Bug 595758 - Crash [@ nsTableFrame::MarkIntrinsicWidthsDirty] on print preview. r=dbaron a=blocking2.0:betaN
authorMats Palmgren <matspal@gmail.com>
Sun, 14 Nov 2010 19:26:36 +0100
changeset 57471 f8e81c8196d2ad41e498550c6ee1cad243951bd5
parent 57470 05a80026d34752726c4ce7c3e27e0aac8c0fe716
child 57472 c2e13e39c486f75c6afb3d036c6dd20534e41ef4
push idunknown
push userunknown
push dateunknown
reviewersdbaron, blocking2
bugs595758
milestone2.0b8pre
Bug 595758 - Crash [@ nsTableFrame::MarkIntrinsicWidthsDirty] on print preview. r=dbaron a=blocking2.0:betaN
layout/tables/crashtests/crashtests.list
layout/tables/nsTableFrame.cpp
--- a/layout/tables/crashtests/crashtests.list
+++ b/layout/tables/crashtests/crashtests.list
@@ -99,8 +99,10 @@ load 457115.html
 load 467141-1.html
 load 488388-1.html
 load 513732-1.html
 load 534716-1.html
 load 573354-1.xhtml
 load 576890-1.html
 load 576890-2.html
 load 576890-3.html
+asserts(0-1) load 595758-1.xhtml # Bug 453871
+load 595758-2.xhtml
--- a/layout/tables/nsTableFrame.cpp
+++ b/layout/tables/nsTableFrame.cpp
@@ -1468,17 +1468,27 @@ nsTableFrame::ProcessRowInserted(nscoord
       childFrame = childFrame->GetNextSibling();
     }
   }
 }
 
 /* virtual */ void
 nsTableFrame::MarkIntrinsicWidthsDirty()
 {
-  LayoutStrategy()->MarkIntrinsicWidthsDirty();
+  nsITableLayoutStrategy* tls = LayoutStrategy();
+  if (NS_UNLIKELY(!tls)) {
+    // This is a FrameNeedsReflow() from nsBlockFrame::RemoveFrame()
+    // walking up the ancestor chain in a table next-in-flow.  In this case
+    // our original first-in-flow (which owns the TableLayoutStrategy) has
+    // already been destroyed and unhooked from the flow chain and thusly
+    // LayoutStrategy() returns null.  All the frames in the flow will be
+    // destroyed so no need to mark anything dirty here.  See bug 595758.
+    return;
+  }
+  tls->MarkIntrinsicWidthsDirty();
 
   // XXXldb Call SetBCDamageArea?
 
   nsHTMLContainerFrame::MarkIntrinsicWidthsDirty();
 }
 
 /* virtual */ nscoord
 nsTableFrame::GetMinWidth(nsIRenderingContext *aRenderingContext)