Last Comment Bug 181692 - [FIX]Crash if page sets display:inline on *|*:-moz-viewport
: [FIX]Crash if page sets display:inline on *|*:-moz-viewport
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: Layout: Misc Code (show other bugs)
: Trunk
: All All
: P1 critical (vote)
: mozilla1.3alpha
Assigned To: Boris Zbarsky [:bz] (still a bit busy)
: Nobody; OK to take it and work on it
: Jet Villegas (:jet)
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2002-11-23 20:23 PST by Boris Zbarsky [:bz] (still a bit busy)
Modified: 2002-11-25 15:41 PST (History)
1 user (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
testcase -- THIS CRASHES (102 bytes, text/html)
2002-11-23 20:24 PST, Boris Zbarsky [:bz] (still a bit busy)
no flags Details
Per irc conversation (6.33 KB, patch)
2002-11-24 12:10 PST, Boris Zbarsky [:bz] (still a bit busy)
no flags Details | Diff | Splinter Review
Oops. Need to move the namespace rule. (6.33 KB, patch)
2002-11-24 12:58 PST, Boris Zbarsky [:bz] (still a bit busy)
dbaron: superreview-
Details | Diff | Splinter Review
move non-HTML stuff out completely (9.04 KB, patch)
2002-11-24 15:56 PST, Boris Zbarsky [:bz] (still a bit busy)
karnaze: review+
dbaron: superreview+
Details | Diff | Splinter Review

Description Boris Zbarsky [:bz] (still a bit busy) 2002-11-23 20:23:50 PST
Testcase:

<html>
<head>
<style>
*|*:-moz-viewport {
  display: inline;
}
</style>
</head>
<body>
</body>
</html>

This will lead to a crash because the viewport frame will think it's not a
percentage base and nsHTMLReflowState::InitCBReflowState() will try to look at
the parent reflow state, which is null (this is nsPresShell::InitialReflow(),
called directly on the viewport).

We could make those rules !important.  We could make nsViewportFrame implement
its own IsPercentageBase().  We could even do both.  Thoughts?
Comment 1 Boris Zbarsky [:bz] (still a bit busy) 2002-11-23 20:24:24 PST
Created attachment 107257 [details]
testcase -- THIS CRASHES
Comment 2 David Baron :dbaron: ⌚️UTC-8 2002-11-24 10:18:40 PST
It seems broken that the viewport frame can have a style context with any
arbitrary display type.  Doing both seems like the right short-term fix, but in
general I guess I don't like style rules influencing these frames much at all...
Comment 3 David Baron :dbaron: ⌚️UTC-8 2002-11-24 10:19:42 PST
Actually, maybe it's better to just do the !important.
Comment 4 Boris Zbarsky [:bz] (still a bit busy) 2002-11-24 12:10:56 PST
Created attachment 107293 [details] [diff] [review]
Per irc conversation
Comment 5 Boris Zbarsky [:bz] (still a bit busy) 2002-11-24 12:58:29 PST
Created attachment 107295 [details] [diff] [review]
Oops.  Need to move the namespace rule.
Comment 6 David Baron :dbaron: ⌚️UTC-8 2002-11-24 13:31:25 PST
Comment on attachment 107295 [details] [diff] [review]
Oops.  Need to move the namespace rule.

Hmmm.  The division between what you moved to ua.css and what stayed in
html.css seems rather arbitrary.  Maybe it would be better to leave that
organization as-is, or move more?
Comment 7 Boris Zbarsky [:bz] (still a bit busy) 2002-11-24 13:35:50 PST
Yeah... I basically moved the "magic" section....

I'll look over the other ones and see which should be moved.
Comment 8 Boris Zbarsky [:bz] (still a bit busy) 2002-11-24 15:56:21 PST
Created attachment 107309 [details] [diff] [review]
move non-HTML stuff out completely

This moves everything that does not use HTML elements in the selector.
Comment 9 Boris Zbarsky [:bz] (still a bit busy) 2002-11-25 15:41:09 PST
fixed

Note You need to log in before you can comment on or make changes to this bug.