Closed
Bug 784061
Opened 12 years ago
Closed 12 years ago
Assertion failure: "Non-display SVG do not maintain visual overflow rects"
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox16 | --- | unaffected |
firefox17 | - | affected |
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: assertion, regression, testcase)
Attachments
(3 files)
Assertion failure: !(mState & (nsFrameState(1) << (43))) || !(mState & (nsFrameState(1) << (22))) (Non-display SVG do not maintain visual overflow rects), at ../../../layout/generic/nsFrame.cpp:5088
This assertion was added recently:
changeset: ad77846165e3
user: Jonathan Watt
date: Tue Aug 14 10:04:24 2012 +0100
summary: Bug 780963 - Make UpdateOverflow() on filter primitive frames a no-op. r=roc.
Reporter | ||
Updated•12 years ago
|
Blocks: randomstyles
Comment 1•12 years ago
|
||
Is this an assertion benign or something we need to worry about? The assertion is new in Firefox 17, although the issue might be old.
Assignee: nobody → jwatt
status-firefox16:
--- → unaffected
status-firefox17:
--- → affected
tracking-firefox17:
--- → ?
Comment 2•12 years ago
|
||
Doesn't seem to assert for me.
Comment 3•12 years ago
|
||
Does assert for me. (Linux x86_64 up-to-date debug build)
Comment 4•12 years ago
|
||
Could you attach a stack trace, Daniel?
Comment 5•12 years ago
|
||
Sure, here's the backtrace.
The frame in question (which doesn't satisfy the assertion) is a nsSVGPathGeometryFrame, with frame-tree ancestry as follows:
(gdb) p this
$4 = (nsSVGPathGeometryFrame * const) 0x7f7910740600
(gdb) p mParent
$5 = (nsSVGContainerFrame *) 0x7f7910740208
(gdb) p mParent->mParent
$6 = (nsSVGOuterSVGAnonChildFrame *) 0x7f791073fef0
(gdb) p mParent->mParent->mParent
$7 = (nsSVGOuterSVGFrame *) 0x7f791073fd80
Comment 6•12 years ago
|
||
This also isn't any sort of unlucky startup race-condition. I tried performing the testcase's style-tweak manually (in the web developer console), and it triggers the same assertion-failure.
Comment 7•12 years ago
|
||
(In reply to Daniel Holbert [:dholbert] from comment #5)
> Sure, here's the backtrace.
Thanks!
(In reply to Daniel Veditz [:dveditz] from comment #1)
> Is this an assertion benign
It's not a security issue, but it is a perf issue to a certain extent. We end up calling UpdateOverflow() up the parent chain which is a complete waste of cycles for non-display SVG.
Comment 8•12 years ago
|
||
We should avoid scheduling nsChangeHint_UpdateOverflow restyles for such frames, or, if that's messy, return if we encounter such frames in nsCSSFrameConstructor::ProcessRestyledFrames around these two locations:
http://hg.mozilla.org/mozilla-central/annotate/e327e66a027d/layout/base/nsCSSFrameConstructor.cpp#l8126
http://hg.mozilla.org/mozilla-central/annotate/e327e66a027d/layout/base/nsCSSFrameConstructor.cpp#l8157
Comment 9•12 years ago
|
||
Not a security issue, user impact hasn't yet been demonstrated. Please re-nominate if that changes in the future.
Comment 10•12 years ago
|
||
Jonathan, are you working on this. If not, I can do something along the lines of comment 8.
Updated•12 years ago
|
Assignee: longsonr → nobody
Comment 12•12 years ago
|
||
Doesn't assert any more.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Comment 13•12 years ago
|
||
We should probably check in a crashtest, to be sure it's not just fixed on your configuration and that we don't later regress this.
Flags: in-testsuite?
Comment 14•12 years ago
|
||
This patch adds the testcase (w/ reftest-wait) as a crashtest.
Attachment #677864 -
Flags: review?(longsonr)
Updated•12 years ago
|
Attachment #677864 -
Flags: review?(longsonr) → review+
Comment 15•12 years ago
|
||
Flags: in-testsuite? → in-testsuite+
Comment 16•12 years ago
|
||
Reporter | ||
Comment 17•12 years ago
|
||
This assertion was also mentioned in bug 795592, so maybe this was a dup.
You need to log in
before you can comment on or make changes to this bug.
Description
•