372561 - mFlags not updated

Status: RESOLVED INVALID

(Core :: Layout, defect)

Description

[Chongfeng Hu]

User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Build Identifier: firef0x 2.0.0.1

I checked part of the code of firefox, and found that in struct nsHTMLReflowMetrics, which is defined in file layout/generic/nsHTMLReflowMetrics.h, there are two important fields: mOverflowArea and mFlags. Usually when mOverflowArea is updated, mFlags should also be updated. However, in file layout/generic/nsFrame.cpp, in function PRBool nsFrame::IsFrameTreeTooDeep(const nsHTMLReflowState& aReflowState, nsHTMLReflowMetrics& aMetrics), I saw the following code:

  if (aReflowState.mReflowDepth >  MAX_FRAME_DEPTH) {
    mState |= NS_FRAME_IS_UNFLOWABLE;
    mState &= ~NS_FRAME_OUTSIDE_CHILDREN;
    aMetrics.width = 0;
    aMetrics.height = 0;
    aMetrics.ascent = 0;
    aMetrics.descent = 0;
    aMetrics.mCarriedOutBottomMargin.Zero();
    aMetrics.mOverflowArea.x = 0;
    aMetrics.mOverflowArea.y = 0;
    aMetrics.mOverflowArea.width = 0;
    aMetrics.mOverflowArea.height = 0;
    if (aMetrics.mComputeMEW) {
      aMetrics.mMaxElementWidth = 0;
    }
    return PR_TRUE;
  }

In this piece of code, aMetrics.mOverflowArea is updated, but aMetrics.mFlags is not. I'm suspecting that this will cause inconsistency problems.

Reproducible: Always

Steps to Reproduce:
I found this suspicious spot with the help of a code-analysis tool.
Actual Results:  
I found this suspicious spot with the help of a code-analysis tool.

Expected Results:  
I found this suspicious spot with the help of a code-analysis tool.

I found this suspicious spot with the help of a code-analysis tool.

Comment 1

[marcie64]

a you ve need a transmission path to resolve the flag [problem]<search:mflags.exe>