Closed
Bug 429960
Opened 16 years ago
Closed 15 years ago
"ASSERTION: Shouldn't be incomplete if availableHeight is UNCONSTRAINED" with -moz-column, rtl, contenteditable
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jruderman, Assigned: jruderman)
References
Details
(Keywords: assertion, testcase, Whiteboard: [sg:critical?])
Attachments
(2 files)
Both testcases trigger: ###!!! ASSERTION: Shouldn't be incomplete if availableHeight is UNCONSTRAINED.: 'aReflowState.availableHeight != NS_UNCONSTRAINEDSIZE', file /Users/jruderman/trunk/mozilla/layout/generic/nsBlockFrame.cpp, line 1403 ###!!! ASSERTION: negative length: 'GetContentEnd() - mContentOffset >= 0', file /Users/jruderman/trunk/mozilla/layout/generic/nsTextFrame.h, line 303 Testcase A also triggers: ###!!! ASSERTION: integer overflow: 'mMaxTextLength <= mMaxTextLength + aFrame->GetContentLength()', file /Users/jruderman/trunk/mozilla/layout/generic/nsTextFrameThebes.cpp, line 1078 ###!!! ASSERTION: Invalid offset: 'aOffset <= mSkipChars->mCharCount', file /Users/jruderman/trunk/mozilla/gfx/thebes/src/gfxSkipChars.cpp, line 92 Testcase B also triggers: ###!!! ASSERTION: Attempting to allocate excessively large array: 'Error', file nsTArray.cpp, line 69
Assignee | ||
Comment 1•16 years ago
|
||
Assignee | ||
Comment 2•16 years ago
|
||
The scarier assertions are all gone. Now I just get the first assertion in comment 0, and a few ordinary editor assertions.
Assignee | ||
Updated•16 years ago
|
Summary: "ASSERTION: negative length" with -moz-column, rtl, contenteditable → "ASSERTION: Shouldn't be incomplete if availableHeight is UNCONSTRAINED" with -moz-column, rtl, contenteditable
Comment 4•16 years ago
|
||
I get different and somewhat less scary assertions (on Linux): ###!!! ASSERTION: bad action nesting!: 'mActionNesting>0', file /usr/moz/hg3/editor/libeditor/html/nsHTMLEditRules.cpp, line 387 ###!!! ASSERTION: no frame, see bug #188946: 'frame', file /usr/moz/hg3/editor/libeditor/base/nsEditor.cpp, line 4082 ###!!! ASSERTION: No first node!: 'mFirst', file /usr/moz/hg3/content/base/src/nsContentIterator.cpp, line 910 (same for both testcases)
Updated•15 years ago
|
Whiteboard: [sg:critical?] → [sg:critical?] common fuzz blocker
On Linux mozilla-central I'm seeing the same as comment 4.
Assignee | ||
Comment 6•15 years ago
|
||
Same here. That makes this bug WFM.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Updated•15 years ago
|
Whiteboard: [sg:critical?] common fuzz blocker → [sg:critical?]
Updated•15 years ago
|
Flags: in-testsuite?
Comment 7•9 years ago
|
||
Landed the crashtests: https://hg.mozilla.org/integration/mozilla-inbound/rev/39cf267db341
Group: core-security
Flags: in-testsuite? → in-testsuite+
Comment 8•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/39cf267db341
Assignee: nobody → jruderman
You need to log in
before you can comment on or make changes to this bug.
Description
•