Closed Bug 830 Opened 26 years ago Closed 26 years ago

Crash in mozilla/layout/html/base/src/nsBlockFrame.cpp

Categories

(Core :: DOM: Core & HTML, defect, P1)

x86
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: rpotts, Assigned: buster)

References

()

Details

Click on the stocks link under "Daily Essentials..." It looks like aParentFrame->mLines can be NULL in some situations... Below is the code fragment where the crash happened... nsBlockFrame.cpp (rev 3.73 line 3319) --------------------------------------- // Insert/append the frame into flows line list at the right spot LineData* newLine; LineData* line = aParentFrame->mLines; if (nsnull == aPrevSibling) { // Insert new frame into the sibling list ==> aNewFrame->SetNextSibling(line->mFirstChild); Here's the Stack: ----------------- nsBlockFrame::InsertNewFrame(nsBlockFrame * 0x0118e1c0, nsIFrame * 0x011f1800, nsIFrame * 0x00000000) line 3324 + 3 bytes nsBlockFrame::ProcessInitialReflow(nsIPresContext * 0x01239ec0) line 1512 nsBlockFrame::InitialReflow(nsBlockReflowState & {...}) line 1825 + 15 bytes nsBlockFrame::ReflowAround(nsBlockFrame * const 0x0118e210, nsIPresContext & {...}, nsISpaceManager * 0x011a7910, nsReflowMetrics & {...}, const nsReflowState & {...}, nsRect & {...}, unsigned int & 1227036) line 1368 + 18 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, LineData * 0x0118e2a0, nsIFrame * 0x0118e1c0, unsigned int & 16640) line 2600 + 47 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, LineData * 0x0118e2a0, unsigned int & 16640) line 2374 + 24 bytes nsBlockFrame::ReflowLinesAt(nsBlockReflowState & {...}, LineData * 0x0118e2a0) line 2246 + 20 bytes nsBlockFrame::ResizeReflow(nsBlockReflowState & {...}) line 2232 nsBlockFrame::InitialReflow(nsBlockReflowState & {...}) line 1853 nsBlockFrame::ReflowAround(nsBlockFrame * const 0x0118eb20, nsIPresContext & {...}, nsISpaceManager * 0x011a7910, nsReflowMetrics & {...}, const nsReflowState & {...}, nsRect & {...}, unsigned int & 4969613) line 1368 + 18 bytes nsInlineLayout::ReflowFrame(nsIFrame * 0x0118ead0, nsReflowMetrics & {...}, const nsReflowState & {...}, int & 0) line 288 nsInlineLayout::ReflowAndPlaceFrame(nsIFrame * 0x0118ead0) line 175 + 30 bytes nsInlineFrame::ReflowMapped(nsInlineReflowState & {...}, unsigned int & 0) line 618 + 15 bytes nsInlineFrame::InitialReflow(nsInlineReflowState & {...}) line 465 + 16 bytes nsInlineFrame::InlineReflow(nsInlineFrame * const 0x011e0540, nsLineLayout & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}) line 320 + 18 bytes nsInlineLayout::ReflowFrame(nsIFrame * 0x011e04f0, nsReflowMetrics & {...}, const nsReflowState & {...}, int & 5728269) line 299 + 26 bytes nsInlineLayout::ReflowAndPlaceFrame(nsIFrame * 0x011e04f0) line 175 + 30 bytes nsBlockFrame::ReflowInlineFrame(nsBlockReflowState & {...}, LineData * 0x011e4170, nsIFrame * 0x011e04f0, unsigned int & 17153) line 2809 + 18 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, LineData * 0x011e4170, unsigned int & 17153) line 2379 + 24 bytes nsBlockFrame::ReflowLinesAt(nsBlockReflowState & {...}, LineData * 0x011e4170) line 2246 + 20 bytes nsBlockFrame::ResizeReflow(nsBlockReflowState & {...}) line 2232 nsBlockFrame::InitialReflow(nsBlockReflowState & {...}) line 1853 nsBlockFrame::ReflowAround(nsBlockFrame * const 0x011a7a10, nsIPresContext & {...}, nsISpaceManager * 0x011a7910, nsReflowMetrics & {...}, const nsReflowState & {...}, nsRect & {...}, unsigned int & 0) line 1368 + 18 bytes nsBodyFrame::Reflow(nsBodyFrame * const 0x011a7880, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 264 nsContainerFrame::ReflowChild(nsIFrame * 0x011a7880, nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}) line 515 nsTableCellFrame::Reflow(nsTableCellFrame * const 0x0118d5f0, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 363 + 30 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x0118d5f0, nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}) line 515 nsTableRowFrame::InitialReflow(nsIPresContext & {...}, RowReflowState & {...}, nsReflowMetrics & {...}) line 768 + 30 bytes nsTableRowFrame::Reflow(nsTableRowFrame * const 0x0118d490, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 1083 + 20 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x0118d490, nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}) line 515 nsTableRowGroupFrame::ReflowMappedChildren(nsIPresContext * 0x01239ec0, RowGroupReflowState & {...}, nsSize * 0x0012cb40) line 346 + 33 bytes nsTableRowGroupFrame::Reflow(nsTableRowGroupFrame * const 0x0118d340, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 1155 + 23 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x0118d340, nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}) line 515 nsTableFrame::ResizeReflowPass1(nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 1679 + 30 bytes nsTableFrame::Reflow(nsTableFrame * const 0x0118d1d0, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 1462 + 30 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x0118d1d0, nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}) line 515 nsTableOuterFrame::Reflow(nsTableOuterFrame * const 0x0118d120, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 468 + 27 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, LineData * 0x011a7d40, nsIFrame * 0x0118d120, unsigned int & 16640) line 2612 + 37 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, LineData * 0x011a7d40, unsigned int & 16640) line 2374 + 24 bytes nsBlockFrame::ReflowLinesAt(nsBlockReflowState & {...}, LineData * 0x011a7d40) line 2246 + 20 bytes nsBlockFrame::ResizeReflow(nsBlockReflowState & {...}) line 2232 nsBlockFrame::InitialReflow(nsBlockReflowState & {...}) line 1853 nsBlockFrame::ReflowAround(nsBlockFrame * const 0x01187ce0, nsIPresContext & {...}, nsISpaceManager * 0x011afe10, nsReflowMetrics & {...}, const nsReflowState & {...}, nsRect & {...}, unsigned int & 1234028) line 1368 + 18 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, LineData * 0x011af550, nsIFrame * 0x01187c90, unsigned int & 16640) line 2600 + 47 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, LineData * 0x011af550, unsigned int & 16640) line 2374 + 24 bytes nsBlockFrame::ReflowLinesAt(nsBlockReflowState & {...}, LineData * 0x011af550) line 2246 + 20 bytes nsBlockFrame::ResizeReflow(nsBlockReflowState & {...}) line 2232 nsBlockFrame::InitialReflow(nsBlockReflowState & {...}) line 1853 nsBlockFrame::ReflowAround(nsBlockFrame * const 0x011aff10, nsIPresContext & {...}, nsISpaceManager * 0x011afe10, nsReflowMetrics & {...}, const nsReflowState & {...}, nsRect & {...}, unsigned int & 0) line 1368 + 18 bytes nsBodyFrame::Reflow(nsBodyFrame * const 0x011afd80, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 264 nsContainerFrame::ReflowChild(nsIFrame * 0x011afd80, nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}) line 515 nsTableCellFrame::Reflow(nsTableCellFrame * const 0x0118aa70, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 363 + 30 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x0118aa70, nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}) line 515 nsTableRowFrame::InitialReflow(nsIPresContext & {...}, RowReflowState & {...}, nsReflowMetrics & {...}) line 768 + 30 bytes nsTableRowFrame::Reflow(nsTableRowFrame * const 0x0118a8c0, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 1083 + 20 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x0118a8c0, nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}) line 515 nsTableRowGroupFrame::ReflowMappedChildren(nsIPresContext * 0x01239ec0, RowGroupReflowState & {...}, nsSize * 0x0012def8) line 346 + 33 bytes nsTableRowGroupFrame::Reflow(nsTableRowGroupFrame * const 0x0117b8f0, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 1155 + 23 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x0117b8f0, nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}) line 515 nsTableFrame::ResizeReflowPass1(nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 1679 + 30 bytes nsTableFrame::Reflow(nsTableFrame * const 0x0117b7b0, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 1462 + 30 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x0117b7b0, nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}) line 515 nsTableOuterFrame::Reflow(nsTableOuterFrame * const 0x0117b700, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 468 + 27 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, LineData * 0x011d8610, nsIFrame * 0x0117b700, unsigned int & 16640) line 2612 + 37 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, LineData * 0x011d8610, unsigned int & 16640) line 2374 + 24 bytes nsBlockFrame::ReflowLinesAt(nsBlockReflowState & {...}, LineData * 0x011d8610) line 2246 + 20 bytes nsBlockFrame::ResizeReflow(nsBlockReflowState & {...}) line 2232 nsBlockFrame::InitialReflow(nsBlockReflowState & {...}) line 1853 nsBlockFrame::ReflowAround(nsBlockFrame * const 0x0117b560, nsIPresContext & {...}, nsISpaceManager * 0x01241b30, nsReflowMetrics & {...}, const nsReflowState & {...}, nsRect & {...}, unsigned int & 1239076) line 1368 + 18 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, LineData * 0x011e0c80, nsIFrame * 0x0117b510, unsigned int & 16640) line 2600 + 47 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, LineData * 0x011e0c80, unsigned int & 16640) line 2374 + 24 bytes nsBlockFrame::ReflowLinesAt(nsBlockReflowState & {...}, LineData * 0x011e0c80) line 2246 + 20 bytes nsBlockFrame::ResizeReflow(nsBlockReflowState & {...}) line 2232 nsBlockFrame::InitialReflow(nsBlockReflowState & {...}) line 1853 nsBlockFrame::ReflowAround(nsBlockFrame * const 0x0124a430, nsIPresContext & {...}, nsISpaceManager * 0x01241b30, nsReflowMetrics & {...}, const nsReflowState & {...}, nsRect & {...}, unsigned int & 1240436) line 1368 + 18 bytes nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, LineData * 0x011e0170, nsIFrame * 0x0124a3e0, unsigned int & 16640) line 2600 + 47 bytes nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, LineData * 0x011e0170, unsigned int & 16640) line 2374 + 24 bytes nsBlockFrame::ReflowLinesAt(nsBlockReflowState & {...}, LineData * 0x011e0170) line 2246 + 20 bytes nsBlockFrame::FrameAppendedReflow(nsBlockReflowState & {...}) line 1943 nsBlockFrame::ReflowAround(nsBlockFrame * const 0x012421f0, nsIPresContext & {...}, nsISpaceManager * 0x01241b30, nsReflowMetrics & {...}, const nsReflowState & {...}, nsRect & {...}, unsigned int & 0) line 1388 + 18 bytes nsBodyFrame::Reflow(nsBodyFrame * const 0x012419e0, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 264 nsContainerFrame::ReflowChild(nsIFrame * 0x012419e0, nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}) line 515 RootContentFrame::Reflow(RootContentFrame * const 0x01242400, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 353 + 27 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x01242400, nsIPresContext * 0x01239ec0, nsReflowMetrics & {...}, const nsReflowState & {...}) line 515 RootFrame::Reflow(RootFrame * const 0x012413d0, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsReflowState & {...}, unsigned int & 0) line 156 + 27 bytes nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x011e0f00, nsIPresContext & {...}, nsReflowMetrics & {...}, const nsSize & {...}) line 133 PresShell::ProcessReflowCommands() line 662 PresShell::ExitReflowLock(PresShell * const 0x0123aca0) line 415 PresShell::ContentAppended(PresShell * const 0x0123aca8, nsIDocument * 0x0126be70, nsIContent * 0x0123e8fc, int 0) line 736 nsDocument::ContentAppended(nsIContent * 0x0123e8fc, int 0) line 525 HTMLContentSink::WillInterrupt(HTMLContentSink * const 0x0126b560) line 1398 CNavDTD::WillInterruptParse(CNavDTD * const 0x0123b870) line 3090 + 18 bytes nsParser::ResumeParse() line 567 nsParser::OnDataAvailable(nsParser * const 0x0126b514, nsIURL * 0x01237990, nsIInputStream * 0x0126a8e0, int 2145) line 775 nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x01237930, nsIURL * 0x01237990, nsIInputStream * 0x0126a8e0, int 2145) line 1114 + 30 bytes stub_put_block(_NET_StreamClass * 0x0126a260, char * 0x010e12d0, long 2145) line 574 + 36 bytes net_MemCacheWrite(_NET_StreamClass * 0x0123a580, char * 0x010e12d0, long 2145) line 665 + 24 bytes net_pull_http_data(_ActiveEntry * 0x0124b1c0) line 3019 + 30 bytes net_ProcessHTTP(_ActiveEntry * 0x0124b1c0) line 3404 + 9 bytes NET_ProcessNet(PRFileDesc * 0x01191fc0, int 2) line 3379 + 13 bytes NET_PollSockets() line 180 + 18 bytes nsNetlibService::NetPollSocketsCallback(nsITimer * 0x01235fb0, void * 0x010f1e20) line 585 TimerImpl::Fire(unsigned long 60788669) line 308 + 17 bytes TimerImpl::ProcessTimeouts(unsigned long 60788669) line 187 FireTimeout(void * 0x00000000, unsigned int 275, unsigned int 32611, unsigned long 60788669) line 101 + 9 bytes USER32! 77e7128c() main(int 1, char * * 0x01114540) line 96 mainCRTStartup() line 338 + 17 bytes
Status: NEW → ASSIGNED
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Recent changes to frame creation and the block code make this page work now.
Status: RESOLVED → VERIFIED
Verified in xpviewer.exe 11/30 build.
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.