Closed Bug 686513 Opened 13 years ago Closed 13 years ago

RenderFrameParent::BuildDisplayList crash when shadow root layer is null

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla9

People

(Reporter: romaxa, Assigned: romaxa)

Details

Attachments

(1 file)

Possible fix
1.28 KB, patch
roc
: review+
roc
: feedback+
Details | Diff | Splinter Review 
While playing with MediaBridge I found case when RenderFrameParent::BuildDisplayList crashes because GetRootLayer() return null;

#6  mozilla::layout::GetFrameMetrics (aLayer=0x0) at layout/ipc/RenderFrameParent.cpp:168
#7  0xb5ad3120 in mozilla::layout::BuildListForLayer (aLayer=0x0, aRootFrameLoader=0xad8a7280, aTransform=..., aBuilder=0xbf8149c4, aShadowTree=..., aSubdocFrame=0xac05b710)
    at layout/ipc/RenderFrameParent.cpp:237
#8  0xb5ad3fbd in mozilla::layout::RenderFrameParent::BuildDisplayList (this=0xa88d6740, aBuilder=0xbf8149c4, aFrame=0xac05b710, aDirtyRect=..., aLists=...)
    at layout/ipc/RenderFrameParent.cpp:819
#9  0xb5ab895c in nsSubDocumentFrame::BuildDisplayList (this=0xac05b710, aBuilder=0xbf8149c4, aDirtyRect=..., aLists=...)
    at layout/generic/nsSubDocumentFrame.cpp:281
#10 0xb5a73913 in nsIFrame::BuildDisplayListForStackingContext (this=0xac05b710, aBuilder=0xbf8149c4, aDirtyRect=..., aList=0xbf80fc98)
    at layout/generic/nsFrame.cpp:1585
#11 0xb5a74645 in nsIFrame::BuildDisplayListForChild (this=0xac05b6a0, aBuilder=0xbf8149c4, aChild=0xac05b710, aDirtyRect=..., aLists=..., aFlags=2)
    at layout/generic/nsFrame.cpp:1878
#12 0xb5b8fd41 in nsStackFrame::BuildDisplayListForChildren (this=0xac05b6a0, aBuilder=0xbf8149c4, aDirtyRect=..., aLists=...)
    at layout/xul/base/src/nsStackFrame.cpp:93
#13 0xb5b8c068 in nsBoxFrame::BuildDisplayList (this=0xac05b6a0, aBuilder=0xbf8149c4, aDirtyRect=..., aLists=...)
    at layout/xul/base/src/nsBoxFrame.cpp:1332
#14 0xb5a73913 in nsIFrame::BuildDisplayListForStackingContext (this=0xac05b6a0, aBuilder=0xbf8149c4, aDirtyRect=..., aList=0xbf810268)
Attached patch Possible fixSplinter Review 
Here is possible fix for this issue, not sure if that is correct, probably real problem hiding somewhere else..
Attachment #560016 - Flags: feedback?(roc)
Comment on attachment 560016 [details] [diff] [review]
Possible fix

Review of attachment 560016 [details] [diff] [review]:
-----------------------------------------------------------------

Seems good.
Attachment #560016 - Flags: review+
Attachment #560016 - Flags: feedback?(roc)
Attachment #560016 - Flags: feedback+
Keywords: checkin-needed
Author and commit message added; now in my queue of bits and pieces for try then inbound.
Assignee: nobody → romaxa
Status: NEW → ASSIGNED
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/d9a39885a9d2
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: