Bug 1361041: Avoid posting ReconstructFrame hints to an uninitialized PresShell. r?bz
The call that's causing the crash seems to be [1], that is, we're trying to
recreate frames for the root element, which should always have a frame created
at the initialization of the PresShell.
So the function I removed in that bug had something like the following:
if (!mDidInitialize) {
// Nothing to do here. In fact, if we proceed and aContent is the
// root we will crash.
return NS_OK;
}
Which PostRecreateFramesFor doesn't guard against (because I thought it was not
needed, per tryserver results).
Sounds a lot like we do need that check, though I'd like to have a testcase
where it happens :(
[1]: http://searchfox.org/mozilla-central/rev/3dc6ceb42746ab40f1441e1e659ffb8f62ae78e3/layout/base/nsCSSFrameConstructor.cpp#2420
MozReview-Commit-ID: Lh6SohNmmI6
--- a/layout/base/PresShell.cpp
+++ b/layout/base/PresShell.cpp
@@ -2949,16 +2949,22 @@ PresShell::CreateFramesFor(nsIContent* a
fc->EndUpdate();
--mChangeNestCount;
}
void
nsIPresShell::PostRecreateFramesFor(Element* aElement)
{
+ if (MOZ_UNLIKELY(!mDidInitialize)) {
+ // Nothing to do here. In fact, if we proceed and aElement is the root, we
+ // will crash.
+ return;
+ }
+
mPresContext->RestyleManager()->PostRestyleEvent(aElement, nsRestyleHint(0),
nsChangeHint_ReconstructFrame);
}
void
nsIPresShell::RestyleForAnimation(Element* aElement, nsRestyleHint aHint)
{
// Now that we no longer have separate non-animation and animation