Bug 1897322 Comment 4 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by
on 

Looking in Visual Studio: when we reach `PresShell::DoFlushPendingNotifications`, we have "this" pointing to a PresShell object that's filled with the poison value:
```
this = 0x000001b4d8a3c000 mozilla::PresShell *
[...]
+		mUpdateApproximateFrameVisibilityEvent	{mEvent={mRawPtr=0xe5e5e5e5e5e5e5e5 {...} } }	nsRevocableEventPtr<nsRunnableMethod<mozilla::PresShell,void,1,0>>
[...]
+		mSelection	{mRawPtr=0xe5e5e5e5e5e5e5e5 {mRefCnt={mRefCntAndFlags=??? } mDomSelections=0xe5e5e5e5e5e5e5ed {{...}, ...} ...} }	RefPtr<nsFrameSelection>
```

If I move up the stack, the next two frames are [Inline Frame] (PresShell::FlushPendingNotifications and nsRefreshDriver::FlushLayoutOnPendingDocsAndFixUpFocus()), so really, moving up puts me in the stack frame for `nsRefreshDriver::Tick`.

There, I have a valid-looking `this` and a valid-looking `presShell` (at a different address from the poisoned one discussed above):
```
this = 0x000001b4d5acaf00  nsRefreshDriver *
pressShell.mRawPtr = 0x000001b4d5c12000  mozilla::PresShell *
```
Revision 1 by
on 

Looking in Visual Studio: when we reach `PresShell::DoFlushPendingNotifications`, we have "this" pointing to a PresShell object that's filled with the poison value:
```
this = 0x000001b4d8a3c000 mozilla::PresShell *
[...]
+		mUpdateApproximateFrameVisibilityEvent	{mEvent={mRawPtr=0xe5e5e5e5e5e5e5e5 {...} } }	nsRevocableEventPtr<nsRunnableMethod<mozilla::PresShell,void,1,0>>
[...]
+		mSelection	{mRawPtr=0xe5e5e5e5e5e5e5e5 {mRefCnt={mRefCntAndFlags=??? } mDomSelections=0xe5e5e5e5e5e5e5ed {{...}, ...} ...} }	RefPtr<nsFrameSelection>
```

If I move up the stack, the next two frames are marked as `[Inline Frame]`, notably `PresShell::FlushPendingNotifications` and `nsRefreshDriver::FlushLayoutOnPendingDocsAndFixUpFocus` -- so really, moving up puts me in the next non-inline stack frame which is `nsRefreshDriver::Tick`.

There, I have a valid-looking `this` pointer and a valid-looking `presShell` (at a different address from the poisoned one discussed above):
```
this = 0x000001b4d5acaf00  nsRefreshDriver *
pressShell.mRawPtr = 0x000001b4d5c12000  mozilla::PresShell *
```

Back to Bug 1897322 Comment 4