"ASSERTION: Double UnblockOnload" with GIF in SVG in frame, memory pressure

NEW
Unassigned

Status

()

Core
ImageLib
5 years ago
5 years ago

People

(Reporter: Jesse Ruderman, Unassigned)

Tracking

(Blocks: 1 bug, {assertion, testcase})

Trunk
x86_64
Mac OS X
assertion, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

5 years ago
Created attachment 773524 [details]
testcase

1. Install https://www.squarefree.com/extensions/domFuzzLite3.xpi
2. Load the testcase

About half of the time, it trips:

###!!! ASSERTION: Double UnblockOnload!?: 'mCurrentRequestFlags & REQUEST_BLOCKS_ONLOAD', file content/base/src/nsImageLoadingContent.cpp, line 641
(Reporter)

Comment 1

5 years ago
Created attachment 773526 [details]
stack
(Reporter)

Comment 2

5 years ago
Can also hit:

###!!! ASSERTION: Double BlockOnload!?: '!(mCurrentRequestFlags & REQUEST_BLOCKS_ONLOAD)', file content/base/src/nsImageLoadingContent.cpp, line 618

###!!! ASSERTION: More UnblockOnload() calls than BlockOnload() calls; dropping call: 'Not Reached', file content/base/src/nsDocument.cpp, line 7880

Comment 3

5 years ago
This could be the same problem as bug 886080, which Kyle says is caused by decode-on-draw triggering re-entrancy into imagelib while notifications are being dispatched.
You need to log in before you can comment on or make changes to this bug.