Closed
Bug 458637
Opened 16 years ago
Closed 16 years ago
[FIX]"ASSERTION: unexpected second call to SetInitialChildList" and more with XSLT
Categories
(Core :: XSLT, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Assigned: bzbarsky)
References
Details
(Keywords: assertion, testcase, verified1.9.0.4, Whiteboard: [sg:moderate])
Attachments
(3 files)
|
608 bytes,
text/html
|
Details | |
|
184 bytes,
application/xhtml+xml
|
Details | |
|
1.50 KB,
patch
|
sicking
:
review+
sicking
:
superreview+
dveditz
:
approval1.9.0.4+
|
Details | Diff | Splinter Review |
Steps to reproduce: 1. Save the attachments as b3.html and inner.xhtml 2. Open b3.html Result: ###!!! ASSERTION: initial containing block already created: 'nsnull == mInitialContainingBlock', file /Users/jruderman/central/layout/base/nsCSSFrameConstructor.cpp, line 8745 ###!!! ASSERTION: unexpected second call to SetInitialChildList: 'Not Reached', file /Users/jruderman/central/layout/generic/nsContainerFrame.cpp, line 111 ###!!! ASSERTION: Some objects allocated with AllocateFrame were not freed: 'mFrameCount == 0', file /Users/jruderman/central/layout/base/nsPresShell.cpp, line 676 Security-sensitive for now because the last assertion scares me. Based on the crashtest for bug 428844. Related to bug 61675?
|
Reporter | |
Comment 1•16 years ago
|
||
|
|
Reporter | |
Comment 2•16 years ago
|
||
|
|
Reporter | |
Updated•16 years ago
|
Whiteboard: [sg:investigate]
|
Assignee | |
Comment 3•16 years ago
|
||
So the issue is that we swap in the new document into the viewer while the subframe is hidden. Then we do a BeginUpdate() before inserting the root content, which processes restyles and unhides the subframe. Since we didn't flag the transformation result as not being ready for initial reflow yet, the document viewer does said initial reflow. Then we insert the root, which effectively double-notifies on it, hence the asserts. Fix coming up.
Whiteboard: [sg:investigate]
|
|
Assignee | |
Comment 4•16 years ago
|
||
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Attachment #342382 -
Flags: superreview?(jonas)
Attachment #342382 -
Flags: review?(jonas)
|
|
Assignee | |
Updated•16 years ago
|
Summary: "ASSERTION: unexpected second call to SetInitialChildList" and more with XSLT → [FIX]"ASSERTION: unexpected second call to SetInitialChildList" and more with XSLT
Attachment #342382 -
Flags: superreview?(jonas)
Attachment #342382 -
Flags: superreview+
Attachment #342382 -
Flags: review?(jonas)
Attachment #342382 -
Flags: review+
Please check in as a crashtest (hopefully crashtests will one day fail on assertions)
Flags: in-testsuite?
|
|
Assignee | |
Comment 6•16 years ago
|
||
Pushed changeset 95e6729d8079. I didn't check in the test yet, because this is still security-sensitive.
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 7•16 years ago
|
||
Comment on attachment 342382 [details] [diff] [review] Fix Simple fix; should take on branch.
Attachment #342382 -
Flags: approval1.9.0.4?
|
||
Updated•16 years ago
|
Whiteboard: [sg:moderate]
|
|
||
Comment 8•16 years ago
|
||
Comment on attachment 342382 [details] [diff] [review] Fix Approved for 1.9.0.4, a=dveditz for release-drivers
Attachment #342382 -
Flags: approval1.9.0.4? → approval1.9.0.4+
|
||
Comment 10•16 years ago
|
||
Tomcat, could you verify this one for 1.9.0.4 as well since you have a debug build?
|
||
Comment 11•16 years ago
|
||
verified fixed using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.4pre) Gecko/2008102800 Firefox/3.0.4pre - i don't see the assertion from comment #0 when using the testcase from Jesse. --> Verified fixed1.9.04
Keywords: fixed1.9.0.4 → verified1.9.0.4
|
|
||
Updated•16 years ago
|
Group: core-security
|
|
Reporter | |
Updated•16 years ago
|
Flags: in-testsuite? → in-testsuite+
Depends on: 473680
You need to log in
before you can comment on or make changes to this bug.
Description
•