Closed
Bug 508247
Opened 15 years ago
Closed 15 years ago
Crash [@ _moz_cairo_matrix_multiply] with getCTM method on path inside definition-src
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.9.2b1
Tracking | Status | |
---|---|---|
status1.9.2 | --- | beta1-fixed |
People
(Reporter: martijn.martijn, Assigned: longsonr)
References
Details
(4 keywords)
Crash Data
Attachments
(2 files)
(deleted),
image/svg+xml
|
Details | |
(deleted),
patch
|
jwatt
:
review+
|
Details | Diff | Splinter Review |
See testcase, which crashes current trunk build.
This regressed between 2009-07-22 and 2009-07-24:
http://hg.mozilla.org/mozilla-central/pushloghtml?startdate=2009-07-22+04%3A00%3A00&enddate=2009-07-24+06%3A00%3A00
I guess a regression from bug 435356.
http://crash-stats.mozilla.com/report/index/c7aff124-3e64-42fd-902b-318792090804?p=1
0 xul.dll _moz_cairo_matrix_multiply gfx/cairo/cairo/src/cairo-matrix.c:298
1 xul.dll gfxMatrix::Multiply gfx/thebes/src/gfxMatrix.cpp:82
2 xul.dll xul.dll@0x9aeb17
3 xul.dll nsSVGGraphicElement::GetCTM content/svg/content/src/nsSVGGraphicElement.cpp:109
4 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101
5 xul.dll XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2710
Reporter | ||
Updated•15 years ago
|
Flags: blocking1.9.2?
Assignee | ||
Comment 1•15 years ago
|
||
Assignee: nobody → longsonr
Attachment #393439 -
Flags: review?(jwatt)
Comment 2•15 years ago
|
||
Comment on attachment 393439 [details] [diff] [review]
patch
Seems like you should just replace the:
ancestor->GetNameSpaceID() == kNameSpaceID_SVG
with the:
ancestor->IsNodeOfType(nsINode::eSVG
Thanks for fixing.
Attachment #393439 -
Flags: review?(jwatt) → review+
Assignee | ||
Comment 3•15 years ago
|
||
I don't think we want to terminate the loop if we find a generic node, just skip over it, so I think what I have is right.
Comment 4•15 years ago
|
||
I'm not sure I follow. The loop only continues while |ancestor->GetNameSpaceID() == kNameSpaceID_SVG|. Are there cases when |ancestor->IsNodeOfType(nsINode::eSVG
)| would be false but |ancestor->GetNameSpaceID() == kNameSpaceID_SVG| would be true?
Assignee | ||
Comment 5•15 years ago
|
||
The testcase is precisely such an example. Basically an unknown node is node type XML rather than node type SVG but it is in the SVG namespace.
Assignee | ||
Comment 6•15 years ago
|
||
Are you happy with the explanation Jonathan? I'd still like to land the patch as is.
Comment 7•15 years ago
|
||
Yes, sorry. Good point. Maybe you could add a little reminder comment there? Or maybe not. Whatever you prefer.
Assignee | ||
Comment 8•15 years ago
|
||
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Please land this on 1.9.2
Flags: blocking1.9.2? → blocking1.9.2+
BTW Martijn's testcase should be checked in as a crashtest
Flags: in-testsuite?
Assignee | ||
Updated•15 years ago
|
Attachment #393439 -
Flags: approval1.9.2?
Assignee | ||
Updated•15 years ago
|
Attachment #393439 -
Flags: approval1.9.2?
Assignee | ||
Comment 11•15 years ago
|
||
Flags: in-testsuite? → in-testsuite+
Comment 12•15 years ago
|
||
I don't see this crash anymore with the patch, but bug 510956 looks very similar, and it still crashes with the patch applied.
Comment 13•15 years ago
|
||
I'm sorry, I copied the wrong bug number. That should be bug 515288, not 510956.
Assignee | ||
Comment 14•15 years ago
|
||
Assignee | ||
Comment 15•15 years ago
|
||
Assignee | ||
Updated•15 years ago
|
status1.9.2:
--- → beta1-fixed
Assignee | ||
Updated•15 years ago
|
Target Milestone: --- → mozilla1.9.2b1
Comment 16•15 years ago
|
||
Verified on the 1.9.2 branch using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2b6pre) Gecko/20091231 Namoroka/3.6b6pre(.NET CLR 3.5.30729). I verified using the testcase attached to the bug.
Keywords: verified1.9.2
Updated•14 years ago
|
Crash Signature: [@ _moz_cairo_matrix_multiply]
You need to log in
before you can comment on or make changes to this bug.
Description
•