Bug 895023: Null-check SVG image document's root frame, before dereferencing it. r=seth
authorDaniel Holbert <dholbert@cs.stanford.edu>
Mon, 22 Jul 2013 13:42:05 -0700
changeset 139506 e3c19a339b3660df33c311b8e0bf88afd540f02f
parent 139477 bda9723bdcccc835b45e179289a0a05a0468846c
child 139513 eee6188bec4167dd8ad64eccea8a8c7e185b4a7b
push id31396
push userryanvm@gmail.com
push dateTue, 23 Jul 2013 01:48:34 +0000
treeherdermozilla-inbound@2e57ec157214 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersseth
bugs895023
milestone25.0a1
first release with
nightly linux32
e3c19a339b36 / 25.0a1 / 20130722172607 / files
nightly linux64
e3c19a339b36 / 25.0a1 / 20130722172607 / files
nightly mac
e3c19a339b36 / 25.0a1 / 20130722172607 / files
nightly win32
e3c19a339b36 / 25.0a1 / 20130722172607 / files
nightly win64
e3c19a339b36 / 25.0a1 / 20130722172607 / files
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 895023: Null-check SVG image document's root frame, before dereferencing it. r=seth
image/src/VectorImage.cpp
layout/reftests/svg/as-image/background-display-none-1.html
layout/reftests/svg/as-image/display-none.svg
layout/reftests/svg/as-image/img-display-none-1.html
layout/reftests/svg/as-image/reftest.list
--- a/image/src/VectorImage.cpp
+++ b/image/src/VectorImage.cpp
@@ -505,16 +505,19 @@ VectorImage::GetHeight(int32_t* aHeight)
 /* [noscript] readonly attribute nsSize intrinsicSize; */
 NS_IMETHODIMP
 VectorImage::GetIntrinsicSize(nsSize* aSize)
 {
   if (mError || !mIsFullyLoaded)
     return NS_ERROR_FAILURE;
 
   nsIFrame* rootFrame = mSVGDocumentWrapper->GetRootLayoutFrame();
+  if (!rootFrame)
+    return NS_ERROR_FAILURE;
+
   *aSize = nsSize(-1, -1);
   nsIFrame::IntrinsicSize rfSize = rootFrame->GetIntrinsicSize();
   if (rfSize.width.GetUnit() == eStyleUnit_Coord)
     aSize->width = rfSize.width.GetCoordValue();
   if (rfSize.height.GetUnit() == eStyleUnit_Coord)
     aSize->height = rfSize.height.GetCoordValue();
 
   return NS_OK;
@@ -524,16 +527,19 @@ VectorImage::GetIntrinsicSize(nsSize* aS
 /* [noscript] readonly attribute nsSize intrinsicRatio; */
 NS_IMETHODIMP
 VectorImage::GetIntrinsicRatio(nsSize* aRatio)
 {
   if (mError || !mIsFullyLoaded)
     return NS_ERROR_FAILURE;
 
   nsIFrame* rootFrame = mSVGDocumentWrapper->GetRootLayoutFrame();
+  if (!rootFrame)
+    return NS_ERROR_FAILURE;
+
   *aRatio = rootFrame->GetIntrinsicRatio();
   return NS_OK;
 }
 
 //******************************************************************************
 /* readonly attribute unsigned short type; */
 NS_IMETHODIMP
 VectorImage::GetType(uint16_t* aType)
new file mode 100644
--- /dev/null
+++ b/layout/reftests/svg/as-image/background-display-none-1.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<!--
+     Any copyright is dedicated to the Public Domain.
+     http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<!-- Test for a CSS background pointing to an SVG image that has "display:none"
+     on the root node. -->
+<html>
+<body>
+  <div style="width: 100px; height: 100px;
+              background-image: url('display-none.svg')">
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/layout/reftests/svg/as-image/display-none.svg
@@ -0,0 +1,8 @@
+<!--
+     Any copyright is dedicated to the Public Domain.
+     http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1"
+     width="100" height="100" style="display: none">
+  <rect width="100%" height="100%" fill="red"/>
+</svg>
new file mode 100644
--- /dev/null
+++ b/layout/reftests/svg/as-image/img-display-none-1.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<!--
+     Any copyright is dedicated to the Public Domain.
+     http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<!-- Test for an <img> tag pointing to an SVG image that has "display:none"
+     on the root node. -->
+<html>
+<body>
+  <img src="display-none.svg">
+</body>
+</html>
--- a/layout/reftests/svg/as-image/reftest.list
+++ b/layout/reftests/svg/as-image/reftest.list
@@ -1,14 +1,15 @@
 # Tests related to SVG being used as an image
 
 # zoom/
 include zoom/reftest.list
 
-# Trivial background-image tests
+# Background-image tests
+== background-display-none-1.html  about:blank
 skip-if(B2G) == background-simple-1.html  lime100x100-ref.html # bug 773482
 == background-simple-2.html  lime100x100-ref.html
 
 # Sightly trickier background-image test
 == background-viewBox-1.html  lime100x100-ref.html
 
 # background tests with the background area getting resized
 == background-resize-1.html  lime100x100-ref.html
@@ -62,16 +63,17 @@ skip-if(B2G) == img-simple-6.html  lime1
 # Test with mix of <html:img> and <svg:image> referring to the same images,
 # with a variety of preserveAspectRatio values in play.
 random == img-and-image-1.html img-and-image-1-ref.svg # bug 645267
 
 # More complex <img> tests
 == img-blobURI-1.html lime100x100-ref.html
 random-if(/^Windows\x20NT\x205\.1/.test(http.oscpu)) == img-blobURI-2.html lime100x100-ref.html
 == img-content-outside-viewBox-1.html img-content-outside-viewBox-1-ref.html
+== img-display-none-1.html about:blank
 == img-dyn-1.html img-dyn-1-ref.html
 == img-foreignObject-1.html lime100x100-ref.html
 
 # The following tests check that content embedded via <iframe> and <embed>
 # doesn't load (or execute scripts) in SVG-as-an-image.
 # The "!=" lines are to test that the SVG content, when viewed directly (not as
 # an image), does actually render its external content (making it look
 # different from the reference case).  We don't do that check for