Last Comment Bug 430394 - Crash [@ nsTreeBodyFrame::SetView] with onoverflow doing stuff and tree and treechildren
: Crash [@ nsTreeBodyFrame::SetView] with onoverflow doing stuff and tree and t...
Status: VERIFIED FIXED
: [sg:critical?]
: crash, regression, testcase, verified1.9.0.4, verified1.9.1
Product: Core
Classification: Components
Component: XUL
: Trunk
: x86 Windows XP
: P3 critical (vote)
: ---
Assigned To: Olli Pettay [:smaug]
: xptoolkit.widgets
:
:
: 381120
  Show dependency treegraph
 
Reported: 2008-04-22 19:27 PDT by Martijn Wargers [:mw22] (QA - IRC nick: mw22)
Modified: 2009-04-24 10:24 PDT (History)
8 users (show)
roc: blocking1.9.1+
dveditz: blocking1.9.0.4+
dveditz: wanted1.8.1.x?
bclary: in‑testsuite+
See Also:
Crash Signature:
[@ nsTreeBodyFrame::SetView]


Attachments
testcase (411 bytes, application/vnd.mozilla.xul+xml)
2008-04-22 19:27 PDT, Martijn Wargers [:mw22] (QA - IRC nick: mw22)
no flags Details
weakframe (872 bytes, patch)
2008-09-08 08:51 PDT, Olli Pettay [:smaug]
roc: review+
roc: superreview+
dveditz: approval1.9.0.4+
Details | Diff | Splinter Review

Summon comment box

Description Martijn Wargers [:mw22] (QA - IRC nick: mw22) 2008-04-22 19:27:44 PDT
Created attachment 317168 [details]
testcase

See testcase, which crashes current trunk build on load.

It doesn't crash in a 2007-06-11 build, but does crash in a 2007-06-12 build:
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2007-06-11+04&maxdate=2007-06-12+09&cvsroot=%2Fcvsroot
I guess a regression from bug 381120.

http://crash-stats.mozilla.com/report/index/77703440-10dc-11dd-b0b1-001a4bd46e84
0  	xul.dll  	nsTreeBodyFrame::SetView  	 mozilla/layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp:548
1 	xul.dll 	nsTreeBodyFrame::EnsureView 	mozilla/layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp:420
2 	xul.dll 	nsTreeBodyFrame::ReflowFinished 	mozilla/layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp:456
3 	xul.dll 	PresShell::HandlePostedReflowCallbacks 	mozilla/layout/base/nsPresShell.cpp:4498
4 	xul.dll 	PresShell::DidDoReflow 	mozilla/layout/base/nsPresShell.cpp:6240
5 	xul.dll 	PresShell::ProcessReflowCommands 	mozilla/layout/base/nsPresShell.cpp:6428
6 	xul.dll 	PresShell::DoFlushPendingNotifications 	mozilla/layout/base/nsPresShell.cpp:4601
7 	xul.dll 	PresShell::FlushPendingNotifications 	mozilla/layout/base/nsPresShell.cpp:4541
8 	xul.dll 	DocumentViewerImpl::LoadComplete 	mozilla/layout/base/nsDocumentViewer.cpp:946
9 	xul.dll 	nsDocShell::EndPageLoad 	mozilla/docshell/base/nsDocShell.cpp:5063
10 	xul.dll 	nsWebShell::EndPageLoad 	mozilla/docshell/base/nsWebShell.cpp:1013
11 	xul.dll 	nsCOMPtr_base::assign_from_qi 	nsCOMPtr.cpp:96
12 	xul.dll 	nsDocShell::OnStateChange 	mozilla/docshell/base/nsDocShell.cpp:4968
Comment 1 neil@parkwaycc.co.uk 2008-04-23 04:36:59 PDT
So, nsTreeBodyFrame::SetView calls nsTreeContentView::SetTree which calls nsTreeBoxObject::GetTreeBody which calls nsBoxObject::GetFrame which flushes the frames including destroying the one that's on the call stack...
Comment 2 Martijn Wargers [:mw22] (QA - IRC nick: mw22) 2008-09-08 08:25:39 PDT
Still crashes in current trunk build.
Comment 3 Olli Pettay [:smaug] 2008-09-08 08:51:31 PDT
Created attachment 337466 [details] [review]
weakframe
Comment 4 Robert O'Callahan (:roc) (Mozilla Corporation) 2008-09-08 23:27:34 PDT
Comment on attachment 337466 [details] [review]
weakframe

So horrible. There must be a way to make trees not suck.
Comment 5 Daniel Veditz 2008-09-24 15:33:52 PDT
Comment on attachment 337466 [details] [review]
weakframe

Approved for 1.9.0.4, a=dveditz for release-drivers
Comment 6 Daniel Veditz 2008-09-24 15:35:13 PDT
Doesn't crash in a recent 1.8 branch build, but if it's really a regression from bug 381120 shouldn't it crash there too?
Comment 7 Marcia Knous [:marcia] 2008-10-13 16:31:01 PDT
verified fixed using Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b2pre) Gecko/20081013 Minefield/3.1b2pre. I verified using the testcase in Comment 0.
Comment 8 Al Billings [:abillings] 2008-10-21 15:41:50 PDT
Verified for 1.9.0.4 with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.4pre) Gecko/2008102104 GranParadiso/3.0.4pre.
Comment 9 Bob Clary [:bc:] 2009-04-24 10:24:11 PDT
crash test added
http://hg.mozilla.org/mozilla-central/rev/87cfec7c7f03

Note You need to log in before you can comment on or make changes to this bug.