → [nsbeta3-][rtm++]
Comment 44•24 years ago
|
||
vrfying --asa couldn't crash going to www.linuxfr.org using today's trunk bits
[2000.10.06.13-m18].
Status: RESOLVED → VERIFIED
Keywords: vtrunk
Updated•20 years ago
|
Product: Core → Mozilla Application Suite
You need to log in
before you can comment on or make changes to this bug.
Description
•