Closed
Bug 399863
Opened 17 years ago
Closed 17 years ago
We frequently call InitialUpdate() more than once on SVG frames
Categories
(Core :: SVG, defect)
Core
SVG
Tracking
()
RESOLVED
FIXED
People
(Reporter: jwatt, Assigned: jwatt)
References
Details
(Keywords: perf)
Attachments
(2 files)
7.19 KB,
patch
|
tor
:
review+
roc
:
review+
roc
:
superreview+
|
Details | Diff | Splinter Review |
7.80 KB,
patch
|
roc
:
approval1.9+
|
Details | Diff | Splinter Review |
We often call InitialUpdate more than once on some SVG frames. We call InitialUpdate under two different circumstances: 1) When DidReflow is called for the first time on an SVG document fragment's nsSVGOuterSVGFrame we call InitialUpdate on all the SVG frames in that fragment. 2) When an SVG frame is inserted into the frame tree and the parent SVG frame already has child frames, nsSVGDisplayContainerFrame::InsertFrames calls InitialUpdate on the new frames once they've been inserted. Since #2 can happen during parsing before the document has loaded, we can get a parser initiated InitialUpdate on frames followed by the InitialUpdate triggered by nsSVGOuterSVGFrame::DidReflow. Really we want to ignore the InitialUpdate call from nsSVGDisplayContainerFrame::InsertFrames if the fragment's nsSVGOuterSVGFrame hasn't received it's initial reflow.
Assignee | ||
Comment 1•17 years ago
|
||
We can probably ignore the nsSVGDisplayContainerFrame::InsertFrames calls when we need to without using nsSVGUtils::GetOuterSVGFrame if we make InitialUpdate remove the NS_FRAME_FIRST_REFLOW bit from SVG frames.
Assignee: nobody → jwatt
Assignee | ||
Comment 2•17 years ago
|
||
This issue is getting in the way of fixing bug 389198, and it's responsible for bugs such as nsSVGForeignObjectFrame being reflowed during frame construction when the tree is in an inconsistent state. According to Boris that's likely to result in broken reflow and risks (possibly exploitable) crashes.
Assignee | ||
Comment 3•17 years ago
|
||
InitialUpdate already removes the NS_FRAME_FIRST_REFLOW bit from SVG frames, so we just need to change nsSVGDisplayContainerFrame::InsertFrames to check for it. I've thrown in some assertions for bonus points.
Attachment #284958 -
Flags: superreview?(roc)
Attachment #284958 -
Flags: review?(tor)
Attachment #284958 -
Flags: review?(tor) → review+
Attachment #284958 -
Flags: superreview?(roc)
Attachment #284958 -
Flags: superreview+
Attachment #284958 -
Flags: review+
Assignee | ||
Comment 4•17 years ago
|
||
Having the assertions call nsSVGUtils::GetOuterSVGFrame for every frame makes loading SVG painfully slow, and it doesn't provide protection against InitialUpdate being called more than once. I've copied the outerSVGFrame assertion to DoReflow so it more directly protects against reflowing at the wrong time, and changed the other assertions to check that InitialUpdate is not called twice.
Attachment #284994 -
Flags: approval1.9?
Attachment #284994 -
Flags: approval1.9? → approval1.9+
Assignee | ||
Comment 5•17 years ago
|
||
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Flags: blocking1.9?
Resolution: --- → FIXED
Summary: We can call InitialUpdate() more than once on SVG frames → We frequently call InitialUpdate() more than once on SVG frames
regression from 20071015_1517_firefox-3.0a9pre.en-US.win32.zip check-in for this or bug 296818 cause crash. http://crash-stats.mozilla.com/report/index/6c1ddbca-7b80-11dc-901b-001a4bd43ef6 (URL is wrong, correct URL is http://blog.livedoor.jp/ayase_shiori/)
Assignee | ||
Comment 7•17 years ago
|
||
The problem was with bug 296818.
Comment 8•17 years ago
|
||
Backed out as part of the quest to find the Tp regression.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 9•17 years ago
|
||
Given this has been backed out, receives is misspelled in the comment in nsISVGChildFrame.h
Assignee | ||
Comment 10•17 years ago
|
||
Heh. Thanks.
Assignee | ||
Comment 11•17 years ago
|
||
Checked in again.
Status: REOPENED → RESOLVED
Closed: 17 years ago → 17 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•