Closed Bug 620274 Opened 14 years ago Closed 12 years ago

nsSVGForeignObjectFrame::PaintSVG needlessly checks aDirtyRect

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: timeless, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: coverity)

Attachments

(2 obsolete files) 

198 nsSVGForeignObjectFrame::PaintSVG(nsSVGRenderState *aContext,
199                                   const nsIntRect *aDirtyRect)

218   /* Check if we need to draw anything. */

null check:
219   if (aDirtyRect) {
220     PRInt32 appUnitsPerDevPx = PresContext()->AppUnitsPerDevPixel();
221     if (!mRect.ToOutsidePixels(appUnitsPerDevPx).Intersects(*aDirtyRect))
222       return NS_OK;
223   }

no null check:
247   gfxRect transDirtyRect = gfxRect(aDirtyRect->x, aDirtyRect->y,
248                                    aDirtyRect->width, aDirtyRect->height);
Severity: critical → minor
Keywords: crash
Attached patch patch (obsolete) — Splinter Review 
There's no caller of the method that passes non-null as aDirtyRect.
Attachment #528000 - Flags: review?(dholbert)
Comment on attachment 528000 [details] [diff] [review]
patch

> NS_IMETHODIMP
> nsSVGForeignObjectFrame::PaintSVG(nsSVGRenderState *aContext,
>                                   const nsIntRect *aDirtyRect)
> {
>+  NS_PRECONDITION(aDirtyRect, "We expect aDirtyRect to be non-null");
>+

I think I'd prefer NS_ABORT_IF_FALSE, but I won't hold you to that. :)
Attachment #528000 - Flags: review?(dholbert) → review+
Attached patch hg changeset patch (obsolete) — Splinter Review 
Assignee: nobody → longsonr

        Attachment #528000 -
        Attachment is obsolete: true
Summary: crash [@ nsSVGForeignObjectFrame::PaintSVG] if !aDirtyRect → nsSVGForeignObjectFrame::PaintSVG needlessly checks !aDirtyRect
Summary: nsSVGForeignObjectFrame::PaintSVG needlessly checks !aDirtyRect → nsSVGForeignObjectFrame::PaintSVG needlessly checks aDirtyRect

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/f23ef87dcfb3
Status: NEW → RESOLVED
Closed: 13 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla6

    
  
Depends on: 667324

    
    

    
  
Backed out https://hg.mozilla.org/integration/mozilla-inbound/rev/24365794891f to fix bug 667324
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

        Attachment #528018 -
        Attachment is obsolete: true
Assignee: longsonr → nobody
Target Milestone: mozilla6 → ---

    
    

    
  
So if you have a foreignObject in a pattern then you can get a call with aDirtyRect null. That seems to be the only case. I don't think foreignObject works at all in a pattern though as IsDisabled() will always be true since the foreignObject's mRect won't be initialised currently.

    
    

    
  
The null checks are needed, and in fact were extended in bug 716527.
Status: REOPENED → RESOLVED
Closed: 13 years ago12 years ago
Resolution: --- → INVALID

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: