Closed Bug 2245 Opened 26 years ago Closed 26 years ago

Viewer crashes when I try to load this page

Categories

(Core Graveyard :: Viewer App, defect, P2)

x86
Windows NT
defect

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: emashian, Assigned: buster)

References

()

Details

I have the link htpp://www.infoworld.com/ in a simple web page on my local drive. Clicking on this link crashes the viewer.
[Please note related bug #2159, "[PP] macweek, infoworld crashes Mac Viewer (same root, but can't decompose further)".]
Here is a simple test case that duplicates the crash (for www.infoworld.com). (Nightly build Jan 5 99 Win95 non-debug). All tags and attributes in the test case are required in order to duplicate the crash with the exception of 1) TABLE BORDER, and 2) IMG WIDTH and HEIGHT (although removing these gives a little different flavor to the crash -- the table is briefly displayed, without the IMG, and then it crashes). Note that the FONT tag, while required, does not have any attributes yet, if you remove the FONT tag, the crash is avoided. ------------------------------ <html><head></head><body> <table border="1"> <tr> <td width="170"> Whatever ... </td> <td> <img src="http://www.infoworld.com/pageone/hedrgifs/weektop.gif" width=400 height=27 align=left> <font><br clear=all>Click for previous days' news</font> </td> </tr> </table> </body></html> ------------------------------
Assignee: rickg → troy
Troy -- this smells like a space manager bug, and hey, here's a neat stack trace to illuminate the problem: nsBlockBandData::ComputeAvailSpaceRect() line 186 + 18 bytes nsBlockBandData::GetAvailableSpace(int 285) line 92 nsBlockBandData::ClearFloaters(int 285, unsigned char 3) line 276 nsBlockReflowState::ClearFloaters(int 285, unsigned char 3) line 3929 + 31 bytes nsBaseIBFrame::PlaceLine(nsBlockReflowState & {...}, nsLineBox * 0x00962160, int & 0) line 2692 nsBaseIBFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x00962160, int & 0) line 1659 + 20 bytes nsBaseIBFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 1303 + 26 bytes nsBaseIBFrame::Reflow(nsBaseIBFrame * const 0x00961b24, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 778 + 25 bytes nsInlineReflow::ReflowFrame(int 1, nsHTMLReflowMetrics & {...}, unsigned int & 0) line 447 nsInlineReflow::ReflowFrame(nsIFrame * 0x00961b20, int 1, unsigned int & 0) line 269 + 20 bytes nsBaseIBFrame::ReflowInlineFrame(nsBlockReflowState & {...}, nsLineBox * 0x00962260, nsIFrame * 0x00961b20, int & 1, int & 1) line 2264 + 31 bytes nsBaseIBFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x00962260, int & 1) line 1616 + 28 bytes nsBaseIBFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 1303 + 26 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 4889 nsBaseIBFrame::Reflow(nsBaseIBFrame * const 0x00961cb4, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 778 + 25 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x00961cb4, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 4515 + 25 bytes nsAreaFrame::Reflow(nsAreaFrame * const 0x00961cb4, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 351 + 25 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x00961cb0, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 395 + 28 bytes nsTableCellFrame::Reflow(nsTableCellFrame * const 0x00961be4, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 426 nsContainerFrame::ReflowChild(nsIFrame * 0x00961be0, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 395 + 28 bytes nsTableRowFrame::ResizeReflow(nsTableRowFrame * const 0x00961590, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, RowReflowState & {...}, unsigned int & 0) line 596 + 37 bytes nsTableRowFrame::Reflow(nsTableRowFrame * const 0x00961594, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 1412 + 35 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x00961590, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 395 + 28 bytes nsTableRowGroupFrame::ReflowMappedChildren(nsTableRowGroupFrame * const 0x00961470, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, RowGroupReflowState & {...}, unsigned int & 0, nsTableRowFrame * 0x00000000, nsReflowReason eReflowReason_Resize, int 1) line 355 + 34 bytes nsTableRowGroupFrame::Reflow(nsTableRowGroupFrame * const 0x00961474, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 965 + 39 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x00961470, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 395 + 28 bytes nsTableFrame::ReflowMappedChildren(nsTableFrame * const 0x00961100, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, InnerTableReflowState & {...}, unsigned int & 0) line 3273 + 31 bytes nsTableFrame::ResizeReflowPass2(nsTableFrame * const 0x00961100, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 2608 + 31 bytes nsTableFrame::Reflow(nsTableFrame * const 0x00961104, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 2424 + 35 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x00961100, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 395 + 28 bytes nsTableOuterFrame::Reflow(nsTableOuterFrame * const 0x00960eb4, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 990 + 37 bytes nsBlockReflowContext::ReflowBlock(nsIFrame * 0x00960eb0, const nsRect & {x=0 y=0 width=8700 height=1073741824}, int 1, unsigned int & 0) line 153 + 39 bytes nsBaseIBFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox * 0x00962b50, int & 1) line 2114 + 41 bytes nsBaseIBFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x00962b50, int & 1) line 1574 + 20 bytes nsBaseIBFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 1303 + 26 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 4889 nsBaseIBFrame::Reflow(nsBaseIBFrame * const 0x00960594, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 1240656) line 778 + 25 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x00960594, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 1240656) line 4515 + 25 bytes nsBlockReflowContext::ReflowBlock(nsIFrame * 0x00960590, const nsRect & {x=0 y=0 width=8940 height=1073741824}, int 1, unsigned int & 1240656) line 153 + 39 bytes nsBaseIBFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox * 0x009606f0, int & 1) line 2114 + 41 bytes nsBaseIBFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x009606f0, int & 1) line 1574 + 20 bytes nsBaseIBFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 1303 + 26 bytes nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 4889 nsBaseIBFrame::Reflow(nsBaseIBFrame * const 0x009602a4, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 778 + 25 bytes nsBlockFrame::Reflow(nsBlockFrame * const 0x009602a4, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 4515 + 25 bytes nsAreaFrame::Reflow(nsAreaFrame * const 0x009602a4, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 351 + 25 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x009602a0, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 395 + 28 bytes nsScrollFrame::Reflow(nsScrollFrame * const 0x009403b4, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 328 nsContainerFrame::ReflowChild(nsIFrame * 0x009403b0, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 395 + 28 bytes RootFrame::Reflow(RootFrame * const 0x0095f494, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) line 199 nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x00962910, nsIPresContext & {...}, nsHTMLReflowMetrics & {...}, const nsSize & {width=9180 height=4320}, nsIRenderingContext & {...}) line 167 PresShell::ProcessReflowCommands(PresShell * const 0x0095d9b0) line 868 PresShell::ExitReflowLock(PresShell * const 0x0095d9b0) line 526 PresShell::ContentAppended(PresShell * const 0x0095d9b8, nsIDocument * 0x00932870, nsIContent * 0x0095f42c, int 0) line 1021 nsDocument::ContentAppended(nsDocument * const 0x00932870, nsIContent * 0x0095f42c, int 0) line 909 nsHTMLDocument::ContentAppended(nsHTMLDocument * const 0x00932870, nsIContent * 0x0095f42c, int 0) line 464 HTMLContentSink::WillInterrupt(HTMLContentSink * const 0x00935270) line 1445 CNavDTD::WillInterruptParse(CNavDTD * const 0x0095dd50) line 2489 + 18 bytes nsParser::ResumeParse(nsIDTD * 0x00000000) line 661 nsParser::OnDataAvailable(nsParser * const 0x00935204, nsIURL * 0x00937880, nsIInputStream * 0x00938ea0, unsigned int 344) line 878 + 17 bytes nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x00937850, nsIURL * 0x00937880, nsIInputStream * 0x00938ea0, unsigned int 344) line 1601 + 24 bytes OnDataAvailableProxyEvent::HandleEvent(OnDataAvailableProxyEvent * const 0x00938140) line 616 StreamListenerProxyEvent::HandlePLEvent(PLEvent * 0x00938144) line 455 + 12 bytes PL_HandleEvent(PLEvent * 0x00938144) line 395 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x008f9410) line 357 + 9 bytes _md_EventReceiverProc(void * 0x01b50310, unsigned int 49336, unsigned int 0, long 9409552) line 675 + 9 bytes USER32! 77e71250()
Status: NEW → ASSIGNED
What's happening is that the call to the space manager's GetBandData() function returns a 'count' of 0 trapezoids and ComputeAvailSpaceRect() doesn't check for that case. The reason a 'count' of 0 trapezoids is returned is because GetAvailableSpace() passes in a max-size of {0, 405}, and so there are no trapezoids in the empty space
*** Bug 2289 has been marked as a duplicate of this bug. ***
*** Bug 2159 has been marked as a duplicate of this bug. ***
Assignee: troy → kipp
Status: ASSIGNED → NEW
Kipp, this is all complicated by the fact that the block/inline code hasn't switched over to using the new HTML reflow state "computed" values. What seems to be happening is that during the reflow of the inline (see nsInlineReflow::ReflowFrame() in the stack trace), we end up with a "availableWidth" of 0 for the inline frame. That's because "mFrameAvailSize" has a size of {0, 405}. I don't know why that's happening and I don't have enough knowledge of how block/inline reflow works. Switching block/inline over to using the new computed values is something we need to do anyway
*** Bug 2492 has been marked as a duplicate of this bug. ***
Setting all current Open/Normal to M4.
This crash is no longer occurring for Win95 non-debug builds. | www.infoworld.com | test case (above) | ------------------+--------------------+--------------------+ Jan 29 win95 opt | CRASHES | CRASHES | Feb 02 win95 opt | OK | OK | Feb 03 win95 opt | OK | OK | ------------------+--------------------+--------------------+
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
Marking resolved with 2/3 builds. Thanks.
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.