Created attachment 553115 [details]
testcase (asserts fatally when loaded)
###!!! ABORT: Shouldn't have current interval in startup or postactive states: '!mCurrentInterval', file content/smil/nsSMILTimedElement.cpp, line 576
Created attachment 553116 [details]
Harmless in opt
Created attachment 557068 [details] [diff] [review]
Proposed patch with testcase
The problem is we were calling Rewind -> ClearIntervals -> ResetCurrentInterval
Inside ResetCurrentInterval, when we unlink the current interval, we can get callbacks that actually set the current interval again, right after we cleared it. That is, there is no guarantee that at the end of a call to ResetCurrentInterval, mCurrentInterval will be nsnull, just that the previously-current interval (if any) will have been cleared. Likewise for ClearIntervals.
However, Rewind was assuming that mCurrentInterval would be nsnull. That was probably valid a while back since when we were setting mElementState to STATE_STARTUP in advance since so long as we're in the startup state we won't bother updating the current interval and mCurrentInterval will stay nsnull. However, when we refactored out ClearIntervals we made it change the state to STATE_POSTACTIVE which meant that assumption no longer held.
For now, I've made it set the state to STATE_STARTUP before clearing the intervals so we'll ignore any attempts to update the current interval from that point on.
By the way, I reshuffled a couple of lines in content/smil/crashtests/crashtests.list because the numbering got out of sequence somehow. I just thought I'd fix it while I was already touching that file.
Pushed to m-i: