Closed Bug 353897 Opened 13 years ago Closed 13 years ago

[FIX]Crash [@ nsMathMLContainerFrame::FixInterFrameSpacing] using position:fixed when position: static rule in mathml.css is removed

Categories

(Core :: MathML, defect, P1, critical)

defect

Tracking

()

RESOLVED FIXED
mozilla1.9alpha1

People

(Reporter: martijn.martijn, Assigned: bzbarsky)

References

Details

(4 keywords)

Crash Data

Attachments

(3 files)

See upcoming testcase, which crashes current trunk build when the following rule in mathml.css is removed:
/* MathML doesn't permit positioning */
*, * > *|* {
  position: static !important;
}

Talkback ID: TB23627768X
nsMathMLContainerFrame::FixInterFrameSpacing  [mozilla\layout\mathml\base\src\nsmathmlcontainerframe.cpp, line 1408]
nsMathMLContainerFrame::FinalizeReflow  [mozilla\layout\mathml\base\src\nsmathmlcontainerframe.cpp, line 530]
nsMathMLContainerFrame::Reflow  [mozilla\layout\mathml\base\src\nsmathmlcontainerframe.cpp, line 1136]
nsAbsoluteContainingBlock::ReflowAbsoluteFrame  [mozilla\layout\generic\nsabsolutecontainingblock.cpp, line 563]
Attached file testcase
So the issue here is that 

1404    nsMathMLContainerFrame::FixInterFrameSpacing(nsHTMLReflowMetrics& aDesiredSize)
1405    {
1406      nscoord gap = 0;
1407      nsIContent* parentContent = mParent->GetContent();
1408      nsIAtom *parentTag = parentContent->Tag();

crashes because mParent is the viewport, so parentContent is null.
Depends on: 322625
This should do what we want.
Attachment #239922 - Flags: superreview?(rbs)
Attachment #239922 - Flags: review?(rbs)
Again, I'd like to land this on branches.
Assignee: rbs → bzbarsky
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Summary: Crash [@ nsMathMLContainerFrame::FixInterFrameSpacing] using position:fixed when position: static rule in mathml.css is removed → [FIX]Crash [@ nsMathMLContainerFrame::FixInterFrameSpacing] using position:fixed when position: static rule in mathml.css is removed
Target Milestone: --- → mozilla1.9alpha
Blocks: 322625
No longer depends on: 322625
Comment on attachment 239922 [details] [diff] [review]
Disable floating and positioning of MathML frames.

I wouldn't care if <math> didn't float too, but it doesn't cost us much to have this isMath test.
Attachment #239922 - Flags: superreview?(rbs)
Attachment #239922 - Flags: superreview+
Attachment #239922 - Flags: review?(rbs)
Attachment #239922 - Flags: review+
Fixed on trunk.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment on attachment 239922 [details] [diff] [review]
Disable floating and positioning of MathML frames.

Requesting branch approvals.  This is MathML-only and should be pretty safe -- we have CSS that _should_ mostly prevent us hitting these cases anyway, but if we do hit them all this patch does is disallow mathml-namespaced nodes other than <math> from being floated or absolutely positioned or fixed-positioned.
Attachment #239922 - Flags: approval1.8.1?
Attachment #239922 - Flags: approval1.8.0.8?
Comment on attachment 239922 [details] [diff] [review]
Disable floating and positioning of MathML frames.

Approved for RC2.
Attachment #239922 - Flags: approval1.8.1? → approval1.8.1+
Fixed on the 1.8.1 branch.
Keywords: fixed1.8.1
Target Milestone: mozilla1.9alpha → mozilla1.8.1
Target Milestone: mozilla1.8.1 → mozilla1.9alpha
Flags: blocking1.8.0.8+
Comment on attachment 239922 [details] [diff] [review]
Disable floating and positioning of MathML frames.

approved for 1.8.0 branch, a=dveditz for drivers
Attachment #239922 - Flags: approval1.8.0.8? → approval1.8.0.8+
Fixed in 1.8.0.8
Keywords: fixed1.8.0.8
verified fixed with Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1) Gecko/20061002 Firefox/2.0
verified fixed on the 1.8.0 branch using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8. I do not crash with the testcase in Comment 1. Adding keyword.
Crash Signature: [@ nsMathMLContainerFrame::FixInterFrameSpacing]
You need to log in before you can comment on or make changes to this bug.