On Sun, Sep 07, 2008 at 02:56:37PM +0100, Ben Hutchings wrote:
> I am able to reproduce this using Santiago's example.
>
> The crash occurs in
> nsCachedStyleData::GetStyleData(const nsStyleStructID& aSID)
> which is inlined into
> nsRuleNode::GetStyleBackground(nsStyleContext* aContext, PRBool
> aComputeData)
> which is generated from the macro at layout/style/nsRuleNode.cpp:5070.
>
> The flow of control in GetStyleBackground() has passed the (disabled)
> assertion
> NS_NOTREACHED("could not create style struct");
> and continued to
> return
> static_cast<const nsStyleBackground *>(
> mPresContext->PresShell()->StyleSet()->
>
> DefaultStyleData()->GetStyleData(eStyleStruct_Background));
> where mPresContext()->PresShell() has returned NULL.> It seems to me that this nsPresContext has been destroyed. Perhaps > Epiphany is doing something wrong with reference-counting of nsPresContext. No, that's not it. Putting breakpoints on the constructor and destructor shows me the following sequence of events: nsPresContext constructed at 0x9d6c958 begin loading nsPresContext constructed at 0x9e92ea8 nsPresContext destroyed at 0x9d6c958 end loading begin zoom crash mPresContext points to 0xa35edf4 gdb is being extremely uncooperative, so I'm going to take a break from investigating this now. Ben. -- Ben Hutchings Design a system any fool can use, and only a fool will want to use it.
signature.asc
Description: Digital signature
