Closed
Bug 529387
Opened 15 years ago
Closed 15 years ago
Crash [@ GetCSSComputedValue] with xmlhttprequest, and "ABORT: actively animated document w/ no window"
Categories
(Core :: SVG, defect)
Core
SVG
Tracking
()
RESOLVED
FIXED
People
(Reporter: martijn.martijn, Assigned: dholbert)
References
Details
(Keywords: assertion, crash, testcase)
Crash Data
Attachments
(3 files, 2 obsolete files)
227 bytes,
image/svg+xml
|
Details | |
2.13 KB,
patch
|
roc
:
review+
|
Details | Diff | Splinter Review |
4.49 KB,
patch
|
Details | Diff | Splinter Review |
See testcase which crashes current trunk build on load. http://crash-stats.mozilla.com/report/index/9b60501c-c3ff-4aa5-8835-886182091117 0 xul.dll GetCSSComputedValue 1 xul.dll nsSMILCSSProperty::GetBaseValue 2 xul.dll nsSMILAnimationFunction::WillReplace 3 xul.dll nsSMILCompositor::ComposeAttribute
Assignee | ||
Comment 1•15 years ago
|
||
When viewing this testcase in a debug build, I hit this NS_ABORT_IF_FALSE:
> ###!!! ABORT: actively animated document w/ no window: 'win', file ../../../mozilla/content/smil/nsSMILCSSProperty.cpp, line 77
Keywords: assertion
Summary: Crash [@ GetCSSComputedValue] with xmlhttprequest → Crash [@ GetCSSComputedValue] with xmlhttprequest, and "ABORT: actively animated document w/ no window"
Assignee | ||
Updated•15 years ago
|
Assignee: nobody → dholbert
Status: NEW → ASSIGNED
OS: Windows XP → All
Hardware: x86 → All
Assignee | ||
Comment 2•15 years ago
|
||
Assignee | ||
Comment 3•15 years ago
|
||
Assignee | ||
Comment 4•15 years ago
|
||
Comment on attachment 414904 [details]
testcase 2 [doesn't actually reproduce bug]
Hrm -- so this testcase apparently doesn't reproduce the bug when hosted on Bugzilla, but it does on my local machine. (with the request modified to refer to a local copy of the "helper" file).
Anyway, the local copy of this testcase demonstrates that we fail, given a single <animate> node (targeting a CSS property) within an XMLHttpRequested SVG document.
Attachment #414904 -
Attachment description: testcase 2 → testcase 2 [doesn't actually reproduce bug]
Assignee | ||
Comment 5•15 years ago
|
||
So here's what basically happens in this bug: We fire off an XMLHttpRequest for an SVG file that contains animations. This file is loaded into a separate nsXMLDocument. We start its animations when the request finishes loading. (via a call to "nsSVGSVGElement::PreHandleEvent" for the NS_SVG_LOAD event) However, the problem is that this new nsXMLDocument lacks a nsPIDOMWindow -- not only at load-time, but for the rest of time after that as well. (at least in the attached testcases.) So, we end up running animations in a nsXMLDocument that has no nsPIDOMWindow. This is bad because "GetCSSComputedValue" function needs (and assumes we have) a nsPIDOMWindow in order to look up base values of CSS properties. We could of course avoid the crash by bailing out of GetCSSComputedValue if we lack a nsPIDOMWindow.... However, I tend to think we shouldn't be running SVG animations in XMLHttpRequested documents in the first place.
Assignee | ||
Updated•15 years ago
|
Attachment #414904 -
Attachment is obsolete: true
Assignee | ||
Updated•15 years ago
|
Attachment #414903 -
Attachment is obsolete: true
Comment 6•15 years ago
|
||
(In reply to comment #5) > However, the problem is that this new nsXMLDocument lacks a nsPIDOMWindow -- > not only at load-time, but for the rest of time after that as well. (at least > in the attached testcases.) Data documents don't have window. (Well, clone-doc-for-printing will be an exception.) Documents loaded using XHR are data documents. > However, I tend to think we shouldn't be running SVG > animations in XMLHttpRequested documents in the first place. Indeed. I thought animations were somehow bound to presentation, but apparently they aren't. (Data documents don't have presentation, excluding clone-doc-for-printing).
Comment 7•15 years ago
|
||
(In reply to comment #5) > However, I tend to think we shouldn't be running SVG > animations in XMLHttpRequested documents in the first place. Agreed.
Assignee | ||
Comment 8•15 years ago
|
||
Ok -- this patch makes us refuse to create an Animation Controller for data documents. (nsDocuments with mLoadedAsData == true)
Attachment #414920 -
Flags: review?(roc)
Comment 10•15 years ago
|
||
Bug 487667 has similar fix for SMIL handling.
Comment 11•15 years ago
|
||
Daniel, we should have defined behavior for animation related objects/interfaces in data documents if we're not going to crash. ;-) Can you change the test to something that checks the animated value half way through the animation and check that it has the same value as the base value. Maybe also check that getCurrentTime returns zero at that point too. Olli, do you mind if we land this separately with tests? Seems like it shouldn't be too hard to merge and will give more useful hg blame.
Attachment #414920 -
Flags: review?(roc) → review+
Assignee | ||
Comment 12•15 years ago
|
||
Here's a mochitest to assert that animations are ineffective in a XMLHttpRequested document, as suggested by jwatt.
Comment 13•15 years ago
|
||
(In reply to comment #11) > Olli, do you mind if we land this separately with tests? Seems like it > shouldn't be too hard to merge and will give more useful hg blame. This can land separately. I'll just remove one part of the fix for Bug 487667.
Comment 14•15 years ago
|
||
http://codinginparadise.org/projects/svgweb/samples/demo.html?name=svgopen&svg.render.forceflash=true reproduces this on Mac at least.
Whiteboard: [needs landing]
Assignee | ||
Comment 15•15 years ago
|
||
(I have this in a queue of patches that are all waiting to land once m-c reopens)
Assignee | ||
Comment 16•15 years ago
|
||
Landed fix with crashtest: http://hg.mozilla.org/mozilla-central/rev/a7b3540b0365 Mochitest in separate changeset: http://hg.mozilla.org/mozilla-central/rev/6b63d9d09d37
Whiteboard: [needs landing]
Assignee | ||
Updated•15 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Updated•13 years ago
|
Crash Signature: [@ GetCSSComputedValue]
You need to log in
before you can comment on or make changes to this bug.
Description
•