The default bug view has changed. See this FAQ.

"ABORT: should not get marked modified during parsing"

VERIFIED FIXED in Firefox 9

Status

()

Core
CSS Parsing and Computation
P1
critical
VERIFIED FIXED
6 years ago
5 years ago

People

(Reporter: Jesse Ruderman, Assigned: bz)

Tracking

(Blocks: 1 bug, 4 keywords)

Trunk
mozilla10
x86_64
Mac OS X
assertion, testcase, verified-aurora, verified-beta
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(firefox9 fixed)

Details

(Whiteboard: [qa!])

Attachments

(3 attachments)

(Reporter)

Description

6 years ago
Created attachment 563920 [details]
testcase (asserts fatally when loaded)

###!!! ABORT: should not get marked modified during parsing: '!data->mSheet->IsModified()', file layout/style/Loader.cpp, line 1748

Could this be a regression from bug 185236?
(Reporter)

Comment 1

6 years ago
Created attachment 563921 [details]
stack trace
Yes.  The bug is in the assertion itself, though.

The issue is that the appendChild call in this case will go ahead and create a new stylesheet which is all set to go.  It will also post an async SheetComplete for it.  Then the very next line of script will modify the sheet.

The assertion just needs to move into the !mSheetAlreadyComplete block.
Assignee: nobody → bzbarsky
Blocks: 185236
Priority: -- → P1
Whiteboard: [need review]
Created attachment 564116 [details] [diff] [review]
Don't assert that sheets are not modified when it would be just fine for them to be modified.
Attachment #564116 - Flags: review?(peterv)
Attachment #564116 - Flags: review?(peterv) → review+
Whiteboard: [need review] → [need landing]
https://hg.mozilla.org/integration/mozilla-inbound/rev/f5aa42137fbc
Flags: in-testsuite+
Whiteboard: [need landing]
Target Milestone: --- → mozilla10
Comment on attachment 564116 [details] [diff] [review]
Don't assert that sheets are not modified when it would be just fine for them to be modified.

I believe we should take this on aurora.  It's a very safe change (debug-only code moving around), and will keep this bug from getting in the way of Jesse's fuzzers.
Attachment #564116 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/f5aa42137fbc
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED

Updated

6 years ago
Attachment #564116 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
https://hg.mozilla.org/releases/mozilla-aurora/rev/625b0a5109eb
status-firefox9: --- → fixed
Whiteboard: [qa+]

Comment 8

5 years ago
Hi guys.
In order to verify this bug, it's enough if I load the test case from the attachments and observe that Firefox isn't crashing?
Thanks
In a debug build, yes.

Comment 10

5 years ago
Setting resolution to Verified Fixed on debug builds:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20111201 Firefox/9.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a2) Gecko/20111202 Firefox/10.0a2
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0a1) Gecko/20111205 Firefox/11.0a1

Based on comment8 and comment9, I have loaded the test case from the description and Firefox did not crash.
Status: RESOLVED → VERIFIED
Keywords: verified-aurora, verified-beta
Whiteboard: [qa+] → [qa!]
You need to log in before you can comment on or make changes to this bug.