Closed Bug 1668156 Opened 4 years ago Closed 4 years ago

Fix existing bad callers of nsLayoutUtils::TransformFrameToAncestor

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
83 Branch
Tracking Flags:
Tracking Status
firefox83 --- fixed

People

(Reporter: emilio, Assigned: emilio)

References

(Regressed 1 open bug)

Details

Attachments

(2 files)

Bug 1668156 - Make PositionedEventTargeting code not violate TransformRectToAncestor invariants. r=kats,botond
(deleted), text/x-phabricator-request
Details
Bug 1668156 - Fix some IntersectionObserver edge cases, and enable the assertion for good. r=hiro,tnikkel
(deleted), text/x-phabricator-request
Details

Seems like the assertion I added in bug 1665447 has some pre-existing violations... We should fix them in this bug.

https://treeherder.mozilla.org/#/jobs?repo=try&revision=a2c20e466c967ae1d4fcecdee3fa41f045de5d46&selectedTaskRun=Kg0GtnSbScqrxwGRGUE17Q.0

Flags: needinfo?(emilio)

And enable the assertion for the same-document case.

Without this patch, the assertion would fire in tests like
gfx/layers/apz/test/mochitest/test_group_zoom.html, where stuff like
MaybeHandleEventWithAccessibleCaret, which passes a non-root-frame down
here, and a target, which ends up violating the preconditions of
ClipToFrame, etc.

Enable the assertion for the same-document case, there are other
violations when fission is enabled in the cross-document case.

Pushed by ealvarez@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5e28d7b69c23 Make PositionedEventTargeting code not violate TransformRectToAncestor invariants. r=kats
Keywords: leave-open

This patch fixes two issues, described below:

First, the GetTopLevelDocument function was looking at the browsing
context tree. It should look at the window context tree, as looking at
the browsing context tree means that if you're in a discarded or
about-to-get-discarded document, you can end up with a document from a
different tree. Computing intersections between those of course makes no
sense and triggers the assertion we're enabling.

Second, this patch fixes an issue when you have fission enabled, and a
setup such as:

A1 -> B1 -> A2

If you try to use IntersectionObserver from A2 with the implicit root,
we'd end up with:

  • rootRect: A1's root scrollport rect (this is fine, because it's only
    used to compute the root margin and bounds and so on, not
    to compute geometry).

  • rootFrame: A1's root scroll frame (this is not fine, see below).

Then, we'd try to map rects from A2's target to A1's viewport, and we
can't really do that sensibly with the existing nsLayoutUtils functions,
because we're not accounting for all the OOP iframe transforms that may
be going on. This also triggers the assertion that this patch enables in
same-origin-grand-child-iframe.sub.html.

To fix it, for the A2 case, use the same code that we have for other OOP
iframes. The test tweaks fails with fission enabled without the patch
(because we don't account for the OOP iframe clip).

Bugs everywhere :-)

Flags: needinfo?(emilio)
Keywords: leave-open
Severity: -- → S2
Pushed by ealvarez@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c54385f18d19 Fix some IntersectionObserver edge cases, and enable the assertion for good. r=hiro
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/25940 for changes under testing/web-platform/tests

https://hg.mozilla.org/mozilla-central/rev/c54385f18d19

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox83: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 83 Branch
Regressions: 1668784
Upstream PR merged by emilio
Regressions: 1670327
Regressions: 1672266
Regressions: 1673524
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: