Last Comment Bug 655462 - "ASSERTION: aPrevFrame must be the last continuation in its chain!" with columns, abs pos
: "ASSERTION: aPrevFrame must be the last continuation in its chain!" with colu...
Status: RESOLVED FIXED
jesse nominated
: assertion, testcase
Product: Core
Classification: Components
Component: Layout (show other bugs)
: Trunk
: x86 Mac OS X
: -- normal (vote)
: mozilla10
Assigned To: :Ehsan Akhgari
:
Mentors:
Depends on:
Blocks: randomstyles 10209
  Show dependency treegraph
 
Reported: 2011-05-07 02:50 PDT by Jesse Ruderman
Modified: 2011-09-30 07:28 PDT (History)
10 users (show)
ehsan: in‑testsuite+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
-


Attachments
testcase (359 bytes, text/html)
2011-05-07 02:50 PDT, Jesse Ruderman
no flags Details
stack trace (mac debug) (2.17 KB, text/plain)
2011-05-07 02:56 PDT, Jesse Ruderman
no flags Details
Crashtest (1.29 KB, patch)
2011-09-29 16:00 PDT, :Ehsan Akhgari
roc: review+
Details | Diff | Splinter Review

Description Jesse Ruderman 2011-05-07 02:50:58 PDT
Created attachment 530821 [details]
testcase

###!!! ASSERTION: aPrevFrame must be the last continuation in its chain!: '!aPrevFrame || (!aPrevFrame->GetNextContinuation() || IS_TRUE_OVERFLOW_CONTAINER(aPrevFrame->GetNextContinuation())) && !IS_TRUE_OVERFLOW_CONTAINER(aPrevFrame)', file layout/base/nsFrameManager.cpp, line 499

Might be a regression from today's cedar merge:
http://hg.mozilla.org/mozilla-central/pushloghtml?changeset=62941612320d
Comment 1 Jesse Ruderman 2011-05-07 02:56:54 PDT
Created attachment 530823 [details]
stack trace (mac debug)
Comment 2 David Baron :dbaron: ⌚️UTC-7 (busy September 14-25) 2011-05-26 14:43:38 PDT
tracking-, since even *if* this were a sign of worse problems to come, they'd be problems that would be mitigated by frame poisoning.

Also, what do you mean by "Might be a regression"?
Comment 3 Jesse Ruderman 2011-05-26 18:45:25 PDT
> tracking-, since even *if* this were a sign of worse problems to come, they'd 
> be problems that would be mitigated by frame poisoning.

And web sites don't use columns with abs pos, so this shouldn't be a stability problem. Fair enough.

> Also, what do you mean by "Might be a regression"?

I got several reports from the fuzzer soon after the merge, which makes me think it's not a long-standing bug.
Comment 4 Timothy Nikkel (:tnikkel) 2011-05-26 22:11:39 PDT
Caused by part 1/2 of bug 10209 (14fe8a6cfd45 or b5c0b85194d6).

Ehsan, hopefully one of your followup patches fixes this.
Comment 5 :Ehsan Akhgari 2011-06-01 13:42:23 PDT
My followup patches do seem to fix this.
Comment 6 :Ehsan Akhgari 2011-09-29 16:00:55 PDT
Created attachment 563581 [details] [diff] [review]
Crashtest

The crash has been fixed.  Here's the crashtest.

Note You need to log in before you can comment on or make changes to this bug.