Closed Bug 1516794 Opened 1 year ago Closed 1 year ago

stack-overflow in [@ nsCSSFrameConstructor::ContentRemoved]

Categories

(Core :: Layout: Columns, defect, P2)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1520722
Tracking Status
firefox66 --- disabled

People

(Reporter: tsmith, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: crash, testcase)

Attachments

(2 files)

Attached file testcase.html
==25565==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe25725e08 (pc 0x55eacd98a27e bp 0x7ffe25726660 sp 0x7ffe25725e10 T0)
    ...
    #5 0x7f442eb017bc in nsCSSFrameConstructor::ContentRemoved(nsIContent*, nsIContent*, nsCSSFrameConstructor::RemoveFlags) src/layout/base/nsCSSFrameConstructor.cpp:7458
    #6 0x7f442eae7c82 in nsCSSFrameConstructor::RecreateFramesForContent(nsIContent*, nsCSSFrameConstructor::InsertionKind) src/layout/base/nsCSSFrameConstructor.cpp:8633:7
    #7 0x7f442eb05ef7 in nsCSSFrameConstructor::MaybeRecreateContainerForFrameRemoval(nsIFrame*) src/obj-firefox/dist/include/nsCOMPtr.h
    #8 0x7f442eb01d5a in nsCSSFrameConstructor::ContentRemoved(nsIContent*, nsIContent*, nsCSSFrameConstructor::RemoveFlags) src/layout/base/nsCSSFrameConstructor.cpp:7478:9
    ...
Flags: in-testsuite?
Priority: -- → P2
Flags: needinfo?(aethanyc)
Attached file callstack

The callstack when crashes.

Again, another bug fixed by bug 1520722. The test added there should be sufficient.

Status: NEW → RESOLVED
Closed: 1 year ago
Flags: needinfo?(aethanyc)
Resolution: --- → DUPLICATE
Duplicate of bug: 1520722
You need to log in before you can comment on or make changes to this bug.