Closed Bug 596 Opened 27 years ago Closed 26 years ago

NGLayout crashes on this URL

Categories

(Core :: CSS Parsing and Computation, defect, P2)

x86
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: angus, Assigned: rickg)

References

()

Details

See URL for test case. Here's a stack trace: nsCSSInlineLayout::ReflowFrame(nsIFrame * 0x0113c8a0, nsReflowMetrics & {...}, const nsReflowState & {...}, int & 2) line 299 nsCSSInlineLayout::ReflowAndPlaceFrame(nsIFrame * 0x0113c8a0) line 175 + 30 bytes nsCSSInlineFrame::ReflowMapped(nsCSSInlineReflowState & {...}, unsigned int & 0) line 573 + 15 bytes nsCSSInlineFrame::InitialReflow(nsCSSInlineReflowState & {...}) line 420 + 16 bytes nsCSSInlineFrame::InlineReflow(nsCSSInlineFrame * const 0x0113c4f0, nsCSSLineLayout & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}) line 262 + 18 bytes nsCSSInlineLayout::ReflowFrame(nsIFrame * 0x0113c4a0, nsReflowMetrics & {...}, const nsReflowState & {...}, int & 1236220) line 292 + 26 bytes nsCSSInlineLayout::ReflowAndPlaceFrame(nsIFrame * 0x0113c4a0) line 175 + 30 bytes nsCSSBlockFrame::ReflowInlineFrame(nsCSSBlockReflowState & {...}, LineData * 0x0113c520, nsIFrame * 0x0113c4a0, unsigned int & 4) line 2421 + 18 bytes nsCSSBlockFrame::ReflowLine(nsCSSBlockReflowState & {...}, LineData * 0x0113c520, unsigned int & 4) line 2004 + 24 bytes nsCSSBlockFrame::ReflowLinesAt(nsCSSBlockReflowState & {...}, LineData * 0x0113c520) line 1879 + 20 bytes nsCSSBlockFrame::ResizeReflow(nsCSSBlockReflowState & {...}) line 1866 + 19 bytes nsCSSBlockFrame::InitialReflow(nsCSSBlockReflowState & {...}) line 1504 + 12 bytes nsCSSBlockFrame::ReflowAround(nsCSSBlockFrame * const 0x0113c390, nsIPresContext & {...}, nsISpaceManager * 0x0113cf20, nsReflowMetrics & {...}, const nsReflowState & {...}, nsRect & {...}, unsigned int & 0) line 1249 + 18 bytes nsBodyFrame::Reflow(nsBodyFrame * const 0x0113ce90, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 218 nsContainerFrame::ReflowChild(nsIFrame * 0x0113ce90, nsIPresContext * 0x019e1120, nsReflowMetrics & {...}, const nsReflowState & {...}) line 498 nsTableCellFrame::Reflow(nsTableCellFrame * const 0x0113cdc0, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 308 + 30 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x0113cdc0, nsIPresContext * 0x019e1120, nsReflowMetrics & {...}, const nsReflowState & {...}) line 498 nsTableRowFrame::InitialReflow(nsIPresContext & {...}, RowReflowState & {...}, nsReflowMetrics & {...}) line 577 + 30 bytes nsTableRowFrame::Reflow(nsTableRowFrame * const 0x0113b280, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 883 + 20 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x0113b280, nsIPresContext * 0x019e1120, nsReflowMetrics & {...}, const nsReflowState & {...}) line 498 nsTableRowGroupFrame::ReflowUnmappedChildren(nsIPresContext * 0x019e1120, RowGroupReflowState & {...}, nsSize * 0x0012e85c) line 793 + 30 bytes nsTableRowGroupFrame::Reflow(nsTableRowGroupFrame * const 0x010c2f10, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 1122 + 23 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x010c2f10, nsIPresContext * 0x019e1120, nsReflowMetrics & {...}, const nsReflowState & {...}) line 498 nsTableFrame::ResizeReflowPass1(nsIPresContext * 0x019e1120, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 1452 + 33 bytes nsTableFrame::Reflow(nsTableFrame * const 0x010c28a0, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 1299 + 30 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x010c28a0, nsIPresContext * 0x019e1120, nsReflowMetrics & {...}, const nsReflowState & {...}) line 498 nsTableOuterFrame::Reflow(nsTableOuterFrame * const 0x010bc620, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 448 + 27 bytes nsCSSBlockFrame::ReflowBlockFrame(nsCSSBlockReflowState & {...}, LineData * 0x010bc6d0, nsIFrame * 0x010bc620, unsigned int & 16640) line 2237 + 37 bytes nsCSSBlockFrame::ReflowLine(nsCSSBlockReflowState & {...}, LineData * 0x010bc6d0, unsigned int & 16640) line 1999 + 24 bytes nsCSSBlockFrame::ReflowLinesAt(nsCSSBlockReflowState & {...}, LineData * 0x010bc6d0) line 1879 + 20 bytes nsCSSBlockFrame::FrameAppendedReflow(nsCSSBlockReflowState & {...}) line 1580 + 16 bytes nsCSSBlockFrame::ReflowAround(nsCSSBlockFrame * const 0x013bf2c0, nsIPresContext & {...}, nsISpaceManager * 0x013be780, nsReflowMetrics & {...}, const nsReflowState & {...}, nsRect & {...}, unsigned int & 0) line 1269 + 18 bytes nsBodyFrame::Reflow(nsBodyFrame * const 0x013be600, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 218 nsContainerFrame::ReflowChild(nsIFrame * 0x013be600, nsIPresContext * 0x019e1120, nsReflowMetrics & {...}, const nsReflowState & {...}) line 498 RootContentFrame::Reflow(RootContentFrame * const 0x013b9950, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 326 + 27 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x013b9950, nsIPresContext * 0x019e1120, nsReflowMetrics & {...}, const nsReflowState & {...}) line 498 RootFrame::Reflow(RootFrame * const 0x013b9770, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 132 + 27 bytes nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x010bbdf0, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsSize & {...}) line 133 PresShell::ProcessReflowCommands() line 567 PresShell::ExitReflowLock(PresShell * const 0x019bac10) line 371 PresShell::ContentAppended(PresShell * const 0x019bac14, nsIDocument * 0x019e0ef0, nsIContent * 0x013b9e20) line 654 nsDocument::ContentAppended(nsIContent * 0x013b9e20) line 504 nsHTMLContainer::AppendChild(nsHTMLContainer * const 0x013b9e20, nsIContent * 0x013ea600, int 1) line 192 HTMLContentSink::AppendToCorrectParent(nsHTMLTag eHTMLTag_body, nsIHTMLContent * 0x013b9e20, nsHTMLTag eHTMLTag_table, nsIHTMLContent * 0x013ea600, int 1) line 1429 HTMLContentSink::CloseContainer(HTMLContentSink * const 0x01452f50, const nsIParserNode & {...}) line 891 CNavDTD::CloseContainer(const nsIParserNode & {...}, nsHTMLTag eHTMLTag_table, int 1) line 2332 + 22 bytes CNavDTD::CloseContainersTo(int 2, nsHTMLTag eHTMLTag_table, int 1) line 2366 + 26 bytes CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_table, int 1) line 2387 + 20 bytes CNavDTD::HandleEndToken(CToken * 0x01377400) line 749 + 17 bytes NavDispatchTokenHandler(CToken * 0x01377400, nsIDTD * 0x014ac640) line 271 + 12 bytes CTokenHandler::operator()(CToken * 0x01377400, nsIDTD * 0x014ac640) line 80 + 14 bytes CNavDTD::HandleToken(CNavDTD * const 0x014ac640, CToken * 0x01377400) line 489 + 18 bytes nsParser::BuildModel() line 578 + 16 bytes nsParser::ResumeParse() line 526 nsParser::OnDataAvailable(nsParser * const 0x019e1cc4, nsIURL * 0x019debe0, nsIInputStream * 0x019e03d0, int 7476) line 757 + 15 bytes nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x019deb80, nsIURL * 0x019debe0, nsIInputStream * 0x019e03d0, int 7476) line 904 + 30 bytes stub_put_block(_NET_StreamClass * 0x019e0380, char * 0x00fea2c0, long 7476) line 558 + 36 bytes net_MemCacheWrite(_NET_StreamClass * 0x019ba120, char * 0x00fea2c0, long 7476) line 660 + 24 bytes net_pull_http_data(_ActiveEntry * 0x019df300) line 3156 + 29 bytes net_ProcessHTTP(_ActiveEntry * 0x019df300) line 3548 + 9 bytes NET_ProcessNet(PRFileDesc * 0x010e15a0, int 2) line 3272 + 13 bytes NET_PollSockets() line 180 + 18 bytes nsNetlibService::NetPollSocketsCallback(nsITimer * 0x019e0c20, void * 0x01013e60) line 488 TimerImpl::Fire(unsigned long 438095708) line 319 + 17 bytes TimerImpl::ProcessTimeouts(unsigned long 438095708) line 197 FireTimeout(void * 0x00000000, unsigned int 275, unsigned int 4091, unsigned long 438095708) line 101 + 9 bytes USER32! 77e7128c() main(int 1, char * * 0x00ff51d0) line 95 mainCRTStartup() line 338 + 17 bytes KERNEL32! 77f1b304()
It doesn't crash for me, however there is a double list-bullet bug on the page.
I believe that this bug is now fixed. Perhaps it was fixed with my last checkin. Kipp?
works for me too... marking it as so.
I wanted this bug left open because of my comments regarding double list bullets. Please leave it open until that bug is fixed; maybe rick should look at the parser output and see if it's the culprit?
changing severity from critical to normal since we don't crash on this URL anymore
Status: REOPENED → ASSIGNED
Component: Unknown → Style System
Assignee: kipp → rickg
Status: ASSIGNED → NEW
The page no longer crashes, but there is a parser bug on this page (the page has an extra </TD> in it that causes huge amounts of content to disappear in raptor).
The current build is in flames so I can't confirm. My build doesn't show this. I'll look again later.
Status: NEW → ASSIGNED
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
All better.
Status: RESOLVED → VERIFIED
Verified
You need to log in before you can comment on or make changes to this bug.