Closed
Bug 384728
Opened 17 years ago
Closed 17 years ago
[FIX]Crash [@ nsContentUtils::ContentIsDescendantOf] with CSS counters, <svg:use>
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha8
People
(Reporter: jruderman, Assigned: bzbarsky)
References
Details
(Keywords: assertion, crash, testcase)
Crash Data
Attachments
(2 files)
511 bytes,
image/svg+xml
|
Details | |
1.03 KB,
patch
|
tor
:
review+
tor
:
superreview+
|
Details | Diff | Splinter Review |
###!!! ASSERTION: null check on startContent should be sufficient to null check nodeContent as well, since if nodeContent is for the root, startContent (which is before it) must be too: 'nodeContent || !startContent', file /Users/jruderman/trunk/mozilla/layout/base/nsCounterManager.cpp, line 145 ###!!! ASSERTION: The possible descendant is null!: 'aPossibleDescendant', file /Users/jruderman/trunk/mozilla/content/base/src/nsContentUtils.cpp, line 1144 Crash 0 nsINode::GetNodeParent 1 nsContentUtils::ContentIsDescendantOf 2 nsCounterList::SetScope ... The crash is similar to the crash in bug 383129. The combination of <svg:use> and counters causing trouble reminds me of bug 380101.
Assignee | ||
Comment 1•17 years ago
|
||
So in this case, startContent is nsSVGDefsElement and nodeContent is null. In this case, the nsSVGGElement which is aNode->mPseudoFrame->GetContent() has no parent. aNode->mPseudoFrame is an nsSVGGFrame* which DOES have a parent, which is a nsSVGUseFrame. Sounds like perhaps nsSVGUseFrame::Destroy should destroy self before destroying the anon content, to avoid violating layout invariants...
Assignee | ||
Comment 2•17 years ago
|
||
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Attachment #268725 -
Flags: superreview?
Attachment #268725 -
Flags: review?
Assignee | ||
Updated•17 years ago
|
Attachment #268725 -
Flags: superreview?(tor)
Attachment #268725 -
Flags: superreview?
Attachment #268725 -
Flags: review?(tor)
Attachment #268725 -
Flags: review?
Assignee | ||
Updated•17 years ago
|
Component: Style System (CSS) → SVG
QA Contact: style-system → general
Summary: Crash [@ nsContentUtils::ContentIsDescendantOf] with CSS counters, <svg:use> → [FIX]Crash [@ nsContentUtils::ContentIsDescendantOf] with CSS counters, <svg:use>
Target Milestone: --- → mozilla1.9beta1
Attachment #268725 -
Flags: superreview?(tor)
Attachment #268725 -
Flags: superreview+
Attachment #268725 -
Flags: review?(tor)
Attachment #268725 -
Flags: review+
Assignee | ||
Comment 3•17 years ago
|
||
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Updated•17 years ago
|
Flags: in-testsuite?
Updated•13 years ago
|
Crash Signature: [@ nsContentUtils::ContentIsDescendantOf]
You need to log in
before you can comment on or make changes to this bug.
Description
•