Closed
Bug 671484
Opened 13 years ago
Closed 7 years ago
ASSERTION: root should not have auto-height containing block: 'aCBSize.height != NS_AUTOHEIGHT'
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: bc, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(4 files)
target.svg
1. Load testcase
Uses window.open to load the target.svg then calls sizeToContent() on it.
ABORT: root should not have auto-height containing block: 'aCBSize.height != NS_AUTOHEIGHT', file /work/mozilla/builds/nightly/mozilla/layout/svg/base/src/nsSVGOuterSVGFrame.cpp, line 342
#4 0x05be93d5 in nsSVGOuterSVGFrame::ComputeSize (this=0xd00158, aRenderingContext=0x25402270, aCBSize={<mozilla::gfx::BaseSize<int,nsSize>> = {width = 0, height = 1073741824}, <No data fields>}, aAvailableWidth=0, aMargin={<mozilla::gfx::BaseSize<int,nsSize>> = {width = 0, height = 0}, <No data fields>}, aBorder={<mozilla::gfx::BaseSize<int,nsSize>> = {width = 0, height = 0}, <No data fields>}, aPadding={<mozilla::gfx::BaseSize<int,nsSize>> = {width = 0, height = 0}, <No data fields>}, aShrinkWrap=0) at /work/mozilla/builds/nightly/mozilla/layout/svg/base/src/nsSVGOuterSVGFrame.cpp:341
#5 0x051af24e in nsHTMLReflowState::InitConstraints (this=0xbfffa7d4, aPresContext=0xce3e00, aContainingBlockWidth=0, aContainingBlockHeight=1073741824, aBorder=0x0, aPadding=0x0) at /work/mozilla/builds/nightly/mozilla/layout/generic/nsHTMLReflowState.cpp:1863
#6 0x051af540 in nsHTMLReflowState::Init (this=0xbfffa7d4, aPresContext=0xce3e00, aContainingBlockWidth=-1, aContainingBlockHeight=-1, aBorder=0x0, aPadding=0x0) at /work/mozilla/builds/nightly/mozilla/layout/generic/nsHTMLReflowState.cpp:282
#7 0x051afa08 in nsHTMLReflowState::nsHTMLReflowState (this=0xbfffa7d4, aPresContext=0xce3e00, aParentReflowState=@0xbfffaad8, aFrame=0xd00158, aAvailableSpace=@0xbfffa91c, aContainingBlockWidth=-1, aContainingBlockHeight=-1, aInit=1) at /work/mozilla/builds/nightly/mozilla/layout/generic/nsHTMLReflowState.cpp:175
#8 0x051a9361 in nsCanvasFrame::Reflow (this=0xcf9fb0, aPresContext=0xce3e00, aDesiredSize=@0xbfffac24, aReflowState=@0xbfffaad8, aStatus=@0xbfffab90) at /work/mozilla/builds/nightly/mozilla/layout/generic/nsCanvasFrame.cpp:473
#
|
Reporter | |
Comment 1•13 years ago
|
||
|
||
Comment 3•13 years ago
|
||
Is the testcase supposed to crash? It doesn't crash in current trunk build at least.
|
|
Reporter | |
Comment 4•13 years ago
|
||
Martijn, are you using a debug build?
|
|
||
Comment 5•13 years ago
|
||
No, is it only crashing in debug builds?
|
|
Reporter | |
Comment 6•13 years ago
|
||
Yes, the ABORT is a debug only fatal assertion. I think you need browser.link.open_newwindow 0 to see the abort. I just reproduced on Mac and Windows beta, aurora, nightly.
|
||
Comment 7•13 years ago
|
||
The unconstrained height seems intentional, it comes from here: http://mxr.mozilla.org/mozilla-central/source/layout/base/nsDocumentViewer.cpp#3281 I'm hitting this a lot when fuzz testing with cross_fuzz, so let's make it into an assertion for now...
|
|
||
Comment 8•13 years ago
|
||
Attachment #565945 -
Flags: review?(longsonr)
|
||
Comment 9•13 years ago
|
||
Comment on attachment 565945 [details] [diff] [review] wallpaper: assert instead of abort jwatt is a better reviewer for SVG reflow interaction.
Attachment #565945 -
Flags: review?(longsonr) → review?(jwatt)
|
||
Comment 10•13 years ago
|
||
Mats, I'm having trouble getting crossfuzz to hit this abort. Do you have a stack handy? I'd like to see if there isn't an simple cause and easy fix before checking this patch in.
|
|
Reporter | |
Comment 11•13 years ago
|
||
jwatt: see the test case.
|
|
||
Comment 12•13 years ago
|
||
jwatt: the profile you use for cross_fuzz testing needs a few prefs: "block popup windows" = off "open new windows in a new tab instead" = off "allow scripts to" (Content/JavaScript Advanced dialog): turn on all "slow script warning" = off The root cause seems to be that DocumentViewerImpl::SizeToContent() does an intentional unconstrained height reflow: http://mxr.mozilla.org/mozilla-central/source/layout/base/nsDocumentViewer.cpp#3260 3260 nsresult rv = presShell->ResizeReflow(prefWidth, NS_UNCONSTRAINEDSIZE); 3261 NS_ENSURE_SUCCESS(rv, rv); Let me know if you can't reproduce it with the attached testcase and I'll dig up the exact stack.
|
|
||
Comment 13•13 years ago
|
||
Reproducible in 10-20 seconds in m-c debug build on WinXP using this URL: file://.../cross_fuzz_randomized_20110105_seed.html#-501598811
|
|
||
Updated•13 years ago
|
Attachment #565945 -
Flags: review?(jwatt) → review?(roc)
Comment on attachment 565945 [details] [diff] [review] wallpaper: assert instead of abort Review of attachment 565945 [details] [diff] [review]: ----------------------------------------------------------------- OK, but this shouldn't be too hard to fix for real.
Attachment #565945 -
Flags: review?(roc) → review+
|
|
||
Comment 15•13 years ago
|
||
David added the NS_ABORT_IF_FALSE in https://hg.mozilla.org/mozilla-central/rev/58fe3ede72f8 Any thoughts on this David?
|
|
||
Comment 16•13 years ago
|
||
Pushed the wallpaper to inbound: https://hg.mozilla.org/integration/mozilla-inbound/rev/3cc7e91d6090 To whoever merges that to mozilla-central - please leave the bug open.
|
||
Comment 17•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/3cc7e91d6090
Target Milestone: --- → mozilla10
|
|
||
Updated•13 years ago
|
Target Milestone: mozilla10 → ---
|
||
Updated•13 years ago
|
Summary: ABORT: root should not have auto-height containing block: 'aCBSize.height != NS_AUTOHEIGHT' → ASSERTION: root should not have auto-height containing block: 'aCBSize.height != NS_AUTOHEIGHT'
|
||
Comment 18•7 years ago
|
||
Nothing shows in the console when loading this testcase with a debug build nowadays.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•