Closed
Bug 768351
Opened 12 years ago
Closed 12 years ago
"ABORT: Passed bad frame" with mask pointing at data: URL
Categories
(Core :: SVG, defect)
Tracking
()
VERIFIED
FIXED
mozilla17
Tracking | Status | |
---|---|---|
firefox15 | --- | unaffected |
firefox16 | + | verified |
firefox17 | --- | verified |
People
(Reporter: jruderman, Assigned: jwatt)
References
Details
(Keywords: assertion, testcase)
Attachments
(3 files, 1 obsolete file)
85 bytes,
image/svg+xml
|
Details | |
6.18 KB,
text/plain
|
Details | |
1.47 KB,
patch
|
longsonr
:
review+
lsblakk
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
###!!! ABORT: Passed bad frame!: 'aFrame->IsFrameOfType(nsIFrame::eSVG) && !(aFrame->GetStateBits() & NS_STATE_IS_OUTER_SVG)', file layout/svg/base/src/nsSVGUtils.cpp, line 614
Reporter | ||
Comment 1•12 years ago
|
||
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → jwatt
Assignee | ||
Comment 2•12 years ago
|
||
We're making the wrong invalidate call for masks applied to outer-<svg>. This fixes that.
Attachment #647229 -
Flags: review?(roc)
Assignee | ||
Comment 3•12 years ago
|
||
Now with crashtests.list change.
Attachment #647229 -
Attachment is obsolete: true
Attachment #647229 -
Flags: review?(roc)
Attachment #647231 -
Flags: review?(roc)
Comment 4•12 years ago
|
||
Comment on attachment 647231 [details] [diff] [review] patch >+ if ((mFrame->GetStateBits() & NS_FRAME_SVG_LAYOUT)) { One set of brackets is surely enough. r=longsonr with that change
Attachment #647231 -
Flags: review?(roc) → review+
Assignee | ||
Comment 5•12 years ago
|
||
(In reply to Robert Longson from comment #4) > r=longsonr with that change Thanks. It's common convention to flag bitwise-and with an extra pair of parenthesis though, and I think some compilers warn if you don't. For that reason I checked it in with the extra parenthesis. https://hg.mozilla.org/integration/mozilla-inbound/rev/7ac323ff812e
Target Milestone: --- → mozilla17
Comment 6•12 years ago
|
||
The only warn if you use compare to something e.g. if (a & b == c) as that's probably not going to work as intended.
Comment 7•12 years ago
|
||
Sorry, I backed this out on inbound because the test fails with an assertion: https://hg.mozilla.org/integration/mozilla-inbound/rev/205889645965 https://tbpl.mozilla.org/php/getParsedLog.php?id=13978494&tree=Mozilla-Inbound ++DOMWINDOW == 87 (0xb271b3c) [serial = 3858] [outer = 0xac582a0] ###!!! ASSERTION: Should not use nsSVGIntegrationUtils on this SVG frame: '!svgChildFrame || (NS_SVGDisplayListPaintingEnabled() && !(aFrame->GetStateBits() & NS_STATE_SVG_NONDISPLAY_CHILD))', file ../../../../../layout/svg/base/src/nsSVGIntegrationUtils.cpp, line 390 std::map<ogg_packet*, long, std::less<ogg_packet*>, std::allocator<std::pair<ogg_packet* const, long> > >::operator[](ogg_packet* const&) (/home/cltbld/talos-slave/test/build/firefox/libxul.so) std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > >::push_back(nsRefPtr<imgCacheEntry> const&) (/home/cltbld/talos-slave/test/build/firefox/libxul.so) std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > >::push_back(nsRefPtr<imgCacheEntry> const&) (/home/cltbld/talos-slave/test/build/firefox/libxul.so) std::vector<mozilla::gfx::GradientStop, std::allocator<mozilla::gfx::GradientStop> >::push_back(mozilla::gfx::GradientStop const&) (/home/cltbld/talos-slave/test/build/firefox/libxul.so)
Target Milestone: mozilla17 → ---
Assignee | ||
Comment 8•12 years ago
|
||
(In reply to Matt Brubeck (:mbrubeck) from comment #7) > Sorry, I backed this out Thanks for backing it out.
Assignee | ||
Comment 9•12 years ago
|
||
Pushed https://hg.mozilla.org/integration/mozilla-inbound/rev/cb2bc08167c7
Target Milestone: --- → mozilla17
Comment 10•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/cb2bc08167c7
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 11•12 years ago
|
||
This fixed bug 779403.
Blocks: 779403
status-firefox15:
--- → unaffected
status-firefox16:
--- → affected
status-firefox17:
--- → affected
tracking-firefox16:
--- → ?
Assignee | ||
Comment 12•12 years ago
|
||
Comment on attachment 647231 [details] [diff] [review] patch [Approval Request Comment] The real bug we want to fix on aurora is bug 779403, but this bug's patch fixed that bug, so requesting approval on this patch. Bug caused by (feature/regressing bug #): 738192 User impact if declined: SVG masking is broken Testing completed (on m-c, etc.): patch has been on m-c for several days Risk to taking this patch (and alternatives if risky): none String or UUID changes made by this patch: none
Attachment #647231 -
Flags: approval-mozilla-aurora?
Assignee | ||
Comment 13•12 years ago
|
||
Err, for "Risk to taking this patch (and alternatives if risky)" I seem to have only processed the "alternatives" part. The risk is very low though, but yeah, there aren't really any viable alternatives.
Comment 14•12 years ago
|
||
Tracking and updating the status for 17.
Updated•12 years ago
|
Attachment #647231 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Assignee | ||
Comment 15•12 years ago
|
||
Pushed https://hg.mozilla.org/releases/mozilla-aurora/rev/74324fb8f642
Comment 16•12 years ago
|
||
I have tried this on: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:16.0) Gecko/20120917 Firefox/16.0 debug build using the test case provided and there is no assertion, no abord message. Changing the flag to Verified on Firefox 16.
Comment 17•12 years ago
|
||
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/17.0 Firefox/17.0 (latest beta debug buid) Verified the fix on the above build: there is no assertion/abort message when opening the testcase attached in bug description.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•