Closed Bug 1516794 Opened 6 years ago Closed 6 years ago

stack-overflow in [@ nsCSSFrameConstructor::ContentRemoved]

Categories

(Core :: Layout: Columns, defect, P2)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1520722
Tracking Status
firefox66 --- disabled

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, testcase)

Attachments

(2 files)

Attached file testcase.html
==25565==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe25725e08 (pc 0x55eacd98a27e bp 0x7ffe25726660 sp 0x7ffe25725e10 T0) ... #5 0x7f442eb017bc in nsCSSFrameConstructor::ContentRemoved(nsIContent*, nsIContent*, nsCSSFrameConstructor::RemoveFlags) src/layout/base/nsCSSFrameConstructor.cpp:7458 #6 0x7f442eae7c82 in nsCSSFrameConstructor::RecreateFramesForContent(nsIContent*, nsCSSFrameConstructor::InsertionKind) src/layout/base/nsCSSFrameConstructor.cpp:8633:7 #7 0x7f442eb05ef7 in nsCSSFrameConstructor::MaybeRecreateContainerForFrameRemoval(nsIFrame*) src/obj-firefox/dist/include/nsCOMPtr.h #8 0x7f442eb01d5a in nsCSSFrameConstructor::ContentRemoved(nsIContent*, nsIContent*, nsCSSFrameConstructor::RemoveFlags) src/layout/base/nsCSSFrameConstructor.cpp:7478:9 ...
Flags: in-testsuite?
Priority: -- → P2
Flags: needinfo?(aethanyc)
Attached file callstack

The callstack when crashes.

Again, another bug fixed by bug 1520722. The test added there should be sufficient.

Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(aethanyc)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: