Created attachment 530821 [details]
###!!! ASSERTION: aPrevFrame must be the last continuation in its chain!: '!aPrevFrame || (!aPrevFrame->GetNextContinuation() || IS_TRUE_OVERFLOW_CONTAINER(aPrevFrame->GetNextContinuation())) && !IS_TRUE_OVERFLOW_CONTAINER(aPrevFrame)', file layout/base/nsFrameManager.cpp, line 499
Might be a regression from today's cedar merge:
Created attachment 530823 [details]
stack trace (mac debug)
tracking-, since even *if* this were a sign of worse problems to come, they'd be problems that would be mitigated by frame poisoning.
Also, what do you mean by "Might be a regression"?
> tracking-, since even *if* this were a sign of worse problems to come, they'd
> be problems that would be mitigated by frame poisoning.
And web sites don't use columns with abs pos, so this shouldn't be a stability problem. Fair enough.
> Also, what do you mean by "Might be a regression"?
I got several reports from the fuzzer soon after the merge, which makes me think it's not a long-standing bug.
Caused by part 1/2 of bug 10209 (14fe8a6cfd45 or b5c0b85194d6).
Ehsan, hopefully one of your followup patches fixes this.
My followup patches do seem to fix this.
Created attachment 563581 [details] [diff] [review]
The crash has been fixed. Here's the crashtest.