Skip to content

Commit

Permalink
Bug 1851441: Speculative fix for image map/html area element crash r=…
Browse files Browse the repository at this point in the history
…Jamie, a=RyanVM

I think this crash may occur when the image map is being removed or when the area element is being moved.
In any case, I'm reasonably confident that the reason for this crash was a null boundingFrame passed to TransformRect, which should only happen when the image map doesn't exist / has no frame.

Also, we really shouldn't be transforming anyway, so I’ve removed the transform call.

Differential Revision: https://phabricator.services.mozilla.com/D193460
Ponchale committed Jan 4, 2024
1 parent 561624f commit f3d8d96
Showing 1 changed file with 10 additions and 11 deletions.
21 changes: 10 additions & 11 deletions accessible/html/HTMLImageMapAccessible.cpp
Original file line number Diff line number Diff line change
@@ -175,20 +175,19 @@ nsRect HTMLAreaAccessible::ParentRelativeBounds() {
nsIFrame* boundingFrame = nullptr;
nsRect relativeBoundsRect = RelativeBounds(&boundingFrame);

nsIFrame* parentBoundingFrame = nullptr;
if (mParent) {
parentBoundingFrame = mParent->GetFrame();
if (MOZ_UNLIKELY(!boundingFrame)) {
// Area is not attached to an image map?
return nsRect();
}

if (!parentBoundingFrame) {
// if we can't get the bounding frame, use the pres shell root for the
// bounding frame RelativeBounds returned
parentBoundingFrame =
nsLayoutUtils::GetContainingBlockForClientRect(boundingFrame);
}

nsLayoutUtils::TransformRect(boundingFrame, parentBoundingFrame,
relativeBoundsRect);
// The relative bounds returned above are relative to this area's
// image map, which is technically already "parent relative".
// Because area elements are `display:none` to layout, they can't
// have transforms or other styling applied directly, and so we
// don't apply any additional transforms here. Any transform
// at the image map layer will be taken care of when computing bounds
// in the parent process.

return relativeBoundsRect;
}

0 comments on commit f3d8d96

Please sign in to comment.