114 bytes, text/html
2.28 KB, text/plain
20.75 KB, text/plain
3.43 KB, patch
|Details | Diff | Splinter Review|
Created attachment 734951 [details] testcase (requires pref) With: user_pref("layers.force-active", true); (which was added in bug 812908) The testcase crashes with IsContentLEQ calling FindContentInDocument(NULL, ...). Nightly: bp-3cf010b3-c1a7-4688-a1a0-febd42130409
On Windows: bp-b6fd9bb9-4892-4988-aeba-f1fd82130409.
Crash Signature: [@ IsContentLEQ ] [@ nsINode::OwnerDoc() ]
OS: Mac OS X → All
Hardware: x86_64 → All
On 64-bit Windows build: bp-91a124a7-5259-4ef9-8294-37d6e2130409.
Crash Signature: [@ IsContentLEQ ] [@ nsINode::OwnerDoc() ] → [@ IsContentLEQ ] [@ nsINode::OwnerDoc() ] [@ FindContentInDocument ]
Not entirely sure what the solution is here. The two frames passed to IsContentLEQ are nsSubDocumentFrame and nsViewportFrame. The latter doesn't have a Content, and we crash. roc: What would you expect the behaviour to be in this case?
FindContentInDocument tries to walk up to find the element in aDoc for the given item/frame. In this case the frame must be the nsViewportFrame for some subdocument, so we need to fix FindContentInDocument to find the right element in aDoc for that case. So I think we should pass the nsDisplayItem* to FindContentInDocument, have it call GetUnderlyingFrame, if the frame has no content then call PresContext()->Document() and start the search from there (i.e. taking the "parentDoc = d->GetParentDocument(), parentDoc->FindContentForSubDocument path). Make sense?
Created attachment 737354 [details] [diff] [review] Use the PresShell's document
Attachment #737354 - Flags: review?(roc)
Comment on attachment 737354 [details] [diff] [review] Use the PresShell's document Review of attachment 737354 [details] [diff] [review]: ----------------------------------------------------------------- ::: layout/base/nsDisplayList.cpp @@ +1426,5 @@ > // of commonAncestor, because display items for subdocuments have been > // mixed into the same list. Ensure that we're looking at content > // in commonAncestor's document. > nsIDocument* commonAncestorDoc = commonAncestor->OwnerDoc(); > + nsIContent* content1 = FindContentInDocument(aItem1->GetUnderlyingFrame(), Might as well move the call to GetUnderlyingFrame into FindContentInDocument too.
Attachment #737354 - Flags: review?(roc) → review+
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla23
You need to log in before you can comment on or make changes to this bug.