Closed
Bug 673770
Opened 13 years ago
Closed 13 years ago
"ASSERTION: prev sibling not in line list" with -moz-column, abs pos, huge font size
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
FIXED
mozilla8
Tracking | Status | |
---|---|---|
status1.9.2 | --- | unaffected |
People
(Reporter: jruderman, Assigned: MatsPalmgren_bugz)
References
Details
(Keywords: assertion, testcase, Whiteboard: [inbound])
Attachments
(5 files)
648 bytes,
text/html
|
Details | |
4.21 KB,
text/plain
|
Details | |
14.92 KB,
text/html
|
Details | |
6.54 KB,
patch
|
roc
:
review+
|
Details | Diff | Splinter Review |
1.59 KB,
patch
|
Details | Diff | Splinter Review |
Among the usual boring assertions about heights and stuff, which are covered by bug 569193 and bug 575011: ###!!! ASSERTION: Column set should be complete if the available height is unconstrained: 'NS_FRAME_IS_FULLY_COMPLETE(aStatus) || aReflowState.availableHeight != NS_UNCONSTRAINEDSIZE', file layout/generic/nsColumnSetFrame.cpp, line 1078 ###!!! ASSERTION: Shouldn't be incomplete if availableHeight is UNCONSTRAINED.: 'aReflowState.availableHeight != NS_UNCONSTRAINEDSIZE', file layout/generic/nsBlockFrame.cpp, line 1456 There's one scary assertion that doesn't appear in any other open bugs: ###!!! ASSERTION: prev sibling not in line list: 'Not Reached', file layout/generic/nsBlockFrame.cpp, line 4841
Reporter | ||
Comment 1•13 years ago
|
||
Comment 2•13 years ago
|
||
roc: please find someone on your team to investigate whether we need to worry about this.
Assignee: nobody → roc
Assignee: roc → matspal
Assignee | ||
Comment 3•13 years ago
|
||
I don't think we need to worry about this. The prev-sibling frame given by nsCSSFrameConstructor::ContentRangeInserted happens to be on the "Overflow-lines" list. nsBlockFrame::AddFrames only checks 'mLines': http://mxr.mozilla.org/mozilla-central/source/layout/generic/nsBlockFrame.cpp#4834 There is a bit of defensive programming for this case though that disregards the prev-sibling frame so the frames are prepended to the frame list. I've included a dump of the resulting frame tree. I don't think anything bad can happen other than some content likely being misplaced in the rendered page. We should probably make nsBlockFrame::AddFrames check overflow lines for a correct fix...
Assignee | ||
Comment 4•13 years ago
|
||
"lineList->back()->LastChild()" is a linear search but there's no way to avoid that since there's no nsFrameList backing the overflow list. It looks a bit silly to do that and then search backwards using RFindLineContaining, but we need a frame list later for the InsertFrames which means we have to find that last frame anyway.
Attachment #550083 -
Flags: review?(roc)
Assignee | ||
Comment 5•13 years ago
|
||
Comment on attachment 550083 [details] [diff] [review] check overflow lines too Review of attachment 550083 [details] [diff] [review]: ----------------------------------------------------------------- I assume you'll include the test...
Attachment #550083 -
Flags: review?(roc) → review+
Assignee | ||
Comment 7•13 years ago
|
||
Landed on inbound with test: http://hg.mozilla.org/integration/mozilla-inbound/rev/04a12efc218c http://hg.mozilla.org/integration/mozilla-inbound/rev/7ceb1468a822
Flags: in-testsuite+
Whiteboard: [inbound]
Target Milestone: --- → mozilla8
Assignee | ||
Comment 8•13 years ago
|
||
The defensive code in nsBlockFrame::AddFrames is present in all versions back to 1.9.1 (at least), so I think we can open this bug. http://mxr.mozilla.org/mozilla1.9.1/source/layout/generic/nsBlockFrame.cpp#4838
Assignee | ||
Comment 9•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/04a12efc218c http://hg.mozilla.org/mozilla-central/rev/7ceb1468a822
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 10•13 years ago
|
||
I don't think this is needed on any branches, see comment 3 and comment 8.
Comment 12•12 years ago
|
||
(In reply to Mats Palmgren [:mats] from comment #8) > The defensive code in nsBlockFrame::AddFrames is present in all versions > back to 1.9.1 (at least), so I think we can open this bug. dveditz / akeybl, are we OK to open this bug? (It was fixed in Firefox 8.)
Assignee | ||
Comment 13•11 years ago
|
||
I don't see anything security-sensitive about this bug now.
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•