Closed
Bug 1516794
Opened 6 years ago
Closed 6 years ago
stack-overflow in [@ nsCSSFrameConstructor::ContentRemoved]
Categories
(Core :: Layout: Columns, defect, P2)
Core
Layout: Columns
Tracking
()
RESOLVED
DUPLICATE
of bug 1520722
Tracking | Status | |
---|---|---|
firefox66 | --- | disabled |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase)
Attachments
(2 files)
==25565==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe25725e08 (pc 0x55eacd98a27e bp 0x7ffe25726660 sp 0x7ffe25725e10 T0)
...
#5 0x7f442eb017bc in nsCSSFrameConstructor::ContentRemoved(nsIContent*, nsIContent*, nsCSSFrameConstructor::RemoveFlags) src/layout/base/nsCSSFrameConstructor.cpp:7458
#6 0x7f442eae7c82 in nsCSSFrameConstructor::RecreateFramesForContent(nsIContent*, nsCSSFrameConstructor::InsertionKind) src/layout/base/nsCSSFrameConstructor.cpp:8633:7
#7 0x7f442eb05ef7 in nsCSSFrameConstructor::MaybeRecreateContainerForFrameRemoval(nsIFrame*) src/obj-firefox/dist/include/nsCOMPtr.h
#8 0x7f442eb01d5a in nsCSSFrameConstructor::ContentRemoved(nsIContent*, nsIContent*, nsCSSFrameConstructor::RemoveFlags) src/layout/base/nsCSSFrameConstructor.cpp:7478:9
...
Flags: in-testsuite?
Updated•6 years ago
|
Priority: -- → P2
Updated•6 years ago
|
Flags: needinfo?(aethanyc)
Reporter | ||
Updated•6 years ago
|
Blocks: fuzzing-column-span
Comment 1•6 years ago
|
||
The callstack when crashes.
Comment 2•6 years ago
|
||
Again, another bug fixed by bug 1520722. The test added there should be sufficient.
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(aethanyc)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•