Last Comment Bug 776337 - "ASSERTION: Should not use nsSVGIntegrationUtils on this SVG frame"
: "ASSERTION: Should not use nsSVGIntegrationUtils on this SVG frame"
: assertion, testcase
Product: Core
Classification: Components
Component: SVG (show other bugs)
: Trunk
: x86_64 Mac OS X
: -- normal (vote)
: mozilla17
Assigned To: Jonathan Watt [:jwatt]
: Paul Silaghi, QA [:pauly]
: Jet Villegas (:jet)
Depends on:
Blocks: randomstyles 768351
  Show dependency treegraph
Reported: 2012-07-22 01:23 PDT by Jesse Ruderman
Modified: 2012-10-15 06:01 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

testcase (86 bytes, image/svg+xml)
2012-07-22 01:23 PDT, Jesse Ruderman
no flags Details
stack trace (12.50 KB, text/plain)
2012-07-22 01:23 PDT, Jesse Ruderman
no flags Details
patch (1.26 KB, patch)
2012-07-30 16:15 PDT, Jonathan Watt [:jwatt]
roc: review+
lukasblakk+bugs: approval‑mozilla‑aurora+
Details | Diff | Splinter Review

Description Jesse Ruderman 2012-07-22 01:23:34 PDT
Created attachment 644736 [details]

###!!! ASSERTION: Should not use nsSVGIntegrationUtils on this SVG frame: '!svgChildFrame || (NS_SVGDisplayListPaintingEnabled() && !(aFrame->GetStateBits() & NS_STATE_SVG_NONDISPLAY_CHILD))', file layout/svg/base/src/nsSVGIntegrationUtils.cpp, line 390
Comment 1 Jesse Ruderman 2012-07-22 01:23:52 PDT
Created attachment 644737 [details]
stack trace
Comment 2 Jonathan Watt [:jwatt] 2012-07-30 16:15:56 PDT
Created attachment 647343 [details] [diff] [review]

The assertion is getting upset because nsSVGOuterSVGFrame implements nsISVGChildFrame. The assertion should just check for the NS_FRAME_SVG_LAYOUT bit instead of nsISVGChildFrame.
Comment 3 Jonathan Watt [:jwatt] 2012-07-30 16:18:38 PDT
The test in bug 768351 is essentially the same as this one, which is why I didn't include it in this patch as a crashtest.
Comment 4 Jonathan Watt [:jwatt] 2012-07-31 03:02:53 PDT
Comment 5 Ryan VanderMeulen [:RyanVM] 2012-07-31 19:20:34 PDT
Comment 6 Jonathan Watt [:jwatt] 2012-08-01 03:43:19 PDT
Comment on attachment 647343 [details] [diff] [review]

[Approval Request Comment]

The real bug we want to fix on aurora is bug 779403, but that bug depends on the fix in bug 768351, which in turn depends on the fix in this bug, so requesting approval on this patch.

Bug caused by (feature/regressing bug #): 738192
User impact if declined: SVG masking is broken
Testing completed (on m-c, etc.): patch has been on m-c for several days
Risk to taking this patch (and alternatives if risky): none
String or UUID changes made by this patch: none
Comment 7 Jonathan Watt [:jwatt] 2012-08-01 03:44:55 PDT
Err, for "Risk to taking this patch (and alternatives if risky)" I seem to have only processed the "alternatives" part. The risk is very low though, but yeah, there aren't really any viable alternatives.
Comment 8 Jonathan Watt [:jwatt] 2012-08-01 17:52:07 PDT
Comment 9 Paul Silaghi, QA [:pauly] 2012-09-19 07:06:40 PDT
Saw the assertion on 2012-07-22-mozilla-central-debug build.
Verified fixed on FF 16 2012-09-19-mozilla-beta-debug build on Mac OS X 10.7.4.
Comment 10 Paul Silaghi, QA [:pauly] 2012-10-15 06:01:46 PDT
Verified fixed on FF 17 2012-10-15-mozilla-beta-debug build on Mac OS X 10.7.4.

Note You need to log in before you can comment on or make changes to this bug.