corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1782501 - Be defensive against flush counts getting out of sync for parser-created about:blank. a=RyanVM DONTBUILD

Browse Source 
Original Revision: https://phabricator.services.mozilla.com/D266750

Differential Revision: https://phabricator.services.mozilla.com/D267162
This commit is contained in:
Henri Sivonen
2025-10-03 01:38:28 +00:00
committed by rvandermeulen@mozilla.com
parent a11f5b9cfc
commit 7253f21762
1 changed files with 23 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
dom/html/nsHTMLContentSink.cpp
View File

@@ -740,27 +740,33 @@ nsresult HTMLContentSink::OpenBody() {
mCurrentContext->mStack[parentIndex].mContent;
int32_t numFlushed = mCurrentContext->mStack[parentIndex].mNumFlushed;
int32_t childCount = parent->GetChildCount();
NS_ASSERTION(numFlushed < childCount, "Already notified on the body?");
if (numFlushed < childCount) {
int32_t insertionPoint =
mCurrentContext->mStack[parentIndex].mInsertionPoint;
int32_t insertionPoint =
mCurrentContext->mStack[parentIndex].mInsertionPoint;
// XXX: I have yet to see a case where numFlushed is non-zero and
// insertionPoint is not -1, but this code will try to handle
// those cases too.
// XXX: I have yet to see a case where numFlushed is non-zero and
// insertionPoint is not -1, but this code will try to handle
// those cases too.
uint32_t oldUpdates = mUpdatesInNotification;
mUpdatesInNotification = 0;
if (insertionPoint != -1) {
NotifyInsert(parent, mBody);
uint32_t oldUpdates = mUpdatesInNotification;
mUpdatesInNotification = 0;
if (insertionPoint != -1) {
NotifyInsert(parent, mBody);
} else {
NotifyAppend(parent, numFlushed);
}
mCurrentContext->mStack[parentIndex].mNumFlushed = childCount;
if (mUpdatesInNotification > 1) {
UpdateChildCounts();
}
mUpdatesInNotification = oldUpdates;
} else {
NotifyAppend(parent, numFlushed);
MOZ_ASSERT(
false,
"This isn't supposed to happen but per bug 1782501 actually does "
"with the NoScript extension. Please debug if this assertion fails.");
mCurrentContext->mStack[parentIndex].mNumFlushed = childCount;
}
mCurrentContext->mStack[parentIndex].mNumFlushed = childCount;
if (mUpdatesInNotification > 1) {
UpdateChildCounts();
}
mUpdatesInNotification = oldUpdates;
}
StartLayout(false);