Closed
Bug 563481
Opened 15 years ago
Closed 6 years ago
"ASSERTION: Want to fire mutation events, but it's not safe" with <svg:use>, <svg:symbol>
Categories
(Core :: DOM: Core & HTML, defect, P5)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla65
People
(Reporter: jruderman, Assigned: dholbert)
References
()
Details
(Keywords: assertion, sec-other, testcase, Whiteboard: [sg:nse][adv-main65-])
Attachments
(2 files)
testcase
content/svg/content/src/crashtests/307322-1.svg triggers
###!!! ASSERTION: Want to fire mutation events, but it's not safe: '(aNode->IsNodeOfType(nsINode::eCONTENT) && static_cast<nsIContent*>(aNode)-> IsInNativeAnonymousSubtree()) || sScriptBlockerCount == sRemovableScriptBlockerCount', file /Users/jruderman/central/content/base/src/nsContentUtils.cpp, line 3537
This assertion was added in bug 429175.
Flags: in-testsuite+
|
Reporter | |
Comment 1•15 years ago
|
||
|
|
Reporter | |
Updated•15 years ago
|
Summary: "ASSERTION: Want to fire mutation events, but it's not safe" → "ASSERTION: Want to fire mutation events, but it's not safe" with <svg:use>
Group: core-security
Whiteboard: [sg:nse]
|
||
Comment 4•15 years ago
|
||
SVG use cloned content is pretty much native anonymous except in nsCSSFrameConstructor::GetAnonymousContent we don't set the native anonymous flags, which is probably what's causing the assertion to fire.
|
||
Comment 5•15 years ago
|
||
This is showing up on the 64-bit OS X tinderbox:
http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1273150994.1273154478.14600.gz
OS X 10.6.2 mozilla-central leak test build on 2010/05/06 06:03:14
|
|
Reporter | |
Comment 6•15 years ago
|
||
Based on the stack trace, that's bug 563491, not this bug.
|
|
||
Comment 7•15 years ago
|
||
Thanks. Couldn't find that bug because I'm not s-g. :-/
|
Assignee | |
Comment 8•14 years ago
|
||
Here's a reduced testcase (a bit simpler than 307322-1.svg -- doesn't have any recursive <use>) that triggers this assertion failure in current mozilla-central.
It seems specific to <symbol>; if the <use>-target is something other than <symbol> (like a <g> for example), the assertion-failure goes away.
|
|
Assignee | |
Updated•14 years ago
|
OS: Mac OS X → All
Hardware: x86 → All
Summary: "ASSERTION: Want to fire mutation events, but it's not safe" with <svg:use> → "ASSERTION: Want to fire mutation events, but it's not safe" with <svg:use>, <svg:symbol>
Depends on: 650493
|
||
Comment 9•6 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046
Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.
If you have questions, please contact :mdaly.
Priority: -- → P5
|
||
Comment 10•6 years ago
|
||
The testcase doesn't seem to fire any assertions now. Do you want to check it in and close this Daniel?
Flags: needinfo?(dholbert)
|
|
||
Comment 11•6 years ago
|
||
Should be able to change https://dxr.mozilla.org/mozilla-central/source/dom/svg/crashtests/crashtests.list to remove the asserts(0-6) I think.
|
|
Assignee | |
Comment 12•6 years ago
|
||
Indeed, nice catch! Sure, I'll make that manifest tweak and close this out.
|
|
Assignee | |
Comment 13•6 years ago
|
||
Flags: needinfo?(dholbert)
|
||
Comment 14•6 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox65:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
|
||
Updated•6 years ago
|
Assignee: nobody → dholbert
status-firefox63:
--- → wontfix
status-firefox64:
--- → wontfix
status-firefox-esr60:
--- → wontfix
|
||
Updated•6 years ago
|
Whiteboard: [sg:nse] → [sg:nse][adv-main65-]
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•