Bug 1353529 - Crash when using IntersectionObserver in XUL pages. r=mstange, a=gchang
authorTobias Schneider <schneider@jancona.com>
Tue, 04 Apr 2017 20:14:46 -0700
changeset 396194 3d786fe34df613fbbd42c7f7542651bddd5aac58
parent 396193 af2d7ae3f4aed9266a27ff4e0f7578fd3fc08037
child 396195 cabb7ee3222b458bbe09a0e4204b2b569df3e163
push id1468
push userasasaki@mozilla.com
push dateMon, 05 Jun 2017 19:31:07 +0000
treeherdermozilla-release@0641fc6ee9d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmstange, gchang
bugs1353529
milestone54.0
Bug 1353529 - Crash when using IntersectionObserver in XUL pages. r=mstange, a=gchang MozReview-Commit-ID: 9RBrnst4Wkb
dom/base/DOMIntersectionObserver.cpp
dom/base/crashtests/1353529-inner.html
dom/base/crashtests/1353529.xul
dom/base/crashtests/crashtests.list
--- a/dom/base/DOMIntersectionObserver.cpp
+++ b/dom/base/DOMIntersectionObserver.cpp
@@ -284,17 +284,22 @@ DOMIntersectionObserver::Update(nsIDocum
       rootFrame = presShell->GetRootScrollFrame();
       if (rootFrame) {
         nsPresContext* presContext = rootFrame->PresContext();
         while (!presContext->IsRootContentDocument()) {
           presContext = presContext->GetParentPresContext();
           if (!presContext) {
             break;
           }
-          rootFrame = presContext->PresShell()->GetRootScrollFrame();
+          nsIFrame* rootScrollFrame = presContext->PresShell()->GetRootScrollFrame();
+          if (rootScrollFrame) {
+            rootFrame = rootScrollFrame;
+          } else {
+            break;
+          }
         }
         root = rootFrame->GetContent()->AsElement();
         nsIScrollableFrame* scrollFrame = do_QueryFrame(rootFrame);
         rootRect = scrollFrame->GetScrollPortRect();
       }
     }
   }
 
new file mode 100644
--- /dev/null
+++ b/dom/base/crashtests/1353529-inner.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<body onload="boom()">
+<div id="target"></div>
+<script>
+    function boom() {
+        var io = new IntersectionObserver(function () { }, { });
+        io.observe(document.getElementById('target'));
+    }
+</script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/dom/base/crashtests/1353529.xul
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
+        xmlns:xhtml="http://www.w3.org/1999/xhtml">
+<xhtml:div>
+    <iframe src="1353529-inner.html"></iframe>
+</xhtml:div>
+</window>
--- a/dom/base/crashtests/crashtests.list
+++ b/dom/base/crashtests/crashtests.list
@@ -207,9 +207,10 @@ load xhr_empty_datauri.html
 load xhr_html_nullresponse.html
 load 1230422.html
 load 1251361.html
 load 1304437.html
 pref(dom.IntersectionObserver.enabled,true) load 1324209.html
 pref(dom.IntersectionObserver.enabled,true) load 1326194-1.html
 pref(dom.IntersectionObserver.enabled,true) load 1326194-2.html
 pref(dom.IntersectionObserver.enabled,true) load 1332939.html
+pref(dom.IntersectionObserver.enabled,true) load 1353529.xul
 pref(dom.webcomponents.enabled,true) load 1341693.html