Closed
Bug 431087
Opened 16 years ago
Closed 16 years ago
###!!! ASSERTION: prevent array boundary violation: 'colIndex < mNumCols'
Categories
(Core :: Layout: Tables, defect)
Core
Layout: Tables
Tracking
()
RESOLVED
FIXED
People
(Reporter: MatsPalmgren_bugz, Unassigned)
References
Details
(Keywords: assertion, testcase, Whiteboard: [sg:nse])
The testcase in bug 430814 triggers the following assertions:
###!!! ASSERTION: no common ancestor at all???: 'parent', file mozilla/layout/base/nsLayoutUtils.cpp, line 377
###!!! ASSERTION: no common ancestor at all???: 'parent', file mozilla/layout/base/nsLayoutUtils.cpp, line 377
###!!! ASSERTION: prevent array boundary violation: 'colIndex < mNumCols', file mozilla/layout/tables/nsTablePainter.cpp, line 616
Comment 2•16 years ago
|
||
When I print the testcase, I get
###!!! ASSERTION: CreateRenderingContext failure: 'Not Reached', file /Users/jruderman/trunk/mozilla/layout/base/nsPresShell.cpp, line 6236
plus the assertions in comment 0.
Updated•16 years ago
|
Group: security
Flags: wanted1.9.0.x?
Flags: blocking1.9?
Comment 3•16 years ago
|
||
This was spun out of a security bug, and the assertion kind of screams "hack me here".
Nominating for blocking 1.9 because this was originally a public bug -- did it get spotted?
Comment 4•16 years ago
|
||
Do we think we can have a fix for this quickly?
I think the assertion is saying that we are hitting the extra check (added in bug 430814) that prevents us from going past the end of the array, not that we are actually going past the end of the array.
Thus I think that the bug made sense in its original state -- public, and not nominated for blocking1.9. But Mats/Bernd should confirm that.
Reporter | ||
Comment 6•16 years ago
|
||
Correct.
Comment 9•16 years ago
|
||
Not going to block the final release on this, and based on what happened with bug 424377, I think we want to play whack-a-mole :(
Flags: wanted1.9.0.x?
Flags: wanted1.9.0.x+
Flags: blocking1.9?
Flags: blocking1.9-
Comment 10•16 years ago
|
||
(In reply to comment #5)
> the assertion is saying that we are hitting the extra check [...],
> not that we are actually going past the end of the array.
Maybe an NS_WARNING() would appear less alarming in that case then.
> Thus I think that the bug made sense in its original state -- public, and not
> nominated for blocking1.9
Sounds good, thanks for clarifying.
Group: security
Updated•16 years ago
|
Whiteboard: [sg:nse]
Comment 11•16 years ago
|
||
The nextinflow idea does not fly the additional table cells are copies but not nextinflows. So I will leave this like it is.
Comment 12•16 years ago
|
||
I do not see the point of 1.9.0+ing this. The workaround that I thought about does not work. I don't see a another option than bug 424377.
Updated•16 years ago
|
Comment 13•16 years ago
|
||
Can't reproduce after bug 425265.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•