Closed
Bug 535361
Opened 15 years ago
Closed 15 years ago
Document viewer child traversal can traverse random viewers that aren't its kids
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
Details
Attachments
(1 file)
|
3.18 KB,
patch
|
jst
:
review+
|
Details | Diff | Splinter Review |
In particular, this callstack: #8 0x0349fa4c in DocumentViewerImpl::CallChildren (this=0x2472de70, aFunc=0x349d7d8 <SetChildFullZoom(nsIMarkupDocumentViewer*, void*)>, aClosure=0xbfffc774) at /Users/bzbarsky/mozilla/vanilla/mozilla/layout/base/nsDocumentViewer.cpp:2816 #9 0x034a59df in DocumentViewerImpl::SetFullZoom (this=0x2472de70, aFullZoom=1) at /Users/bzbarsky/mozilla/vanilla/mozilla/layout/base/nsDocumentViewer.cpp:2956 #10 0x03ebf58d in nsDocShell::SetupNewViewer (this=0x7c49030, aNewViewer=0x2472de70) at /Users/bzbarsky/mozilla/vanilla/mozilla/docshell/base/nsDocShell.cpp:7343 causes us to get kids off the docshell, but since the docshell hasn't dropped its old kids yet we end up traversing kids that don't actually belong to us. This triggers assertions in nsDocShell::GetVisibility in the kids, since we can't find the content node in the parent (the new viewer!) that contains the kid.
|
Assignee | |
Comment 1•15 years ago
|
||
Attachment #418100 -
Flags: review?(jst)
|
||
Updated•15 years ago
|
Attachment #418100 -
Flags: review?(jst) → review+
|
|
Assignee | |
Comment 2•15 years ago
|
||
Pushed http://hg.mozilla.org/mozilla-central/rev/9298544dd5a9 This will be in-testsuite once bug 500882 lands, effectively.
Status: NEW → RESOLVED
Closed: 15 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•