Last Comment Bug 310006 - Recalculating quote and counter lists can reenter itself
: Recalculating quote and counter lists can reenter itself
: fixed1.8
Product: Core
Classification: Components
Component: Layout: Misc Code (show other bugs)
: Trunk
: x86 Linux
: P2 normal (vote)
: mozilla1.8beta5
Assigned To: Boris Zbarsky [:bz]
Depends on:
  Show dependency treegraph
Reported: 2005-09-25 18:54 PDT by Boris Zbarsky [:bz]
Modified: 2005-09-26 15:30 PDT (History)
1 user (show)
mtschrep: blocking1.8b5+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Testcase (290 bytes, text/html)
2005-09-25 18:59 PDT, Boris Zbarsky [:bz]
no flags Details
Perhaps something like this? (1.38 KB, patch)
2005-09-25 19:10 PDT, Boris Zbarsky [:bz]
dbaron: review+
dbaron: superreview+
mtschrep: approval1.8b5+
Details | Diff | Splinter Review

Description Boris Zbarsky [:bz] 2005-09-25 18:54:39 PDT
If during RecalcAll() on the quote list or counter manager we find that a quote
or counter has changed, we use SetData() to change the text.  This calls
BeginUpdate() and EndUpdate(), and since we're already decremented mUpdateCount
in the frame constructor we end up reentering the relevant RecalcAll() method. 
The result is that we'll walk along the list effectively N times, where N is the
number of dirty nodes.
Comment 1 Boris Zbarsky [:bz] 2005-09-25 18:59:17 PDT
Created attachment 197376 [details]

This gave me the following stack:

#0  nsQuoteList::RecalcAll (this=0xb3e14260)
    at ../../../mozilla/layout/base/nsQuoteList.cpp:84
#1  0xb5ed1ac7 in nsCSSFrameConstructor::EndUpdate (this=0xb3e14240)
    at ../../../mozilla/layout/base/nsCSSFrameConstructor.cpp:10595
#2  0xb5f247be in PresShell::EndUpdate (this=0xb3e13e28, aDocument=0xb3e09e30, 

    aUpdateType=1) at ../../../mozilla/layout/base/nsPresShell.cpp:3431
#3  0xb616f7ab in nsDocument::EndUpdate (this=0xb3e09e30, aUpdateType=1)
    at ../../../../mozilla/content/base/src/nsDocument.cpp:2116
#4  0xb5f80fa1 in mozAutoDocUpdate::~mozAutoDocUpdate ()
    at ../../../../dist/include/xpcom/nsIClassInfo.h:35
#5  0xb61931c9 in nsGenericDOMDataNode::SetText (this=0xb3e115d8,
    aNotify=1) at
#6  0xb61914b2 in nsGenericDOMDataNode::SetData (this=0xb3e115d8,
    at ../../../../mozilla/content/base/src/nsGenericDOMDataNode.cpp:366
#7  0xb61d3511 in nsTextNode::SetData (this=0xb3e115d8, aData=@0xb3e29cfc)
    at ../../../../mozilla/content/base/src/nsTextNode.cpp:65
#8  0xb5f39999 in nsQuoteList::RecalcAll (this=0xb3e14260)
    at ../../../mozilla/layout/base/nsQuoteList.cpp:93
Comment 2 Boris Zbarsky [:bz] 2005-09-25 19:10:44 PDT
Created attachment 197377 [details] [diff] [review]
Perhaps something like this?
Comment 3 Boris Zbarsky [:bz] 2005-09-25 20:41:05 PDT
Comment on attachment 197377 [details] [diff] [review]
Perhaps something like this?

Requesting 1.8b5 approval.  This is a very safe change; I'll be landing it on
trunk tomorrow.
Comment 4 Boris Zbarsky [:bz] 2005-09-26 10:42:59 PDT
Fixed on trunk.
Comment 5 Mike Schroepfer 2005-09-26 14:36:24 PDT
Comment on attachment 197377 [details] [diff] [review]
Perhaps something like this?

Approved per 9/26 bug triage meeting.
Comment 6 Boris Zbarsky [:bz] 2005-09-26 15:30:41 PDT
Fixed on branch.

Note You need to log in before you can comment on or make changes to this bug.