Closed Bug 859630 Opened 8 years ago Closed 8 years ago

Crash with layers.force-active and "display: table-caption"


(Core :: Graphics, defect)

Not set





(Reporter: jruderman, Assigned: mattwoodrow)


(Blocks 1 open bug)


(Keywords: crash, testcase)

Crash Data


(4 files)

  user_pref("layers.force-active", true);
(which was added in bug 812908)

The testcase crashes with IsContentLEQ calling FindContentInDocument(NULL, ...).

Nightly: bp-3cf010b3-c1a7-4688-a1a0-febd42130409
Attached file stack (gdb)
On Windows: bp-b6fd9bb9-4892-4988-aeba-f1fd82130409.
Crash Signature: [@ IsContentLEQ ] [@ nsINode::OwnerDoc() ]
OS: Mac OS X → All
Hardware: x86_64 → All
On 64-bit Windows build: bp-91a124a7-5259-4ef9-8294-37d6e2130409.
Crash Signature: [@ IsContentLEQ ] [@ nsINode::OwnerDoc() ] → [@ IsContentLEQ ] [@ nsINode::OwnerDoc() ] [@ FindContentInDocument ]
Not entirely sure what the solution is here.

The two frames passed to IsContentLEQ are nsSubDocumentFrame and nsViewportFrame.

The latter doesn't have a Content, and we crash.

roc: What would you expect the behaviour to be in this case?
FindContentInDocument tries to walk up to find the element in aDoc for the given item/frame. In this case the frame must be the nsViewportFrame for some subdocument, so we need to fix FindContentInDocument to find the right element in aDoc for that case.

So I think we should pass the nsDisplayItem* to FindContentInDocument, have it call GetUnderlyingFrame, if the frame has no content then call PresContext()->Document() and start the search from there (i.e. taking the "parentDoc = d->GetParentDocument(), parentDoc->FindContentForSubDocument path).

Make sense?
Attachment #737354 - Flags: review?(roc)
Comment on attachment 737354 [details] [diff] [review]
Use the PresShell's document

Review of attachment 737354 [details] [diff] [review]:

::: layout/base/nsDisplayList.cpp
@@ +1426,5 @@
>    // of commonAncestor, because display items for subdocuments have been
>    // mixed into the same list. Ensure that we're looking at content
>    // in commonAncestor's document.
>    nsIDocument* commonAncestorDoc = commonAncestor->OwnerDoc();
> +  nsIContent* content1 = FindContentInDocument(aItem1->GetUnderlyingFrame(),

Might as well move the call to GetUnderlyingFrame into FindContentInDocument too.
Attachment #737354 - Flags: review?(roc) → review+
Closed: 8 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla23
Assignee: nobody → matt.woodrow
You need to log in before you can comment on or make changes to this bug.