Closed Bug 1429 Opened 26 years ago Closed 26 years ago

Beyond Stack Write

Categories

(Core :: Layout: Tables, defect, P1)

x86
Windows NT
defect

Tracking

()

VERIFIED DUPLICATE of bug 1379

People

(Reporter: troy, Assigned: buster)

References

()

Details

[E] BSW: Beyond stack write in nsTableFrame::GetNextAvailRowIndex(void)const {1 occurrence} Writing 4 bytes to 0x0013d768 (top of stack is at 0x0013d76c)) Address 0x0013d768 points into a thread's stack Address 0x0013d768 is the local variable 'cellMap' in nsTableFrame::GetNextAvailRowIndex(void)const Thread ID: 0xca Error location nsTableFrame::GetNextAvailRowIndex(void)const [nsTableFrame.cpp:786] PRInt32 nsTableFrame::GetNextAvailRowIndex() const { PRInt32 result=0; => nsCellMap *cellMap = GetCellMap(); NS_PRECONDITION (nsnull!=cellMap, "null cellMap."); if (nsnull!=cellMap) { nsTableRowFrame::InitChildren(int) [nsTableRowFrame.cpp:127] mInitializedChildren=PR_TRUE; PRInt32 rowIndex; if (-1==aRowIndex) => rowIndex = table->GetNextAvailRowIndex(); else rowIndex = aRowIndex; SetRowIndex(rowIndex); nsTableFrame::DidAppendRowGroup(nsTableRowGroupFrame *) [nsTableFrame.cpp:336] nextRow->GetStyleData(eStyleStruct_Display, (nsStyleStruct *&)rowDisplay); if (NS_STYLE_DISPLAY_TABLE_ROW==rowDisplay->mDisplay) { => rv = ((nsTableRowFrame *)nextRow)->InitChildren(); if (NS_FAILED(rv)) return rv; } nsTableFrame::SetInitialChildList(nsIPresContext&,nsIAtom *,nsIFrame *) [nsTableFrame.cpp:317] HTMLStyleSheetImpl::ConstructTableFrame(nsIPresContext *,nsIContent *,nsIFrame *,nsIStyleContext *,nsIFrame *&) [nsHTMLStyleSheet.cpp:1131] HTMLStyleSheetImpl::ConstructFrameByDisplayType(nsIPresContext *,nsStyleDisplay const*,nsIContent *,nsIFrame *,nsIStyleContext *,nsIFrame *&) [nsHTMLStyleSheet.cpp:1467] HTMLStyleSheetImpl::ConstructFrame(nsIPresContext *,nsIContent *,nsIFrame *,nsIFrame *&) [nsHTMLStyleSheet.cpp:1767] HTMLStyleSheetImpl::ProcessChildren(nsIPresContext *,nsIFrame *,nsIContent *,nsIFrame *&) [nsHTMLStyleSheet.cpp:877] HTMLStyleSheetImpl::ConstructFrameByDisplayType(nsIPresContext *,nsStyleDisplay const*,nsIContent *,nsIFrame *,nsIStyleContext *,nsIFrame *&) [nsHTMLStyleSheet.cpp:1540] HTMLStyleSheetImpl::ConstructFrame(nsIPresContext *,nsIContent *,nsIFrame *,nsIFrame *&) [nsHTMLStyleSheet.cpp:1767]
Causes a crash on http://www.citibank.com/ as well
this appears to be a duplicate of 1379, but I'm leaving it open until I verify the fix in purify. The problem is that a table frame's style context is getting mapped incorrectly (possibly due to it getting inappropriately wrapped in a scrolling wrappper frame.) Lots of code in table frame land relies on that display type to be correct.
Status: NEW → ASSIGNED
*** Bug 1426 has been marked as a duplicate of this bug. ***
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → DUPLICATE
verified that this is a duplicate of 1379 using purify *** This bug has been marked as a duplicate of 1379 ***
Status: RESOLVED → VERIFIED
Marking Verified as a dup.
You need to log in before you can comment on or make changes to this bug.