Status

()

Core
Layout
UNCONFIRMED
11 years ago
10 years ago

People

(Reporter: Chongfeng Hu, Unassigned)

Tracking

1.8 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Build Identifier: firef0x 2.0.0.1

I checked part of the code of firefox, and found that in struct nsHTMLReflowMetrics, which is defined in file layout/generic/nsHTMLReflowMetrics.h, there are two important fields: mOverflowArea and mFlags. Usually when mOverflowArea is updated, mFlags should also be updated. However, in file layout/generic/nsFrame.cpp, in function PRBool nsFrame::IsFrameTreeTooDeep(const nsHTMLReflowState& aReflowState, nsHTMLReflowMetrics& aMetrics), I saw the following code:

  if (aReflowState.mReflowDepth >  MAX_FRAME_DEPTH) {
    mState |= NS_FRAME_IS_UNFLOWABLE;
    mState &= ~NS_FRAME_OUTSIDE_CHILDREN;
    aMetrics.width = 0;
    aMetrics.height = 0;
    aMetrics.ascent = 0;
    aMetrics.descent = 0;
    aMetrics.mCarriedOutBottomMargin.Zero();
    aMetrics.mOverflowArea.x = 0;
    aMetrics.mOverflowArea.y = 0;
    aMetrics.mOverflowArea.width = 0;
    aMetrics.mOverflowArea.height = 0;
    if (aMetrics.mComputeMEW) {
      aMetrics.mMaxElementWidth = 0;
    }
    return PR_TRUE;
  }

In this piece of code, aMetrics.mOverflowArea is updated, but aMetrics.mFlags is not. I'm suspecting that this will cause inconsistency problems.

Reproducible: Always

Steps to Reproduce:
I found this suspicious spot with the help of a code-analysis tool.
Actual Results:  
I found this suspicious spot with the help of a code-analysis tool.

Expected Results:  
I found this suspicious spot with the help of a code-analysis tool.

I found this suspicious spot with the help of a code-analysis tool.
Component: General → Layout
Product: Firefox → Core
QA Contact: general → layout
Version: unspecified → 1.8 Branch

Comment 1

10 years ago
a you ve need a transmission path to resolve the flag [problem]<search:mflags.exe>
You need to log in before you can comment on or make changes to this bug.