github web-platform-tests/wpt merge_pr_49167

latest releases: merge_pr_49470, epochs/three_hourly/2024-12-03_06H, epochs/six_hourly/2024-12-03_06H...
one month ago

Ensure we always have a float manager during block-frame reflow.

Normally we shouldn't be starting reflow from a block that is not a BFC,
and so BlockNeedsFloatManager would return true for the reflow root.

What happens in the testcase here, though, is that we call PresShell::FrameNeedsReflow
for the

block (because we've just added a child to it), which is fine:
it's a BFC at that moment.

Then we restyle, and during restyling we remove the NS_BLOCK_BFC flag because the
newly-added element means that the

no longer matches ::only-child, and
so we lose the contain property that was previously set. So is no longer
a BFC, but we've already recorded it in the PresShell's mDirtyRoots.

We then call PresShell::FrameNeedsReflow for the foreignObject, which adds that
to mDirtyRoots as well.

And then we flush layout, reflowing first the foreignObject (because it is the
shallower of the two dirty-roots) and then the

block. We might expect
that the reflow of the SVGForeignObject would fix things, because it would reflow
all its descendants (including ) safely, but there's an early-return in
SVGForeignObjectFrame::Reflow in the case where it is zero-sized (which it is here).

So the

block remains dirty, and PresShell::ProcessReflowCommands tries
to reflow it directly even though it is no longer a BFC, and that's when we crash
due to not having a float manager.

Removing that early-return from SVGForeignObjectFrame::Reflow would avoid the crash,
but in any case I think we should make nsBlockFrame::Reflow handle this situation
as there may be other code-paths that potentially set up a similar scenario of
attempting to reflow from a root that has lost its BFC-ness.

Differential Revision: https://phabricator.services.mozilla.com/D228778

bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1928724
gecko-commit: 421d7bf240078ff30871183289ce376441fadb09
gecko-reviewers: layout-reviewers, emilio

Don't miss a new wpt release

NewReleases is sending notifications on new releases.