Closed Bug 429960 Opened 12 years ago Closed 11 years ago
"ASSERTION: Shouldn't be incomplete if available
Height is UNCONSTRAINED" with -moz-column, rtl, contenteditable
Both testcases trigger: ###!!! ASSERTION: Shouldn't be incomplete if availableHeight is UNCONSTRAINED.: 'aReflowState.availableHeight != NS_UNCONSTRAINEDSIZE', file /Users/jruderman/trunk/mozilla/layout/generic/nsBlockFrame.cpp, line 1403 ###!!! ASSERTION: negative length: 'GetContentEnd() - mContentOffset >= 0', file /Users/jruderman/trunk/mozilla/layout/generic/nsTextFrame.h, line 303 Testcase A also triggers: ###!!! ASSERTION: integer overflow: 'mMaxTextLength <= mMaxTextLength + aFrame->GetContentLength()', file /Users/jruderman/trunk/mozilla/layout/generic/nsTextFrameThebes.cpp, line 1078 ###!!! ASSERTION: Invalid offset: 'aOffset <= mSkipChars->mCharCount', file /Users/jruderman/trunk/mozilla/gfx/thebes/src/gfxSkipChars.cpp, line 92 Testcase B also triggers: ###!!! ASSERTION: Attempting to allocate excessively large array: 'Error', file nsTArray.cpp, line 69
The scarier assertions are all gone. Now I just get the first assertion in comment 0, and a few ordinary editor assertions.
Summary: "ASSERTION: negative length" with -moz-column, rtl, contenteditable → "ASSERTION: Shouldn't be incomplete if availableHeight is UNCONSTRAINED" with -moz-column, rtl, contenteditable
The scary assertions are back.
I get different and somewhat less scary assertions (on Linux): ###!!! ASSERTION: bad action nesting!: 'mActionNesting>0', file /usr/moz/hg3/editor/libeditor/html/nsHTMLEditRules.cpp, line 387 ###!!! ASSERTION: no frame, see bug #188946: 'frame', file /usr/moz/hg3/editor/libeditor/base/nsEditor.cpp, line 4082 ###!!! ASSERTION: No first node!: 'mFirst', file /usr/moz/hg3/content/base/src/nsContentIterator.cpp, line 910 (same for both testcases)
Whiteboard: [sg:critical?] → [sg:critical?] common fuzz blocker
On Linux mozilla-central I'm seeing the same as comment 4.
Same here. That makes this bug WFM.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
Whiteboard: [sg:critical?] common fuzz blocker → [sg:critical?]
Landed the crashtests: https://hg.mozilla.org/integration/mozilla-inbound/rev/39cf267db341
Flags: in-testsuite? → in-testsuite+
Assignee: nobody → jruderman
You need to log in before you can comment on or make changes to this bug.