Last Comment Bug 310006 - Recalculating quote and counter lists can reenter itself
: Recalculating quote and counter lists can reenter itself
Status: RESOLVED FIXED
: fixed1.8
Product: Core
Classification: Components
Component: Layout: Misc Code (show other bugs)
: Trunk
: x86 Linux
: P2 normal (vote)
: mozilla1.8beta5
Assigned To: Boris Zbarsky [:bz] (still a bit busy)
:
: Jet Villegas (:jet)
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-09-25 18:54 PDT by Boris Zbarsky [:bz] (still a bit busy)
Modified: 2005-09-26 15:30 PDT (History)
1 user (show)
mtschrep: blocking1.8b5+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Testcase (290 bytes, text/html)
2005-09-25 18:59 PDT, Boris Zbarsky [:bz] (still a bit busy)
no flags Details
Perhaps something like this? (1.38 KB, patch)
2005-09-25 19:10 PDT, Boris Zbarsky [:bz] (still a bit busy)
dbaron: review+
dbaron: superreview+
mtschrep: approval1.8b5+
Details | Diff | Splinter Review

Description Boris Zbarsky [:bz] (still a bit busy) 2005-09-25 18:54:39 PDT
If during RecalcAll() on the quote list or counter manager we find that a quote
or counter has changed, we use SetData() to change the text.  This calls
BeginUpdate() and EndUpdate(), and since we're already decremented mUpdateCount
in the frame constructor we end up reentering the relevant RecalcAll() method. 
The result is that we'll walk along the list effectively N times, where N is the
number of dirty nodes.
Comment 1 Boris Zbarsky [:bz] (still a bit busy) 2005-09-25 18:59:17 PDT
Created attachment 197376 [details]
Testcase

This gave me the following stack:

#0  nsQuoteList::RecalcAll (this=0xb3e14260)
    at ../../../mozilla/layout/base/nsQuoteList.cpp:84
#1  0xb5ed1ac7 in nsCSSFrameConstructor::EndUpdate (this=0xb3e14240)
    at ../../../mozilla/layout/base/nsCSSFrameConstructor.cpp:10595
#2  0xb5f247be in PresShell::EndUpdate (this=0xb3e13e28, aDocument=0xb3e09e30, 

    aUpdateType=1) at ../../../mozilla/layout/base/nsPresShell.cpp:3431
#3  0xb616f7ab in nsDocument::EndUpdate (this=0xb3e09e30, aUpdateType=1)
    at ../../../../mozilla/content/base/src/nsDocument.cpp:2116
#4  0xb5f80fa1 in mozAutoDocUpdate::~mozAutoDocUpdate ()
    at ../../../../dist/include/xpcom/nsIClassInfo.h:35
#5  0xb61931c9 in nsGenericDOMDataNode::SetText (this=0xb3e115d8,
aStr=@0xb3e29cfc, 
    aNotify=1) at
../../../../mozilla/content/base/src/nsGenericDOMDataNode.cpp:1225
#6  0xb61914b2 in nsGenericDOMDataNode::SetData (this=0xb3e115d8,
aData=@0xb3e29cfc)
    at ../../../../mozilla/content/base/src/nsGenericDOMDataNode.cpp:366
#7  0xb61d3511 in nsTextNode::SetData (this=0xb3e115d8, aData=@0xb3e29cfc)
    at ../../../../mozilla/content/base/src/nsTextNode.cpp:65
#8  0xb5f39999 in nsQuoteList::RecalcAll (this=0xb3e14260)
    at ../../../mozilla/layout/base/nsQuoteList.cpp:93
Comment 2 Boris Zbarsky [:bz] (still a bit busy) 2005-09-25 19:10:44 PDT
Created attachment 197377 [details] [diff] [review]
Perhaps something like this?
Comment 3 Boris Zbarsky [:bz] (still a bit busy) 2005-09-25 20:41:05 PDT
Comment on attachment 197377 [details] [diff] [review]
Perhaps something like this?

Requesting 1.8b5 approval.  This is a very safe change; I'll be landing it on
trunk tomorrow.
Comment 4 Boris Zbarsky [:bz] (still a bit busy) 2005-09-26 10:42:59 PDT
Fixed on trunk.
Comment 5 Mike Schroepfer 2005-09-26 14:36:24 PDT
Comment on attachment 197377 [details] [diff] [review]
Perhaps something like this?

Approved per 9/26 bug triage meeting.
Comment 6 Boris Zbarsky [:bz] (still a bit busy) 2005-09-26 15:30:41 PDT
Fixed on branch.

Note You need to log in before you can comment on or make changes to this bug.