Closed
Bug 496062
Opened 16 years ago
Closed 15 years ago
Crash [@ nsSupportsArray::Clear] with iframe that changes parent's stylesheet and then uses document.open()
Categories
(Core :: Layout: Images, Video, and HTML Frames, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: assertion, crash, testcase, Whiteboard: [sg:critical?])
Crash Data
Attachments
(1 file)
(deleted),
text/html
|
Details |
###!!! ASSERTION: root element frame already created: 'nsnull == mRootElementFrame', file layout/base/nsCSSFrameConstructor.cpp, line 6416
###!!! ASSERTION: Shouldn't have any kids!: '!GetFirstChild(nsnull)', file layout/generic/nsViewportFrame.cpp, line 123
###!!! ASSERTION: Already have an undisplayed context entry for aContent: '!GetUndisplayedContent(aContent)', file layout/base/nsFrameManager.cpp, line 593
###!!! ASSERTION: unexpected mRootElementFrame: 'processChildren ? !mRootElementFrame : mRootElementFrame == contentFrame', file layout/base/nsCSSFrameConstructor.cpp, line 2673
Crash [@ nsSupportsArray::Clear] touching 0xdddddde5.
Reporter | ||
Updated•16 years ago
|
Whiteboard: [sg:critical?]
Reporter | ||
Comment 1•15 years ago
|
||
WFM on trunk, but bug 293347 still triggers a similar crash.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Updated•14 years ago
|
Crash Signature: [@ nsSupportsArray::Clear]
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•9 years ago
|
Group: core-security-release
Updated•6 years ago
|
Product: Core → Core Graveyard
Assignee | ||
Updated•6 years ago
|
Component: Layout: HTML Frames → Layout: Images
Product: Core Graveyard → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•