Closed Bug 417384 Opened 16 years ago Closed 16 years ago

"ASSERTION: Span level will be negative"

Categories

(Core :: DOM: Editor, defect)

Product:
Core
Component:
DOM: Editor
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jruderman, Assigned: smaug)

References

Details

(Keywords: assertion, testcase)

Attachments

(3 files, 2 obsolete files)

testcase
171 bytes, application/xhtml+xml
Details
proposed patch
4.27 KB, patch
peterv
: review+
peterv
: superreview+
Details | Diff | Splinter Review
with test
6.91 KB, patch
mtschrep
: approval1.9+
Details | Diff | Splinter Review
Attached file testcase 
Smaug, remember those assertions you added for in bug 409990? :)

###!!! ASSERTION: Span level will be negative!: 'mSpanLevel', file /Users/jruderman/trunk/mozilla/content/base/src/nsPlainTextSerializer.cpp, line 948

Cautiously filing as security-sensitive because the last time this kind of thing happened (bug 409990), it caused memory corruption.
Flags: blocking1.9?
Assignee: nobody → Olli.Pettay
This isn't critical, since mSpanLevel isn't used for array indexing or anything.
But I'll look at this.
Attached patch proposed patchSplinter Review 
Ok, this is bad after all. mInHead doesn't take account nested head elements.
So changing from bool to a counter.
But have to make nsPlainTextSerializer::OpenHead() no-op, though as far as I see
that isn't really used in serializer. It is just something coming from 
nsIHTMLContentSink and is used only by 
http://lxr.mozilla.org/seamonkey/source/parser/htmlparser/src/CNavDTD.cpp#3023
In nsHTMLContentSink OpenHead does open head context, but serializer
doesn't really have such concept.
Attachment #303269 - Flags: superreview?(peterv)
Attachment #303269 - Flags: review?(peterv)
Would it make sense to change the variable name from mInHead to mHeadNestingLevel now that it's not a boolean?
Comment on attachment 303269 [details] [diff] [review]
proposed patch

Let's name it mHeadLevel or something and we should add this to the testsuite.
Attachment #303269 - Flags: superreview?(peterv)
Attachment #303269 - Flags: superreview+
Attachment #303269 - Flags: review?(peterv)
Attachment #303269 - Flags: review+
Attached patch mHeadLevel (obsolete) — Splinter Review 
I don't know how to write a (mochitest or similar) testcase for this, because 
the interfaces nsPlainTextSerializer implements aren't scriptable.
Attachment #303515 - Flags: approval1.9?
Attachment #303515 - Flags: approval1.9?
Attached patch with test (obsolete) — Splinter Review 
Thanks Jeff!
Attachment #303515 - Attachment is obsolete: true
Attachment #303531 - Flags: approval1.9?
Attached patch with testSplinter Review 
And the right file
Attachment #303531 - Attachment is obsolete: true
Attachment #303531 - Flags: approval1.9?
Attachment #303532 - Flags: approval1.9?
Credit where credit's due, I think -- philor, see comments 5-8.
Attachment #303532 - Flags: approval1.9? → approval1.9+
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Flags: in-testsuite+
Depends on: 418719
Depends on: 418727
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: