From 515dc50b19f45e8514c06cc6d219806c252f3f5d Mon Sep 17 00:00:00 2001 From: Robert Longson Date: Thu, 29 Dec 2011 11:59:02 +0000 Subject: [PATCH] Bug 713413 - Fix crash when dynamically adding foreignObject as a child of non-displayed element. r=dholbert --- layout/svg/base/src/nsSVGForeignObjectFrame.cpp | 7 ++++++- layout/svg/crashtests/713413-1.svg | 12 ++++++++++++ layout/svg/crashtests/crashtests.list | 1 + 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 layout/svg/crashtests/713413-1.svg diff --git a/layout/svg/base/src/nsSVGForeignObjectFrame.cpp b/layout/svg/base/src/nsSVGForeignObjectFrame.cpp index f4f8973c5c03..ab488d4d0903 100644 --- a/layout/svg/base/src/nsSVGForeignObjectFrame.cpp +++ b/layout/svg/base/src/nsSVGForeignObjectFrame.cpp @@ -140,7 +140,12 @@ nsSVGForeignObjectFrame::DidSetStyleContext(nsStyleContext* aOldStyleContext) { nsSVGForeignObjectFrameBase::DidSetStyleContext(aOldStyleContext); - UpdateGraphic(); + // No need to invalidate before first reflow - that will happen elsewhere. + // Moreover we haven't been initialised properly yet so we may not have the + // right state bits. + if (!(GetStateBits() & NS_FRAME_FIRST_REFLOW)) { + UpdateGraphic(); + } } NS_IMETHODIMP diff --git a/layout/svg/crashtests/713413-1.svg b/layout/svg/crashtests/713413-1.svg new file mode 100644 index 000000000000..7131202335ed --- /dev/null +++ b/layout/svg/crashtests/713413-1.svg @@ -0,0 +1,12 @@ + + + + + + + + diff --git a/layout/svg/crashtests/crashtests.list b/layout/svg/crashtests/crashtests.list index 7b7c6f76dc7d..1634d742332f 100644 --- a/layout/svg/crashtests/crashtests.list +++ b/layout/svg/crashtests/crashtests.list @@ -121,3 +121,4 @@ load 692203-2.svg load 693424-1.svg load 709920-1.svg load 709920-2.svg +load 713413-1.svg