Closed Bug 454736 Opened 12 years ago Closed 12 years ago
Crash [@ ns
Cached Style Data::Get Style Padding] with XBL, Math ML, XUL
Loading the testcase makes Firefox crash [@ nsCachedStyleData::GetStylePadding] dereferencing 0xddddddfd. This bug is timing-dependent in an annoying way, so I'm having trouble making a testcase suitable for automated testing. A related testcase (not attached) triggers this assertion before crashing: ###!!! ASSERTION: Have parent context and shouldn't: 'Error', file /Users/jruderman/central/layout/base/nsFrameManager.cpp, line 835
So... We have a frame pointing to a style context pointing to a destroyed rulenode.
Doesn't happen on Firefox 3, afaict.
I can't repro on 126.96.36.199 or 3.0.3 either.
I can still get trunk to crash, but I have to reload now.
Flags: blocking1.9.1? → wanted1.9.1+
I get (on stdout or stderr): Security Error: Content at https://bugzilla.mozilla.org/attachment.cgi?id=338044 may not load data from data:text/xml,%3Cbindings%20xmlns%3D%... Does that security error mean I'm not getting to the stuff that crashes?
Probably, yes. You should be able to set the "layout.debug.enable_data_xbl" to true to let that security check succeed.
I meant the "layout.debug.enable_data_xbl" pref.
Yep, crashed on the first try with that pref set to true.
(But not any additional tries, unfortunately.)
The patch in bug 475128 will likely fix this by changing the underlying problem from a crash into a correctness bug. I didn't try to reproduce the bug again without it, though.
I currently get: ###!!! ABORT: style context has old rule node: 'n == mRuleTree', file /Users/jruderman/central/layout/style/nsStyleSet.cpp, line 173
I don't get any crashes/assertions on mozilla-central now. I'm assuming that's thanks to the fix for bug 475128. If there's a correctness bug remaining, can you file a new bug report on it?
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Crash Signature: [@ nsCachedStyleData::GetStylePadding]
You need to log in before you can comment on or make changes to this bug.