Closed
Bug 841225
Opened 12 years ago
Closed 12 years ago
Crash [@ nsProgressFrame::ShouldUseNativeStyle] with svg.text.css-frames.enabled
Categories
(Core :: SVG, defect)
Core
SVG
Tracking
()
RESOLVED
FIXED
mozilla21
People
(Reporter: jruderman, Assigned: heycam)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(3 files)
With:
user_pref("svg.text.css-frames.enabled", true);
Crash [@ nsProgressFrame::ShouldUseNativeStyle]
Reporter | ||
Comment 1•12 years ago
|
||
Updated•12 years ago
|
OS: Mac OS X → All
Hardware: x86_64 → All
Comment 2•12 years ago
|
||
mBarDiv->GetPrimaryFrame() is null, so we're crashing on this line:
> 290 mBarDiv->GetPrimaryFrame()->GetStyleDisplay()->mAppearance == NS_THEME_PROGRESSBAR_CHUNK &&
https://mxr.mozilla.org/mozilla-central/source/layout/forms/nsProgressFrame.cpp#290
Assignee | ||
Comment 3•12 years ago
|
||
I don't think we should be creating a frame for the <progress> element inside the SVG <text> element.
Assignee | ||
Comment 4•12 years ago
|
||
Although we already have code to prevent this https://mxr.mozilla.org/mozilla-central/source/layout/base/nsCSSFrameConstructor.cpp#5306 so maybe that's working in this case.
Assignee | ||
Comment 5•12 years ago
|
||
*not working
Assignee | ||
Comment 6•12 years ago
|
||
Inside a <tspan>, we're creating frame construction items without a parent frame available to check. So we should be checking the ITEM_IS_SVG_TEXT flag too, to avoid creating frames for non-SVG elements inside SVG text.
![]() |
||
Comment 7•12 years ago
|
||
Comment on attachment 713782 [details] [diff] [review]
patch
>+ (aFlags & ITEM_IS_WITHIN_SVG_TEXT))) {
This is mis-indented, leading to confusion. Please fix.
r=me with that.
Attachment #713782 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 8•12 years ago
|
||
Updated•12 years ago
|
Crash Signature: [@ nsProgressFrame::ShouldUseNativeStyle] → [@ nsProgressFrame::ShouldUseNativeStyle]
[@ nsProgressFrame::ShouldUseNativeStyle()]
Comment 9•12 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
You need to log in
before you can comment on or make changes to this bug.
Description
•