Closed
Bug 377833
Opened 17 years ago
Closed 17 years ago
Crash on SVG element nested in a xul:stack
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: zzxc, Assigned: longsonr)
Details
Attachments
(2 files, 1 obsolete file)
869 bytes,
application/xml
|
Details | |
1.58 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a4pre) Gecko/20070411 Minefield/3.0a4pre Build Identifier: Putting HTML inside an xul element inside an svg:foreignObject inside an svg:svg element inside an xul:stack element inside an xul:window crashes Firefox in trunk builds. (see attached testcase) Reproducible: Always Steps to Reproduce: 1.Load testcase 2.Firefox crashes 3.
Reporter | ||
Comment 1•17 years ago
|
||
Reporter | ||
Updated•17 years ago
|
Severity: major → critical
This is happening because nsStackLayout::AddOffset is adding NS_STATE_STACK_NOT_POSITIONED to its children, an outer <svg> in this case. That state bit is treated as NS_STATE_SVG_CLIPPED_TRIVIAL by the SVG code, and things quickly go wrong.
Comment 3•17 years ago
|
||
So the simple fix is to not add that bit to kids that are not IsBoxFrame(). That said, this optimization seems to be broken in general -- it doesn't detect changes to the "left" and "top" style properties.... Maybe we can just remove it? Especially once we start mapping XUL attrs into style? Also, is this a problem on branch too?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.9?
Reporter | ||
Updated•17 years ago
|
Summary: Nested SVG and XUL elements cause crash. → Crash on SVG element in a xul:stack (Nested SVG and XUL elements cause crash)
Assignee | ||
Comment 4•17 years ago
|
||
This would be trunk only. SVG does not use state bits on the branch.
Assignee | ||
Comment 5•17 years ago
|
||
There seem to be various places GetChildBox is called which don't check whether the child is a box frame and then set/get state bits. This fixes the crash. I'm not sure how to test the other changes.
Attachment #261934 -
Flags: superreview?(bzbarsky)
Attachment #261934 -
Flags: review?(bzbarsky)
Updated•17 years ago
|
Summary: Crash on SVG element in a xul:stack (Nested SVG and XUL elements cause crash) → Crash on SVG element nested in a xul:stack
Comment 6•17 years ago
|
||
Comment on attachment 261934 [details] [diff] [review] patch >- if ((box->GetStateBits() & (NS_FRAME_IS_DIRTY | NS_FRAME_HAS_DIRTY_CHILDREN)) || childRect.width < clientRect.width) { >+ if ((child->IsBoxFrame() && >+ (child->GetStateBits() & (NS_FRAME_IS_DIRTY | NS_FRAME_HAS_DIRTY_CHILDREN))) || >+ childRect.width < clientRect.width) { This change is wrong. Those are generic nsIFrame bits, not box-specific bits. So you want to check them for all frames. Otherwise, e.g., modifying the width or height of an <svg> in a listbox won't work right. In fact, none of the changes to nsListBoxLayout.cpp are needed that I can see. Same for nsSprocketLayout. Please parenthesize the first nsStackLayout change so people don't have to remember whether && or & binds stronger. The third nsStackLayout change is wrong just like the listboxlayout and sprocket layout changes.
Attachment #261934 -
Flags: superreview?(bzbarsky)
Attachment #261934 -
Flags: superreview-
Attachment #261934 -
Flags: review?(bzbarsky)
Attachment #261934 -
Flags: review-
Assignee | ||
Comment 7•17 years ago
|
||
Assignee: general → longsonr
Attachment #261934 -
Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #262102 -
Flags: superreview?(bzbarsky)
Attachment #262102 -
Flags: review?(bzbarsky)
Comment 8•17 years ago
|
||
Comment on attachment 262102 [details] [diff] [review] address review comments Looks good!
Attachment #262102 -
Flags: superreview?(bzbarsky)
Attachment #262102 -
Flags: superreview+
Attachment #262102 -
Flags: review?(bzbarsky)
Attachment #262102 -
Flags: review+
Assignee | ||
Comment 9•17 years ago
|
||
checked in
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Updated•17 years ago
|
Flags: in-testsuite?
Updated•17 years ago
|
Flags: blocking1.9?
You need to log in
before you can comment on or make changes to this bug.
Description
•