Mercurial > mozreview > gecko / changeset / 083b17466720773c31a5bb32df0c61b2cf79c8d8
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1153693 - Only call ReleaseRef on nsStyle{ClipPath,Filter} once when setting a new value. r=dbaron, a=sledru
authorCameron McCormack <cam@mcc.id.au>
Mon, 13 Apr 2015 12:34:15 +1000
changeset 263174 083b17466720773c31a5bb32df0c61b2cf79c8d8
parent 263173 f29b348372d345279d726de6299a1b936bbc61f4
child 263175 ab3281f684b39c9835069e536e047594a7f45752
push id1963
push userpaolo.mozmail@amadzone.org
push dateSun, 10 May 2015 10:26:20 +0000
reviewersdbaron, sledru
bugs1153693
milestone39.0a2
Bug 1153693 - Only call ReleaseRef on nsStyle{ClipPath,Filter} once when setting a new value. r=dbaron, a=sledru
layout/style/crashtests/1153693-1.html file | annotate | diff | comparison | revisions
layout/style/crashtests/crashtests.list file | annotate | diff | comparison | revisions
layout/style/nsStyleStruct.cpp file | annotate | diff | comparison | revisions 
new file mode 100644
--- /dev/null
+++ b/layout/style/crashtests/1153693-1.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="UTF-8">
+<style>
+
+.a { clip-path: url(z); }
+#x { clip-path: inherit; }
+
+</style>
+</head>
+
+<body>
+    <div class="a">
+        <div class="a" id="x"></div>
+    </div>
+    <script>
+        getComputedStyle(document.getElementById("x"), "").clipPath;
+    </script>
+</body>
+
+</html>
--- a/layout/style/crashtests/crashtests.list
+++ b/layout/style/crashtests/crashtests.list
@@ -107,10 +107,11 @@ pref(layers.offmainthreadcomposition.asy
 load 989965-1.html
 load 992333-1.html
 pref(dom.webcomponents.enabled,true) load 1017798-1.html
 load 1028514-1.html
 load 1066089-1.html
 load 1074651-1.html
 pref(dom.webcomponents.enabled,true) load 1089463-1.html
 pref(layout.css.expensive-style-struct-assertions.enabled,true) load 1136010-1.html
+load 1153693-1.html
 load large_border_image_width.html
 load border-image-visited-link.html
--- a/layout/style/nsStyleStruct.cpp
+++ b/layout/style/nsStyleStruct.cpp
@@ -1061,25 +1061,24 @@ nsStyleClipPath::~nsStyleClipPath()
 
 nsStyleClipPath&
 nsStyleClipPath::operator=(const nsStyleClipPath& aOther)
 {
   if (this == &aOther) {
     return *this;
   }
 
-  ReleaseRef();
-
   if (aOther.mType == NS_STYLE_CLIP_PATH_URL) {
     SetURL(aOther.mURL);
   } else if (aOther.mType == NS_STYLE_CLIP_PATH_SHAPE) {
     SetBasicShape(aOther.mBasicShape, aOther.mSizingBox);
   } else if (aOther.mType == NS_STYLE_CLIP_PATH_BOX) {
     SetSizingBox(aOther.mSizingBox);
   } else {
+    ReleaseRef();
     mSizingBox = NS_STYLE_CLIP_SHAPE_SIZING_NOBOX;
     mType = NS_STYLE_CLIP_PATH_NONE;
   }
   return *this;
 }
 
 
 bool
@@ -1180,17 +1179,21 @@ nsStyleFilter::operator=(const nsStyleFi
     return *this;
 
   if (aOther.mType == NS_STYLE_FILTER_URL) {
     SetURL(aOther.mURL);
   } else if (aOther.mType == NS_STYLE_FILTER_DROP_SHADOW) {
     SetDropShadow(aOther.mDropShadow);
   } else if (aOther.mType != NS_STYLE_FILTER_NONE) {
     SetFilterParameter(aOther.mFilterParameter, aOther.mType);
+  } else {
+    ReleaseRef();
+    mType = NS_STYLE_FILTER_NONE;
   }
+
   return *this;
 }
 
 
 bool
 nsStyleFilter::operator==(const nsStyleFilter& aOther) const
 {
   if (mType != aOther.mType) {
@@ -1213,16 +1216,17 @@ nsStyleFilter::ReleaseRef()
 {
   if (mType == NS_STYLE_FILTER_DROP_SHADOW) {
     NS_ASSERTION(mDropShadow, "expected pointer");
     mDropShadow->Release();
   } else if (mType == NS_STYLE_FILTER_URL) {
     NS_ASSERTION(mURL, "expected pointer");
     mURL->Release();
   }
+  mURL = nullptr;
 }
 
 void
 nsStyleFilter::SetFilterParameter(const nsStyleCoord& aFilterParameter,
                                   int32_t aType)
 {
   ReleaseRef();
   mFilterParameter = aFilterParameter;
gecko
Deployed from 2e3b1288bbd5 at 2021-12-01T16:16:38Z.