Bug 1520798: Null-check the result of ScrollAnchorContainer::FindFor, in DidSetComputedStyle. r=rhunt
authorDaniel Holbert <dholbert@cs.stanford.edu>
Thu, 17 Jan 2019 18:39:24 +0000
changeset 514299 b5270d03a6d80a9e514035d3a81a7715aaa19ce6
parent 514298 a27f8c7557d4eefc9ed75192aff5eba3d1b80d6f
child 514300 8b0f8227976b661e217e05f461bd7a86a80f0028
push id1953
push userffxbld-merge
push dateMon, 11 Mar 2019 12:10:20 +0000
treeherdermozilla-release@9c35dcbaa899 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrhunt
bugs1520798
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1520798: Null-check the result of ScrollAnchorContainer::FindFor, in DidSetComputedStyle. r=rhunt Differential Revision: https://phabricator.services.mozilla.com/D16881
layout/generic/crashtests/1520798-1.xul
layout/generic/crashtests/crashtests.list
layout/generic/nsFrame.cpp
new file mode 100644
--- /dev/null
+++ b/layout/generic/crashtests/1520798-1.xul
@@ -0,0 +1,10 @@
+<window xmlns:html="http://www.w3.org/1999/xhtml"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+        onload="go()">
+<div id="tweakMe">abc</div>
+<script>
+    function go() {
+      document.getElementById("tweakMe").style.overflowAnchor = "none";
+    }
+</script>
+</window>
--- a/layout/generic/crashtests/crashtests.list
+++ b/layout/generic/crashtests/crashtests.list
@@ -718,8 +718,9 @@ load 1493710.html
 load 1493741.html
 load 1494380.html
 load 1505817.html
 pref(layout.css.column-span.enabled,true) load 1506216.html
 pref(layout.css.column-span.enabled,true) load 1506306.html
 pref(layout.css.column-span.enabled,true) load 1507196.html
 pref(layout.css.column-span.enabled,true) load 1517033.html
 pref(layout.css.column-span.enabled,true) load 1517297.html
+load 1520798-1.xul
--- a/layout/generic/nsFrame.cpp
+++ b/layout/generic/nsFrame.cpp
@@ -1093,17 +1093,20 @@ void nsIFrame::MarkNeedsDisplayItemRebui
       if (oldValue != newValue && !HasProperty(UsedBorderProperty())) {
         AddProperty(UsedBorderProperty(), new nsMargin(oldValue));
       }
     }
 
     const nsStyleDisplay* oldDisp = aOldComputedStyle->PeekStyleDisplay();
     if (oldDisp &&
         (oldDisp->mOverflowAnchor != StyleDisplay()->mOverflowAnchor)) {
-      ScrollAnchorContainer::FindFor(this)->InvalidateAnchor();
+      if (ScrollAnchorContainer* container =
+              ScrollAnchorContainer::FindFor(this)) {
+        container->InvalidateAnchor();
+      }
       if (nsIScrollableFrame* scrollableFrame = do_QueryFrame(this)) {
         scrollableFrame->GetAnchor()->InvalidateAnchor();
       }
     }
 
     if (mInScrollAnchorChain) {
       const nsStylePosition* oldPosition =
           aOldComputedStyle->PeekStylePosition();