588337 - content/base/crashtests/443538-1.svg and dom/base/crashtests/90613-1.html assert "This is unsafe! Fix the caller!" with 130078

Status: RESOLVED FIXED

(Core :: Layout, defect)

Description

[Timothy Nikkel (:tnikkel)]

Attachment: assertion stack

I've only analyzed in detail the 443538-1.svg problem, but the assertion stack for 90613-1.html looks almost identical.

The assertion is actually caused by the previous test: content/base/crashtests/426987-1.html. It has an iframe whose unload handler sets the parent documents body overflow to auto. This reconstructs the body and the subdocument frame on a refresh driver notify. When we recreate the document in the iframe the container view is null and so is the mParentWidget so DocumentViewerImpl::MakeWindow actually creates a widget for the subdocument (!). When the next test is shown and this test is destroyed we destroy that widget, which calls into Windows code, and Windows is nice enough to send us back a focus event synchronously, which we try to dispatch, and it is of course not a good time for that.

We should really be more intentional about when we want to create widgets (ie almost never). But for now I hope we can get away with something minimal.

FindContainerView returns null because our docshell does not have a parent docshell. We only need the parent docshell to get the parent presshell. But we can get the parent presshell in a number of ways via containerElement (via its document or its primary frame to name two). Does that sound reasonable?

Comment 1

[Robert O'Callahan (:roc) (email my personal email if necessary)]

Yes.

Comment 2

[Timothy Nikkel (:tnikkel)]

Attachment: patch

Comment 3

[Timothy Nikkel (:tnikkel)]

http://hg.mozilla.org/mozilla-central/rev/b83204f7bf0a