Closed
Bug 344881
Opened 18 years ago
Closed 17 years ago
"ASSERTION: Shallow unbind won't clear document and binding parent on kids!" involving iframe
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: assertion, testcase)
Attachments
(1 file, 1 obsolete file)
(deleted),
application/xhtml+xml
|
Details |
This testcase triggers ###!!! ASSERTION: Shallow unbind won't clear document and binding parent on kids!: 'aDeep || (!GetCurrentDoc() && !GetBindingParent())', file /Users/admin/trunk/mozilla/content/base/src/nsGenericElement.cpp, line 1963 during GC. Filing as security-sensitive because variations on this testcase (e.g. removing subDocElement instead of moving it) trigger the assertion in bug 323978.
Reporter | ||
Comment 1•18 years ago
|
||
Comment 2•18 years ago
|
||
This is basically the same situation as when you see this assert in bug 335896 comment 4. Similar reasons for it happening.
Depends on: 335896
Comment 3•17 years ago
|
||
The testcase doesn't work anymore, because bug 47903 was fixed. I guess adoptNode or something like that is needed.
Reporter | ||
Comment 4•17 years ago
|
||
Not sure I converted this correctly. It gives me JavaScript error: , line 0: uncaught exception: [Exception... "Node cannot be inserted at the specified point in the hierarchy" code: "3" nsresult: "0x80530003 (NS_ERROR_DOM_HIERARCHY_REQUEST_ERR)" location: "file:///Users/jruderman/Sites/fuzz3/344881.xhtml Line: 16"] which seems perfectly reasonable, since it creates an cycle of child elements (if you consider an iframe to have its contents as "children").
Attachment #229420 -
Attachment is obsolete: true
Reporter | ||
Comment 5•17 years ago
|
||
WFM, since the testcase (converted to use adoptNode) doesn't trigger the assertion.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
Comment 6•17 years ago
|
||
I'm seeing this assertion in my debug build with: https://bugzilla.mozilla.org/attachment.cgi?id=268571 (testcase from bug 384663) Should I file a new bug, or can this one be reopened?
Reporter | ||
Comment 7•17 years ago
|
||
Please file a new bug. The testcase is completely different. And maybe it doesn't need to be security-sensitive if you can reduce the testcase more :)
Updated•14 years ago
|
Group: core-security
Updated•14 years ago
|
Assignee: general → nobody
QA Contact: ian → general
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•