Bug 895023 - Null-check SVG image document's root frame, before dereferencing it. r=seth, a=lsblakk
authorDaniel Holbert <dholbert@cs.stanford.edu>
Mon, 22 Jul 2013 13:42:05 -0700
changeset 148029 653b455a607a8b30f2191f43867faa74df047f1f
parent 148028 d45388fa2fe17a4d6d72bd04b5e375312524cc39
child 148030 615758994f36c39f68f3bad5af5d38ff626496fc
push id2697
push userbbajaj@mozilla.com
push dateMon, 05 Aug 2013 18:49:53 +0000
treeherdermozilla-beta@dfec938c7b63 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersseth, lsblakk
bugs895023
milestone24.0a2
Bug 895023 - Null-check SVG image document's root frame, before dereferencing it. r=seth, a=lsblakk
image/src/VectorImage.cpp
layout/reftests/svg/as-image/background-display-none-1.html
layout/reftests/svg/as-image/display-none.svg
layout/reftests/svg/as-image/img-display-none-1.html
layout/reftests/svg/as-image/reftest.list
--- a/image/src/VectorImage.cpp
+++ b/image/src/VectorImage.cpp
@@ -504,16 +504,19 @@ VectorImage::GetHeight(int32_t* aHeight)
 /* [noscript] readonly attribute nsSize intrinsicSize; */
 NS_IMETHODIMP
 VectorImage::GetIntrinsicSize(nsSize* aSize)
 {
   if (mError || !mIsFullyLoaded)
     return NS_ERROR_FAILURE;
 
   nsIFrame* rootFrame = mSVGDocumentWrapper->GetRootLayoutFrame();
+  if (!rootFrame)
+    return NS_ERROR_FAILURE;
+
   *aSize = nsSize(-1, -1);
   nsIFrame::IntrinsicSize rfSize = rootFrame->GetIntrinsicSize();
   if (rfSize.width.GetUnit() == eStyleUnit_Coord)
     aSize->width = rfSize.width.GetCoordValue();
   if (rfSize.height.GetUnit() == eStyleUnit_Coord)
     aSize->height = rfSize.height.GetCoordValue();
 
   return NS_OK;
@@ -523,16 +526,19 @@ VectorImage::GetIntrinsicSize(nsSize* aS
 /* [noscript] readonly attribute nsSize intrinsicRatio; */
 NS_IMETHODIMP
 VectorImage::GetIntrinsicRatio(nsSize* aRatio)
 {
   if (mError || !mIsFullyLoaded)
     return NS_ERROR_FAILURE;
 
   nsIFrame* rootFrame = mSVGDocumentWrapper->GetRootLayoutFrame();
+  if (!rootFrame)
+    return NS_ERROR_FAILURE;
+
   *aRatio = rootFrame->GetIntrinsicRatio();
   return NS_OK;
 }
 
 //******************************************************************************
 /* readonly attribute unsigned short type; */
 NS_IMETHODIMP
 VectorImage::GetType(uint16_t* aType)
new file mode 100644
--- /dev/null
+++ b/layout/reftests/svg/as-image/background-display-none-1.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<!--
+     Any copyright is dedicated to the Public Domain.
+     http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<!-- Test for a CSS background pointing to an SVG image that has "display:none"
+     on the root node. -->
+<html>
+<body>
+  <div style="width: 100px; height: 100px;
+              background-image: url('display-none.svg')">
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/layout/reftests/svg/as-image/display-none.svg
@@ -0,0 +1,8 @@
+<!--
+     Any copyright is dedicated to the Public Domain.
+     http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1"
+     width="100" height="100" style="display: none">
+  <rect width="100%" height="100%" fill="red"/>
+</svg>
new file mode 100644
--- /dev/null
+++ b/layout/reftests/svg/as-image/img-display-none-1.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<!--
+     Any copyright is dedicated to the Public Domain.
+     http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<!-- Test for an <img> tag pointing to an SVG image that has "display:none"
+     on the root node. -->
+<html>
+<body>
+  <img src="display-none.svg">
+</body>
+</html>
--- a/layout/reftests/svg/as-image/reftest.list
+++ b/layout/reftests/svg/as-image/reftest.list
@@ -1,14 +1,15 @@
 # Tests related to SVG being used as an image
 
 # zoom/
 include zoom/reftest.list
 
-# Trivial background-image tests
+# Background-image tests
+== background-display-none-1.html  about:blank
 skip-if(B2G) == background-simple-1.html  lime100x100-ref.html # bug 773482
 == background-simple-2.html  lime100x100-ref.html
 
 # Sightly trickier background-image test
 == background-viewBox-1.html  lime100x100-ref.html
 
 # background tests with the background area getting resized
 == background-resize-1.html  lime100x100-ref.html
@@ -62,16 +63,17 @@ skip-if(B2G) == img-simple-6.html  lime1
 # Test with mix of <html:img> and <svg:image> referring to the same images,
 # with a variety of preserveAspectRatio values in play.
 random == img-and-image-1.html img-and-image-1-ref.svg # bug 645267
 
 # More complex <img> tests
 == img-blobURI-1.html lime100x100-ref.html
 random-if(/^Windows\x20NT\x205\.1/.test(http.oscpu)) == img-blobURI-2.html lime100x100-ref.html
 == img-content-outside-viewBox-1.html img-content-outside-viewBox-1-ref.html
+== img-display-none-1.html about:blank
 == img-dyn-1.html img-dyn-1-ref.html
 == img-foreignObject-1.html lime100x100-ref.html
 
 # The following tests check that content embedded via <iframe> and <embed>
 # doesn't load (or execute scripts) in SVG-as-an-image.
 # The "!=" lines are to test that the SVG content, when viewed directly (not as
 # an image), does actually render its external content (making it look
 # different from the reference case).  We don't do that check for