Last Comment Bug 626262 - "ASSERTION: ownerDocument changed again after adopting!" with mutation event
: "ASSERTION: ownerDocument changed again after adopting!" with mutation event
Status: RESOLVED FIXED
: [sg:high?] [qa-examined-192]
: assertion, testcase
Product: Core
Classification: Components
Component: DOM
: Trunk
: x86 Mac OS X
: -- normal (vote)
: mozilla5
Assigned To: Peter Van der Beken [:peterv]
: general
:
:
: 325861 594645 418755
  Show dependency treegraph
 
Reported: 2011-01-16 13:54 PST by Jesse Ruderman
Modified: 2011-07-12 08:29 PDT (History)
10 users (show)
See Also:
Crash Signature:
  ---
  fixed
  ---
  ---
  ---
  ---
  ---
  ---
  ---
  ---
  ---
  .18+
  .18-fixed
  ---
  .20-fixed


Attachments
testcase (611 bytes, text/html)
2011-01-16 13:54 PST, Jesse Ruderman
no flags Details
stack trace (3.21 KB, text/plain)
2011-01-16 13:55 PST, Jesse Ruderman
no flags Details
v1 (4.94 KB, patch)
2011-02-17 04:23 PST, Peter Van der Beken [:peterv]
no flags Details | Diff | Splinter Review
v1.1 (7.15 KB, patch)
2011-03-07 09:03 PST, Peter Van der Beken [:peterv]
bzbarsky: review+
Details | Diff | Splinter Review
v1.1 (branch) (6.23 KB, patch)
2011-05-18 11:23 PDT, Peter Van der Beken [:peterv]
dveditz: approval1.9.2.18+
dveditz: approval1.9.1.20+
Details | Diff | Splinter Review

Summon comment box

Description Jesse Ruderman 2011-01-16 13:54:37 PST
Created attachment 504299 [details]
testcase

###!!! ASSERTION: ownerDocument changed again after adopting!: 'HasSameOwnerDoc(newContent) && doc == GetOwnerDoc()', file content/base/src/nsGenericElement.cpp, line 4066
Comment 1 Jesse Ruderman 2011-01-16 13:55:10 PST
Created attachment 504300 [details]
stack trace
Comment 2 Boris Zbarsky (:bz) 2011-01-16 18:09:56 PST
Peter?
Comment 3 Peter Van der Beken [:peterv] 2011-02-06 01:39:36 PST
Closing this. Having a node in one document with a different ownerDocument might lead to cross-origin information leaks?
Comment 4 Peter Van der Beken [:peterv] 2011-02-17 04:23:18 PST
Created attachment 513082 [details] [review]
v1

Needs some more testing.
Comment 5 Peter Van der Beken [:peterv] 2011-03-07 09:03:27 PST
Created attachment 517440 [details] [review]
v1.1
Comment 6 Boris Zbarsky (:bz) 2011-03-07 09:38:18 PST
Comment on attachment 517440 [details] [review]
v1.1

r=me
Comment 7 Peter Van der Beken [:peterv] 2011-04-02 08:23:28 PDT
http://hg.mozilla.org/mozilla-central/rev/12ea0bd80e2e
Comment 8 Daniel Veditz 2011-05-13 10:53:36 PDT
Comment on attachment 517440 [details] [review]
v1.1

Is this patch really going to work on the branches as-is?
Comment 9 Christian Legnitto [:LegNeato] 2011-05-16 10:26:22 PDT
Need an answer to comment 8 before we can approve.
Comment 10 Peter Van der Beken [:peterv] 2011-05-18 11:23:30 PDT
Created attachment 533336 [details] [review]
v1.1 (branch)

Here's the patch merged to the 1.9.2 branch.
Comment 11 Daniel Veditz 2011-05-20 09:52:14 PDT
Comment on attachment 533336 [details] [review]
v1.1 (branch)

Approved for 1.9.2.18 and 1.9.1.20, a=dveditz for release-drivers
Comment 12 Peter Van der Beken [:peterv] 2011-06-01 13:35:47 PDT
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/b86d93d36a78
Comment 13 Peter Van der Beken [:peterv] 2011-06-02 06:59:09 PDT
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/5eb1fd50c7ad

Note You need to log in before you can comment on or make changes to this bug.