Closed Bug 686513 Opened 14 years ago Closed 14 years ago

RenderFrameParent::BuildDisplayList crash when shadow root layer is null

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla9

People

(Reporter: romaxa, Assigned: romaxa)

Details

Attachments

(1 file)

Possible fix
1.28 KB, patch
roc
: review+
roc
: feedback+
Details | Diff | Splinter Review
While playing with MediaBridge I found case when RenderFrameParent::BuildDisplayList crashes because GetRootLayer() return null; #6 mozilla::layout::GetFrameMetrics (aLayer=0x0) at layout/ipc/RenderFrameParent.cpp:168 #7 0xb5ad3120 in mozilla::layout::BuildListForLayer (aLayer=0x0, aRootFrameLoader=0xad8a7280, aTransform=..., aBuilder=0xbf8149c4, aShadowTree=..., aSubdocFrame=0xac05b710) at layout/ipc/RenderFrameParent.cpp:237 #8 0xb5ad3fbd in mozilla::layout::RenderFrameParent::BuildDisplayList (this=0xa88d6740, aBuilder=0xbf8149c4, aFrame=0xac05b710, aDirtyRect=..., aLists=...) at layout/ipc/RenderFrameParent.cpp:819 #9 0xb5ab895c in nsSubDocumentFrame::BuildDisplayList (this=0xac05b710, aBuilder=0xbf8149c4, aDirtyRect=..., aLists=...) at layout/generic/nsSubDocumentFrame.cpp:281 #10 0xb5a73913 in nsIFrame::BuildDisplayListForStackingContext (this=0xac05b710, aBuilder=0xbf8149c4, aDirtyRect=..., aList=0xbf80fc98) at layout/generic/nsFrame.cpp:1585 #11 0xb5a74645 in nsIFrame::BuildDisplayListForChild (this=0xac05b6a0, aBuilder=0xbf8149c4, aChild=0xac05b710, aDirtyRect=..., aLists=..., aFlags=2) at layout/generic/nsFrame.cpp:1878 #12 0xb5b8fd41 in nsStackFrame::BuildDisplayListForChildren (this=0xac05b6a0, aBuilder=0xbf8149c4, aDirtyRect=..., aLists=...) at layout/xul/base/src/nsStackFrame.cpp:93 #13 0xb5b8c068 in nsBoxFrame::BuildDisplayList (this=0xac05b6a0, aBuilder=0xbf8149c4, aDirtyRect=..., aLists=...) at layout/xul/base/src/nsBoxFrame.cpp:1332 #14 0xb5a73913 in nsIFrame::BuildDisplayListForStackingContext (this=0xac05b6a0, aBuilder=0xbf8149c4, aDirtyRect=..., aList=0xbf810268)
Attached patch Possible fixSplinter Review
Here is possible fix for this issue, not sure if that is correct, probably real problem hiding somewhere else..
Attachment #560016 - Flags: feedback?(roc)
Comment on attachment 560016 [details] [diff] [review] Possible fix Review of attachment 560016 [details] [diff] [review]: ----------------------------------------------------------------- Seems good.
Attachment #560016 - Flags: review+
Attachment #560016 - Flags: feedback?(roc)
Attachment #560016 - Flags: feedback+
Keywords: checkin-needed
Author and commit message added; now in my queue of bits and pieces for try then inbound.
Assignee: nobody → romaxa
Status: NEW → ASSIGNED
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/d9a39885a9d2
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: