Mercurial > mozilla-central / changeset / 459b7ba2ab709f5d475e9347186c05b17301f833
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 605626 - Prevent assertion when displaying an image that has no width or height r=dholbert a=roc
authorRobert Longson <longsonr@gmail.com>
Tue, 26 Oct 2010 09:19:31 +0100
changeset 57013 459b7ba2ab709f5d475e9347186c05b17301f833
parent 57012 81da4980adaa5426644fca2f3f49a2bf11e48560
child 57014 08763c8d26c3b602b7ceaaf305689a2e3536f369
push id16757
push userdgottwald@mozilla.com
push dateSat, 06 Nov 2010 13:55:43 +0000
treeherdermozilla-central@459b7ba2ab70 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdholbert, roc
bugs605626
milestone2.0b8pre
first release with
nightly linux32
8cbe83542596 / 4.0b8pre / 20101107015940 / files
nightly linux64
8cbe83542596 / 4.0b8pre / 20101107030815 / files
nightly mac
8cbe83542596 / 4.0b8pre / 20101107030911 / files
nightly win32
8cbe83542596 / 4.0b8pre / 20101107042528 / files
nightly win64
5f427b7d7b60 / 4.0b8pre / 20101107060025 / files
last release without
nightly linux32
2b612890113b / 4.0b8pre / 20101106025958 / files
nightly linux64
2b612890113b / 4.0b8pre / 20101106031112 / files
nightly mac
2b612890113b / 4.0b8pre / 20101106030745 / files
nightly win32
2b612890113b / 4.0b8pre / 20101106042135 / files
nightly win64
a1705bc179e4 / 4.0b8pre / 20101105054821 / files
Bug 605626 - Prevent assertion when displaying an image that has no width or height r=dholbert a=roc
layout/svg/base/src/nsSVGImageFrame.cpp file | annotate | diff | comparison | revisions
layout/svg/crashtests/605626-1.svg file | annotate | diff | comparison | revisions
layout/svg/crashtests/crashtests.list file | annotate | diff | comparison | revisions 
--- a/layout/svg/base/src/nsSVGImageFrame.cpp
+++ b/layout/svg/base/src/nsSVGImageFrame.cpp
@@ -110,17 +110,17 @@ public:
 #ifdef DEBUG
   NS_IMETHOD GetFrameName(nsAString& aResult) const
   {
     return MakeFrameName(NS_LITERAL_STRING("SVGImage"), aResult);
   }
 #endif
 
 private:
-  gfxMatrix GetImageTransform();
+  gfxMatrix GetImageTransform(PRInt32 aNativeWidth, PRInt32 aNativeHeight);
 
   nsCOMPtr<imgIDecoderObserver> mListener;
 
   nsCOMPtr<imgIContainer> mImageContainer;
 
   friend class nsSVGImageListener;
 };
 
@@ -188,30 +188,26 @@ nsSVGImageFrame::AttributeChanged(PRInt3
      return NS_OK;
    }
 
    return nsSVGPathGeometryFrame::AttributeChanged(aNameSpaceID,
                                                    aAttribute, aModType);
 }
 
 gfxMatrix
-nsSVGImageFrame::GetImageTransform()
+nsSVGImageFrame::GetImageTransform(PRInt32 aNativeWidth, PRInt32 aNativeHeight)
 {
   float x, y, width, height;
   nsSVGImageElement *element = static_cast<nsSVGImageElement*>(mContent);
   element->GetAnimatedLengthValues(&x, &y, &width, &height, nsnull);
 
-  PRInt32 nativeWidth, nativeHeight;
-  mImageContainer->GetWidth(&nativeWidth);
-  mImageContainer->GetHeight(&nativeHeight);
-
   gfxMatrix viewBoxTM =
     nsSVGUtils::GetViewBoxTransform(element,
                                     width, height,
-                                    0, 0, nativeWidth, nativeHeight,
+                                    0, 0, aNativeWidth, aNativeHeight,
                                     element->mPreserveAspectRatio);
 
   return viewBoxTM * gfxMatrix().Translate(gfxPoint(x, y)) * GetCanvasTM();
 }
 
 //----------------------------------------------------------------------
 // nsISVGChildFrame methods:
 NS_IMETHODIMP
@@ -236,16 +232,24 @@ nsSVGImageFrame::PaintSVG(nsSVGRenderSta
       imageLoader->GetRequest(nsIImageLoadingContent::CURRENT_REQUEST,
                               getter_AddRefs(currentRequest));
 
     if (currentRequest)
       currentRequest->GetImage(getter_AddRefs(mImageContainer));
   }
 
   if (mImageContainer) {
+    PRInt32 nativeWidth, nativeHeight;
+    mImageContainer->GetWidth(&nativeWidth);
+    mImageContainer->GetHeight(&nativeHeight);
+
+    if (nativeWidth == 0 || nativeHeight == 0) {
+      return NS_ERROR_FAILURE;
+    }
+
     if (mImageContainer->GetType() == imgIContainer::TYPE_VECTOR) {
       // <svg:image> not supported for SVG images yet.
       return NS_ERROR_FAILURE;
     }
 
     gfxContext* ctx = aContext->GetGfxContext();
     gfxContextAutoSaveRestore autoRestorer(ctx);
 
@@ -256,17 +260,18 @@ nsSVGImageFrame::PaintSVG(nsSVGRenderSta
     }
 
     nscoord appUnitsPerDevPx = PresContext()->AppUnitsPerDevPixel();
     gfxFloat pageZoomFactor =
       nsPresContext::AppUnitsToFloatCSSPixels(appUnitsPerDevPx);
 
     // NOTE: We need to cancel out the effects of Full-Page-Zoom, or else
     // it'll get applied an extra time by DrawSingleUnscaledImage.
-    ctx->Multiply(GetImageTransform().Scale(pageZoomFactor, pageZoomFactor));
+    ctx->Multiply(GetImageTransform(nativeWidth, nativeHeight).
+      Scale(pageZoomFactor, pageZoomFactor));
 
     // fill-opacity doesn't affect <image>, so if we're allowed to
     // optimize group opacity, the opacity used for compositing the
     // image into the current canvas is just the group opacity.
     float opacity = 1.0f;
     if (nsSVGUtils::CanOptimizeOpacity(this)) {
       opacity = GetStyleDisplay()->mOpacity;
     }
@@ -308,17 +313,21 @@ nsSVGImageFrame::PaintSVG(nsSVGRenderSta
 NS_IMETHODIMP_(nsIFrame*)
 nsSVGImageFrame::GetFrameForPoint(const nsPoint &aPoint)
 {
   if (GetStyleDisplay()->IsScrollableOverflow() && mImageContainer) {
     PRInt32 nativeWidth, nativeHeight;
     mImageContainer->GetWidth(&nativeWidth);
     mImageContainer->GetHeight(&nativeHeight);
 
-    if (!nsSVGUtils::HitTestRect(GetImageTransform(),
+    if (nativeWidth == 0 || nativeHeight == 0) {
+      return nsnull;
+    }
+
+    if (!nsSVGUtils::HitTestRect(GetImageTransform(nativeWidth, nativeHeight),
                                  0, 0, nativeWidth, nativeHeight,
                                  PresContext()->AppUnitsToDevPixels(aPoint.x),
                                  PresContext()->AppUnitsToDevPixels(aPoint.y))) {
       return nsnull;
     }
   }
 
   return nsSVGPathGeometryFrame::GetFrameForPoint(aPoint);
new file mode 100644
--- /dev/null
+++ b/layout/svg/crashtests/605626-1.svg
@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<image width="10" height="10" xlink:href="data:text/plain,g"/>
+</svg>
--- a/layout/svg/crashtests/crashtests.list
+++ b/layout/svg/crashtests/crashtests.list
@@ -87,8 +87,9 @@ load 492186-1.svg
 load 508247-1.svg
 load 512890-1.svg
 load 515288-1.html
 load 522394-1.svg
 load 522394-2.svg
 load 522394-3.svg
 load extref-test-1.xhtml
 load 566216-1.svg
+load 605626-1.svg
mozilla-central
Deployed from 18d8b634a3eb at 2022-06-27T19:41:43Z.