Closed
Bug 334105
Opened 18 years ago
Closed 18 years ago
[FIX]ASSERTION: Bogus: '!mHead' (nsLineBox.cpp#916 - nsFloatCacheFreeList::Append)
Categories
(Core :: Layout, defect, P3)
Core
Layout
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: jruderman, Assigned: bzbarsky)
References
Details
(4 keywords)
Attachments
(2 files)
654 bytes,
application/xhtml+xml
|
Details | |
3.20 KB,
patch
|
dbaron
:
review+
dbaron
:
superreview+
dbaron
:
approval-branch-1.8.1+
|
Details | Diff | Splinter Review |
###!!! ASSERTION: Bogus: '!mHead', file mozilla/layout/generic/nsLineBox.cpp, line 916 Marking security-sensitive for now because when I asked dbaron about this assertion failure, he said it "may be a sign of existing memory corruption".
Reporter | ||
Comment 1•18 years ago
|
||
Assignee | ||
Comment 2•18 years ago
|
||
We probably want this on the 1.8.1 branch, since we can leak the float cache entries off the free list without it...
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Attachment #218617 -
Flags: superreview?(dbaron)
Attachment #218617 -
Flags: review?(dbaron)
Attachment #218617 -
Flags: approval-branch-1.8.1?(dbaron)
Assignee | ||
Updated•18 years ago
|
OS: MacOS X → All
Priority: -- → P3
Hardware: Macintosh → All
Summary: ASSERTION: Bogus: '!mHead' (nsLineBox.cpp#916 - nsFloatCacheFreeList::Append) → [FIX]ASSERTION: Bogus: '!mHead' (nsLineBox.cpp#916 - nsFloatCacheFreeList::Append)
Target Milestone: --- → mozilla1.9alpha
Comment on attachment 218617 [details] [diff] [review] Fix That's what we get for using wacky representations of circularly linked lists, I suppose.
Attachment #218617 -
Flags: superreview?(dbaron)
Attachment #218617 -
Flags: superreview+
Attachment #218617 -
Flags: review?(dbaron)
Attachment #218617 -
Flags: review+
Attachment #218617 -
Flags: approval-branch-1.8.1?(dbaron)
Attachment #218617 -
Flags: approval-branch-1.8.1+
Assignee | ||
Comment 4•18 years ago
|
||
Fixed.
Comment 5•18 years ago
|
||
Comment on attachment 218617 [details] [diff] [review] Fix If this is really a potential security problem should this be nominated for 1.8.0.3 as well?
Assignee | ||
Comment 6•18 years ago
|
||
I think this is just a leak, not a security problem... At least as far as I can see. There's no memory corruption, just a bad algorithm for messing with the linked list that manages to lose parts of the list.
You need to log in
before you can comment on or make changes to this bug.
Description
•