Last Comment Bug 776337 - "ASSERTION: Should not use nsSVGIntegrationUtils on this SVG frame"
: "ASSERTION: Should not use nsSVGIntegrationUtils on this SVG frame"
Status: VERIFIED FIXED
: assertion, testcase
Product: Core
Classification: Components
Component: SVG (show other bugs)
: Trunk
: x86_64 Mac OS X
: -- normal (vote)
: mozilla17
Assigned To: Jonathan Watt [:jwatt] (back in October - email directly if necessary)
: Paul Silaghi, QA [:pauly]
Mentors:
Depends on:
Blocks: randomstyles 768351
  Show dependency treegraph
 
Reported: 2012-07-22 01:23 PDT by Jesse Ruderman
Modified: 2012-10-15 06:01 PDT (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
unaffected
+
verified
verified


Attachments
testcase (86 bytes, image/svg+xml)
2012-07-22 01:23 PDT, Jesse Ruderman
no flags Details
stack trace (12.50 KB, text/plain)
2012-07-22 01:23 PDT, Jesse Ruderman
no flags Details
patch (1.26 KB, patch)
2012-07-30 16:15 PDT, Jonathan Watt [:jwatt] (back in October - email directly if necessary)
roc: review+
lukasblakk+bugs: approval‑mozilla‑aurora+
Details | Diff | Splinter Review

Description Jesse Ruderman 2012-07-22 01:23:34 PDT
Created attachment 644736 [details]
testcase

###!!! ASSERTION: Should not use nsSVGIntegrationUtils on this SVG frame: '!svgChildFrame || (NS_SVGDisplayListPaintingEnabled() && !(aFrame->GetStateBits() & NS_STATE_SVG_NONDISPLAY_CHILD))', file layout/svg/base/src/nsSVGIntegrationUtils.cpp, line 390
Comment 1 Jesse Ruderman 2012-07-22 01:23:52 PDT
Created attachment 644737 [details]
stack trace
Comment 2 Jonathan Watt [:jwatt] (back in October - email directly if necessary) 2012-07-30 16:15:56 PDT
Created attachment 647343 [details] [diff] [review]
patch

The assertion is getting upset because nsSVGOuterSVGFrame implements nsISVGChildFrame. The assertion should just check for the NS_FRAME_SVG_LAYOUT bit instead of nsISVGChildFrame.
Comment 3 Jonathan Watt [:jwatt] (back in October - email directly if necessary) 2012-07-30 16:18:38 PDT
The test in bug 768351 is essentially the same as this one, which is why I didn't include it in this patch as a crashtest.
Comment 4 Jonathan Watt [:jwatt] (back in October - email directly if necessary) 2012-07-31 03:02:53 PDT
Pushed https://hg.mozilla.org/integration/mozilla-inbound/rev/eaa1c9822d8a
Comment 5 Ryan VanderMeulen [:RyanVM] 2012-07-31 19:20:34 PDT
https://hg.mozilla.org/mozilla-central/rev/eaa1c9822d8a
Comment 6 Jonathan Watt [:jwatt] (back in October - email directly if necessary) 2012-08-01 03:43:19 PDT
Comment on attachment 647343 [details] [diff] [review]
patch

[Approval Request Comment]

The real bug we want to fix on aurora is bug 779403, but that bug depends on the fix in bug 768351, which in turn depends on the fix in this bug, so requesting approval on this patch.

Bug caused by (feature/regressing bug #): 738192
User impact if declined: SVG masking is broken
Testing completed (on m-c, etc.): patch has been on m-c for several days
Risk to taking this patch (and alternatives if risky): none
String or UUID changes made by this patch: none
Comment 7 Jonathan Watt [:jwatt] (back in October - email directly if necessary) 2012-08-01 03:44:55 PDT
Err, for "Risk to taking this patch (and alternatives if risky)" I seem to have only processed the "alternatives" part. The risk is very low though, but yeah, there aren't really any viable alternatives.
Comment 8 Jonathan Watt [:jwatt] (back in October - email directly if necessary) 2012-08-01 17:52:07 PDT
Pushed https://hg.mozilla.org/releases/mozilla-aurora/rev/ca633397362e
Comment 9 Paul Silaghi, QA [:pauly] 2012-09-19 07:06:40 PDT
Saw the assertion on 2012-07-22-mozilla-central-debug build.
Verified fixed on FF 16 2012-09-19-mozilla-beta-debug build on Mac OS X 10.7.4.
Comment 10 Paul Silaghi, QA [:pauly] 2012-10-15 06:01:46 PDT
Verified fixed on FF 17 2012-10-15-mozilla-beta-debug build on Mac OS X 10.7.4.

Note You need to log in before you can comment on or make changes to this bug.