Closed
Bug 430991
Opened 17 years ago
Closed 16 years ago
Crash [@ nsBlockFrame::RenumberListsFor] with -moz-column, float
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jruderman, Assigned: jruderman)
References
Details
(Keywords: assertion, crash, testcase, Whiteboard: [sg:critical])
Crash Data
Attachments
(1 file)
375 bytes,
text/html
|
Details |
Loading the testcase triggers: ###!!! ASSERTION: aFrame not the result of GetPrimaryFrameFor()?: 'aFrame == aFrame->GetFirstContinuation()', file /Users/jruderman/trunk/mozilla/layout/base/nsCSSFrameConstructor.cpp, line 11146 Crash in one of the following functions: * [@ nsBlockFrame::RenumberListsFor] -- this one often appears exploitable * [@ nsPlaceholderFrame::GetRealFrameFor] * [@ nsLineBox::DeleteLineList]
Assignee | ||
Updated•17 years ago
|
Whiteboard: [sg:critical]
Comment 1•16 years ago
|
||
Testcase in comment #0 WFM on Mac trunk Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1a2pre) Gecko/20080818150509 Minefield/3.1a2pre with mallocscribble. No assertions / crashes at all. Seems to leak a chunk of stuff though.
Assignee | ||
Comment 2•16 years ago
|
||
WFM with Firefox trunk on Tiger. I'm not seeing any leaks using trace-refcnt (XPCOM_MEM_LEAK_LOG=2). What are you seeing leak?
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Comment 4•16 years ago
|
||
When it's time to unhide the bug, sure.
Comment 5•16 years ago
|
||
(In reply to comment #2) > WFM with Firefox trunk on Tiger. > > I'm not seeing any leaks using trace-refcnt (XPCOM_MEM_LEAK_LOG=2). What are > you seeing leak? Nope, couldn't get the leak to reproduce again. Not an issue I guess.
Updated•13 years ago
|
Crash Signature: [@ nsBlockFrame::RenumberListsFor]
Comment 6•10 years ago
|
||
Landed a crashtest: https://hg.mozilla.org/integration/mozilla-inbound/rev/dde3056ad6d7
Group: core-security
Flags: in-testsuite? → in-testsuite+
Comment 7•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/dde3056ad6d7
Assignee: nobody → jruderman
You need to log in
before you can comment on or make changes to this bug.
Description
•