Mercurial > mozreview > gecko / changeset / bf15282440145858311c957238ee7ad5fc37b71c
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1353529 - Crash when using IntersectionObserver in XUL pages. r?mstange draft
authorTobias Schneider <schneider@jancona.com>
Tue, 04 Apr 2017 20:14:46 -0700
changeset 555885 bf15282440145858311c957238ee7ad5fc37b71c
parent 555725 b043233ec04f06768d59dcdfb9e928142280f3cc
child 622729 d40c5f5ead83169d663a59c1076caf0a9bb49623
push id52374
push userbmo:tschneider@mozilla.com
push dateWed, 05 Apr 2017 03:21:05 +0000
reviewersmstange
bugs1353529
milestone55.0a1
Bug 1353529 - Crash when using IntersectionObserver in XUL pages. r?mstange MozReview-Commit-ID: 9RBrnst4Wkb
dom/base/DOMIntersectionObserver.cpp file | annotate | diff | comparison | revisions
dom/base/crashtests/1353529-inner.html file | annotate | diff | comparison | revisions
dom/base/crashtests/1353529.xul file | annotate | diff | comparison | revisions
dom/base/crashtests/crashtests.list file | annotate | diff | comparison | revisions 
--- a/dom/base/DOMIntersectionObserver.cpp
+++ b/dom/base/DOMIntersectionObserver.cpp
@@ -284,17 +284,22 @@ DOMIntersectionObserver::Update(nsIDocum
       rootFrame = presShell->GetRootScrollFrame();
       if (rootFrame) {
         nsPresContext* presContext = rootFrame->PresContext();
         while (!presContext->IsRootContentDocument()) {
           presContext = presContext->GetParentPresContext();
           if (!presContext) {
             break;
           }
-          rootFrame = presContext->PresShell()->GetRootScrollFrame();
+          nsIFrame* rootScrollFrame = presContext->PresShell()->GetRootScrollFrame();
+          if (rootScrollFrame) {
+            rootFrame = rootScrollFrame;
+          } else {
+            break;
+          }
         }
         root = rootFrame->GetContent()->AsElement();
         nsIScrollableFrame* scrollFrame = do_QueryFrame(rootFrame);
         rootRect = scrollFrame->GetScrollPortRect();
       }
     }
   }
 
new file mode 100644
--- /dev/null
+++ b/dom/base/crashtests/1353529-inner.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<body onload="boom()">
+<div id="target"></div>
+<script>
+    function boom() {
+        var io = new IntersectionObserver(function () { }, { });
+        io.observe(document.getElementById('target'));
+    }
+</script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/dom/base/crashtests/1353529.xul
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
+        xmlns:xhtml="http://www.w3.org/1999/xhtml">
+<xhtml:div>
+    <iframe src="1353529-inner.html"></iframe>
+</xhtml:div>
+</window>
--- a/dom/base/crashtests/crashtests.list
+++ b/dom/base/crashtests/crashtests.list
@@ -207,9 +207,10 @@ load xhr_empty_datauri.html
 load xhr_html_nullresponse.html
 load 1230422.html
 load 1251361.html
 load 1304437.html
 pref(dom.IntersectionObserver.enabled,true) load 1324209.html
 pref(dom.IntersectionObserver.enabled,true) load 1326194-1.html
 pref(dom.IntersectionObserver.enabled,true) load 1326194-2.html
 pref(dom.IntersectionObserver.enabled,true) load 1332939.html
+pref(dom.IntersectionObserver.enabled,true) load 1353529.xul
 pref(dom.webcomponents.enabled,true) load 1341693.html
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.