Closed
Bug 534366
Opened 15 years ago
Closed 15 years ago
"ASSERTION: Some pres arena objects were not freed" with MathML, :first-line, :before
Categories
(Core :: Layout, defect, P1)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
blocking2.0 | --- | alpha1+ |
status1.9.2 | --- | unaffected |
status1.9.1 | --- | unaffected |
People
(Reporter: jruderman, Assigned: roc)
References
Details
(4 keywords, Whiteboard: [sg:investigate])
Attachments
(3 files)
###!!! ASSERTION: Some pres arena objects were not freed: 'mPresArenaAllocCount == 0', file /Users/jruderman/mozilla-central/layout/base/nsPresShell.cpp, line 1550 This assertion often indicates the presence of a security hole (which frame poisoning does not mitigate).
Reporter | ||
Comment 1•15 years ago
|
||
Assignee | ||
Updated•15 years ago
|
Assignee: nobody → roc
blocking2.0: --- → ?
Blocks: 523468
Comment on attachment 417273 [details] [diff] [review] fix r=dbaron (seems like an additional piece of the fix in bug 523468)
Attachment #417273 -
Flags: review?(dbaron) → review+
Comment 5•15 years ago
|
||
This also fixes bug 525986.
Assignee | ||
Comment 6•15 years ago
|
||
(In reply to comment #4) > (seems like an additional piece of the fix in bug 523468) Indeed. (In reply to comment #5) > This also fixes bug 525986. Great!
Blocks: 525986
Whiteboard: [needs landing]
Comment 7•15 years ago
|
||
from the patch we're using an uninitialzed irs.mLineLayout?
status1.9.1:
--- → unaffected
status1.9.2:
--- → unaffected
Keywords: regression
Whiteboard: [needs landing] → [needs landing][sg:investigate]
Assignee | ||
Comment 8•15 years ago
|
||
No. The constructor initializes mLineLayout to null.
Assignee | ||
Comment 9•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/56f45a084369
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: [needs landing][sg:investigate] → [sg:investigate]
Assignee | ||
Updated•14 years ago
|
Whiteboard: [sg:investigate] → [sg:investigate][needs landing]
Assignee | ||
Updated•14 years ago
|
blocking2.0: ? → alpha1
Priority: -- → P1
Updated•14 years ago
|
Group: core-security
Reporter | ||
Comment 11•14 years ago
|
||
Crashtests: http://hg.mozilla.org/mozilla-central/rev/4a4e6dea49bd
Flags: in-testsuite? → in-testsuite+
Assignee | ||
Updated•13 years ago
|
Whiteboard: [sg:investigate][needs landing] → [sg:investigate]
You need to log in
before you can comment on or make changes to this bug.
Description
•