Closed Bug 776337 Opened 12 years ago Closed 12 years ago

"ASSERTION: Should not use nsSVGIntegrationUtils on this SVG frame"

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla17
Tracking Flags:
Tracking Status
firefox15 --- unaffected
firefox16 + verified
firefox17 --- verified

People

(Reporter: jruderman, Assigned: jwatt)

References

Details

(Keywords: assertion, testcase)

Attachments

(3 files)

testcase
86 bytes, image/svg+xml
Details
stack trace
12.50 KB, text/plain
Details
patch
1.26 KB, patch
roc
: review+
lsblakk
: approval-mozilla-aurora+
Details | Diff | Splinter Review
Attached image testcase 
###!!! ASSERTION: Should not use nsSVGIntegrationUtils on this SVG frame: '!svgChildFrame || (NS_SVGDisplayListPaintingEnabled() && !(aFrame->GetStateBits() & NS_STATE_SVG_NONDISPLAY_CHILD))', file layout/svg/base/src/nsSVGIntegrationUtils.cpp, line 390
Attached file stack trace 

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patchSplinter Review
      

    


  
The assertion is getting upset because nsSVGOuterSVGFrame implements nsISVGChildFrame. The assertion should just check for the NS_FRAME_SVG_LAYOUT bit instead of nsISVGChildFrame.
Assignee: nobody → jwatt

        Attachment #647343 -
        Flags: review?(roc)

    
    

    
  
The test in bug 768351 is essentially the same as this one, which is why I didn't include it in this patch as a crashtest.

    
    

    
  
Pushed https://hg.mozilla.org/integration/mozilla-inbound/rev/eaa1c9822d8a
Blocks: 768351
Target Milestone: --- → mozilla17

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/eaa1c9822d8a
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED

    
    

    
  
Comment on attachment 647343 [details] [diff] [review]
patch

[Approval Request Comment]

The real bug we want to fix on aurora is bug 779403, but that bug depends on the fix in bug 768351, which in turn depends on the fix in this bug, so requesting approval on this patch.

Bug caused by (feature/regressing bug #): 738192
User impact if declined: SVG masking is broken
Testing completed (on m-c, etc.): patch has been on m-c for several days
Risk to taking this patch (and alternatives if risky): none
String or UUID changes made by this patch: none

        Attachment #647343 -
        Flags: approval-mozilla-aurora?

    
    

    
  
Err, for "Risk to taking this patch (and alternatives if risky)" I seem to have only processed the "alternatives" part. The risk is very low though, but yeah, there aren't really any viable alternatives.

        Attachment #647343 -
        Flags: approval-mozilla-aurora? → approval-mozilla-aurora+

    
  
Keywords: verifyme

    
    

    
  
Saw the assertion on 2012-07-22-mozilla-central-debug build.
Verified fixed on FF 16 2012-09-19-mozilla-beta-debug build on Mac OS X 10.7.4.

          status-firefox16:
          fixedverified
QA Contact: paul.silaghi

    
    

    
  
Verified fixed on FF 17 2012-10-15-mozilla-beta-debug build on Mac OS X 10.7.4.
Status: RESOLVED → VERIFIED

          status-firefox17:
          fixedverified
Keywords: verifyme

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: