Last Comment Bug 181692 - [FIX]Crash if page sets display:inline on *|*:-moz-viewport
: [FIX]Crash if page sets display:inline on *|*:-moz-viewport
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: Layout: Misc Code (show other bugs)
: Trunk
: All All
: P1 critical (vote)
: mozilla1.3alpha
Assigned To: Boris Zbarsky [:bz]
: Nobody; OK to take it and work on it
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2002-11-23 20:23 PST by Boris Zbarsky [:bz]
Modified: 2002-11-25 15:41 PST (History)
1 user (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
testcase -- THIS CRASHES (102 bytes, text/html)
2002-11-23 20:24 PST, Boris Zbarsky [:bz]
no flags Details
Per irc conversation (6.33 KB, patch)
2002-11-24 12:10 PST, Boris Zbarsky [:bz]
no flags Details | Diff | Splinter Review
Oops. Need to move the namespace rule. (6.33 KB, patch)
2002-11-24 12:58 PST, Boris Zbarsky [:bz]
dbaron: superreview-
Details | Diff | Splinter Review
move non-HTML stuff out completely (9.04 KB, patch)
2002-11-24 15:56 PST, Boris Zbarsky [:bz]
karnaze: review+
dbaron: superreview+
Details | Diff | Splinter Review

Description Boris Zbarsky [:bz] 2002-11-23 20:23:50 PST
Testcase:

<html>
<head>
<style>
*|*:-moz-viewport {
  display: inline;
}
</style>
</head>
<body>
</body>
</html>

This will lead to a crash because the viewport frame will think it's not a
percentage base and nsHTMLReflowState::InitCBReflowState() will try to look at
the parent reflow state, which is null (this is nsPresShell::InitialReflow(),
called directly on the viewport).

We could make those rules !important.  We could make nsViewportFrame implement
its own IsPercentageBase().  We could even do both.  Thoughts?
Comment 1 Boris Zbarsky [:bz] 2002-11-23 20:24:24 PST
Created attachment 107257 [details]
testcase -- THIS CRASHES
Comment 2 David Baron :dbaron: ⌚️UTC+2 (mostly busy through August 4; review requests must explain patch) 2002-11-24 10:18:40 PST
It seems broken that the viewport frame can have a style context with any
arbitrary display type.  Doing both seems like the right short-term fix, but in
general I guess I don't like style rules influencing these frames much at all...
Comment 3 David Baron :dbaron: ⌚️UTC+2 (mostly busy through August 4; review requests must explain patch) 2002-11-24 10:19:42 PST
Actually, maybe it's better to just do the !important.
Comment 4 Boris Zbarsky [:bz] 2002-11-24 12:10:56 PST
Created attachment 107293 [details] [diff] [review]
Per irc conversation
Comment 5 Boris Zbarsky [:bz] 2002-11-24 12:58:29 PST
Created attachment 107295 [details] [diff] [review]
Oops.  Need to move the namespace rule.
Comment 6 David Baron :dbaron: ⌚️UTC+2 (mostly busy through August 4; review requests must explain patch) 2002-11-24 13:31:25 PST
Comment on attachment 107295 [details] [diff] [review]
Oops.  Need to move the namespace rule.

Hmmm.  The division between what you moved to ua.css and what stayed in
html.css seems rather arbitrary.  Maybe it would be better to leave that
organization as-is, or move more?
Comment 7 Boris Zbarsky [:bz] 2002-11-24 13:35:50 PST
Yeah... I basically moved the "magic" section....

I'll look over the other ones and see which should be moved.
Comment 8 Boris Zbarsky [:bz] 2002-11-24 15:56:21 PST
Created attachment 107309 [details] [diff] [review]
move non-HTML stuff out completely

This moves everything that does not use HTML elements in the selector.
Comment 9 Boris Zbarsky [:bz] 2002-11-25 15:41:09 PST
fixed

Note You need to log in before you can comment on or make changes to this bug.