"ASSERTION: aPrevFrame must be the last continuation in its chain!" with columns, abs pos

RESOLVED FIXED in mozilla10

Status

()

Core
Layout
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Jesse Ruderman, Assigned: Ehsan)

Tracking

(Blocks: 1 bug, {assertion, testcase})

Trunk
mozilla10
x86
Mac OS X
assertion, testcase
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(firefox6-)

Details

(Whiteboard: jesse nominated)

Attachments

(3 attachments)

(Reporter)

Description

6 years ago
Created attachment 530821 [details]
testcase

###!!! ASSERTION: aPrevFrame must be the last continuation in its chain!: '!aPrevFrame || (!aPrevFrame->GetNextContinuation() || IS_TRUE_OVERFLOW_CONTAINER(aPrevFrame->GetNextContinuation())) && !IS_TRUE_OVERFLOW_CONTAINER(aPrevFrame)', file layout/base/nsFrameManager.cpp, line 499

Might be a regression from today's cedar merge:
http://hg.mozilla.org/mozilla-central/pushloghtml?changeset=62941612320d
(Reporter)

Comment 1

6 years ago
Created attachment 530823 [details]
stack trace (mac debug)
(Reporter)

Updated

6 years ago
tracking-firefox6: --- → ?

Updated

6 years ago
Whiteboard: jesse nominated
tracking-, since even *if* this were a sign of worse problems to come, they'd be problems that would be mitigated by frame poisoning.

Also, what do you mean by "Might be a regression"?
tracking-firefox6: ? → -
(Reporter)

Comment 3

6 years ago
> tracking-, since even *if* this were a sign of worse problems to come, they'd 
> be problems that would be mitigated by frame poisoning.

And web sites don't use columns with abs pos, so this shouldn't be a stability problem. Fair enough.

> Also, what do you mean by "Might be a regression"?

I got several reports from the fuzzer soon after the merge, which makes me think it's not a long-standing bug.
Caused by part 1/2 of bug 10209 (14fe8a6cfd45 or b5c0b85194d6).

Ehsan, hopefully one of your followup patches fixes this.
Blocks: 10209
My followup patches do seem to fix this.
Assignee: nobody → ehsan
Created attachment 563581 [details] [diff] [review]
Crashtest

The crash has been fixed.  Here's the crashtest.
Attachment #563581 - Flags: review?(roc)
Attachment #563581 - Flags: review?(roc) → review+
https://hg.mozilla.org/mozilla-central/rev/98bb04b061d2
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla10
You need to log in before you can comment on or make changes to this bug.