Closed
Bug 386475
Opened 17 years ago
Closed 17 years ago
Crash [@ nsRect::nsRect] [@ nsSVGFilterProperty::GetRect]
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Assigned: longsonr)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(2 files, 2 obsolete files)
|
491 bytes,
application/xhtml+xml
|
Details | |
|
1.80 KB,
patch
|
tor
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
Loading the testcase crashes Firefox (Mac trunk). Thread 0 Crashed: 0 nsRect::nsRect[in-charge](nsRect const&) + 47 (nsRect.h:61) 1 nsSVGFilterProperty::GetRect() + 30 (nsSVGUtils.cpp:174) 2 nsSVGUtils::FindFilterInvalidation(nsIFrame*) + 132 (nsSVGUtils.cpp:789) 3 nsSVGForeignObjectFrame::UpdateGraphic() + 263 (nsSVGForeignObjectFrame.cpp:544) 4 nsSVGForeignObjectFrame::NotifyRedrawUnsuspended() + 64 (nsSVGForeignObjectFrame.cpp:406) 5 nsSVGDisplayContainerFrame::NotifyRedrawUnsuspended() + 75 (nsSVGContainerFrame.cpp:275) 6 nsSVGOuterSVGFrame::UnsuspendRedraw() + 136 (nsSVGOuterSVGFrame.cpp:522)
|
Assignee | |
Comment 1•17 years ago
|
||
When we resolve em units the side effect is to flush layout, in this case that destroys the frame we are processing because there is an unflushed change to layout. Possible solutions I see would be one of: a) Flush before we try to do the outer frame NotifyViewPortChange b) Rewrite the em units code not to flush.
|
|
Assignee | |
Comment 2•17 years ago
|
||
Comment on attachment 270728 [details] [diff] [review] option a) flush layout changes I don't think I know enough about the possible side effects of pushing flushes to usefully review this change.
|
||
Comment 4•17 years ago
|
||
That patch looks wrong, in that after that flush call |this| could be dead, so accessing mContent is bad...
|
|
Assignee | |
Comment 5•17 years ago
|
||
Avoid calling the function that flushes altogether then.
Attachment #270728 -
Attachment is obsolete: true
Attachment #270799 -
Flags: review?(tor)
Attachment #270728 -
Flags: review?(tor)
|
|
||
Comment 6•17 years ago
|
||
Assuming the code in question will handle a future reresolve or reframe correctly, and that you don't need this style for display:none things, that seems like absolutely the way to go.
|
|
Assignee | |
Comment 7•17 years ago
|
||
Attachment #270799 -
Attachment is obsolete: true
Attachment #270863 -
Flags: review?(tor)
Attachment #270799 -
Flags: review?(tor)
|
|
Assignee | |
Updated•17 years ago
|
Attachment #270863 -
Flags: superreview?(bzbarsky)
|
|
Assignee | |
Comment 8•17 years ago
|
||
(In reply to comment #6) > Assuming the code in question will handle a future reresolve or reframe > correctly, and that you don't need this style for display:none things, that > seems like absolutely the way to go. > The when the reframe occurs we just go again with the new frame layout. We have various problems with things in defs elements being set to display:none and then referenced. I don't think this will make things any worse.
|
|
||
Comment 9•17 years ago
|
||
Comment on attachment 270863 [details] [diff] [review] updated patch (remove unnecessary includes) Looks great!
Attachment #270863 -
Flags: superreview?(bzbarsky) → superreview+
Attachment #270863 -
Flags: review?(tor) → review+
|
|
Assignee | |
Comment 10•17 years ago
|
||
checked in.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
||
Updated•17 years ago
|
Flags: in-testsuite?
|
||
Updated•13 years ago
|
Crash Signature: [@ nsRect::nsRect]
[@ nsSVGFilterProperty::GetRect]
You need to log in
before you can comment on or make changes to this bug.
Description
•