113 nsFrameList::RemoveFrame(nsIFrame* aFrame) 114 { 115 NS_PRECONDITION(aFrame, "null ptr"); 116 #ifdef DEBUG_FRAME_LIST 117 // ContainsFrame is O(N) 118 NS_PRECONDITION(ContainsFrame(aFrame), "wrong list"); 119 #endif 120 121 nsIFrame* nextFrame = aFrame->GetNextSibling(); 1946 nsTableFrame::PushChildren(const RowGroupArray& aRowGroups, 1947 PRInt32 aPushFrom) 1948 { 1949 NS_PRECONDITION(aPushFrom > 0, "pushing first child"); 1950 1951 // extract the frames from the array into a sibling list 1952 nsFrameList frames; 1953 PRUint32 childX; 1954 for (childX = aPushFrom; childX < aRowGroups.Length(); ++childX) { 1955 nsTableRowGroupFrame* rgFrame = aRowGroups[childX]; 1956 if (!rgFrame || !rgFrame->IsRepeatable()) { 1957 mFrames.RemoveFrame(rgFrame);

Luckily, we never actually have null there, afaik.

ok, i read the code and agree this shouldn't happen. my current mailbox also has no indication of a crash for this codepath.