Bug 1179123 - Avoid crash when calling ExitFullscreenInDocTree with a detached fullscreen document with its root exited fullscreen state. r=smaug, a=lmandel
authorXidorn Quan <quanxunzhen@gmail.com>
Sat, 04 Jul 2015 15:12:13 +1000
changeset 275279 35932b9e5b6a797ea4b13ef658d4180986b03341
parent 275278 bec14ea5f1caba4ec56092276f1609b9d52005ca
child 275280 6bf37f6c995b7e317a043e0591c21744383c4c83
push id863
push userraliiev@mozilla.com
push dateMon, 03 Aug 2015 13:22:43 +0000
treeherdermozilla-release@f6321b14228d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug, lmandel
bugs1179123
milestone40.0
Bug 1179123 - Avoid crash when calling ExitFullscreenInDocTree with a detached fullscreen document with its root exited fullscreen state. r=smaug, a=lmandel
dom/base/nsDocument.cpp
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@@ -11203,18 +11203,27 @@ static void
 ExitFullscreenInDocTree(nsIDocument* aMaybeNotARootDoc)
 {
   MOZ_ASSERT(aMaybeNotARootDoc);
   nsCOMPtr<nsIDocument> root = aMaybeNotARootDoc->GetFullscreenRoot();
   NS_ASSERTION(root, "Should have root when in fullscreen!");
   if (!root) {
     return;
   }
-  NS_ASSERTION(root->IsFullScreenDoc(),
-    "Fullscreen root should be a fullscreen doc...");
+  if (!root->IsFullScreenDoc()) {
+    // If a document was detached before exiting from fullscreen, it is
+    // possible that the root had left fullscreen state. In this case,
+    // we would not get anything from the ResetFullScreen() call. Root's
+    // not being a fullscreen doc also means the widget should have
+    // exited fullscreen state. It means even if we do not return here,
+    // we would actually do nothing below except crashing ourselves via
+    // dispatching the "MozDOMFullscreen:Exited" event to an nonexistent
+    // document.
+    return;
+  }
 
   // Stores a list of documents to which we must dispatch "mozfullscreenchange".
   // We're required by the spec to dispatch the events in leaf-to-root
   // order when exiting fullscreen, but we traverse the doctree in a
   // root-to-leaf order, so we save references to the documents we must
   // dispatch to so that we dispatch in the specified order.
   nsAutoTArray<nsIDocument*, 8> changed;