Using repeats with ul/li makes FF crash: ###!!! ASSERTION: element not implementing nsIContent!?: 'content', file nsXTFFrameUtils.cpp, line 51 WARNING: NS_ENSURE_TRUE(aContent) failed: file nsFrameManager.cpp, line 338 Program dist/bin/firefox-bin (pid = 12691) received signal 11. Stack: UNKNOWN [dist/bin/libxul.so +0x0001F6CC] __kernel_sigreturn+0x00000000 [ +0x00000420] UNKNOWN [/store/mozilla/source/firefox/mozilla/dist/bin/components/libgklayout.so +0x000F5D36]
Debugged it. Looks like the problem is that for nsXFormsRepeatElement we don't have a GetInsertionPoint so we are falling into the default one (nsXFormsXMLVisualStub::GetInsertionPoint()) which returns null.
Created attachment 214705 [details] [diff] [review] patch that fixes problem, but also traps on other testcases This patch fixes the problem with the first trap and gives the desired behavior. But it seems like no matter what I set the insertion point to be, we crash closing the browser after loading a different repeat form (which I'll attach after this) and then closing the browser. Maybe a ref count thing?
Created attachment 214706 [details] testcase crashes with new patch Apply the patch and build it. Load this testcase then close the browser. Browser crashes while closing.
I remeber fixing that InsertionPoint thing... maybe I should start doing things, instead of apparently just envisioning it :) Except for crashing I guess the patch is fine. But I've been crashing on exit a lot lately using trunk, without having time to investigate it. Are you sure it is related? BTW.: I'm not even sure that it is legal to have <ul> + <repeat> + <li> -- for the same reasons as <table> + <repeat> + <tr> is illegal. But we shouldn't crash on it...
This is fixed by bug 306247