Closed
Bug 621598
Opened 14 years ago
Closed 14 years ago
Crash [@ nsSVGMarkerFrame::GetCanvasTM] with recursive marker, nested marker
Categories
(Core :: SVG, defect)
Core
SVG
Tracking
()
RESOLVED
FIXED
mozilla2.0b9
People
(Reporter: jruderman, Assigned: longsonr)
References
Details
(4 keywords)
Crash Data
Attachments
(3 files, 1 obsolete file)
|
(deleted),
image/svg+xml
|
Details | |
|
(deleted),
text/plain
|
Details | |
|
(deleted),
patch
|
roc
:
approval2.0+
|
Details | Diff | Splinter Review |
testcase (crashes Firefox when loaded)
###!!! ASSERTION: null nsSVGPathGeometry frame: 'mMarkedFrame', file layout/svg/base/src/nsSVGMarkerFrame.cpp, line 104 Crash [@ nsSVGMarkerFrame::GetCanvasTM]
|
Reporter | |
Comment 1•14 years ago
|
||
|
||
Comment 2•14 years ago
|
||
Not a recent regression, FWIW -- testcase crashes in Firefox 3.6.13 on Linux: bp-d97f4e81-2d6f-4746-96b4-fa4932101227
|
Assignee | |
Comment 3•14 years ago
|
||
Assignee: nobody → longsonr
Attachment #499971 -
Flags: review?(roc)
Attachment #499971 -
Flags: review?(roc) → review+
|
|
Assignee | |
Comment 4•14 years ago
|
||
Attachment #499971 -
Attachment is obsolete: true
Attachment #500008 -
Flags: approval2.0?
Attachment #500008 -
Flags: approval2.0? → approval2.0+
|
|
Assignee | |
Comment 5•14 years ago
|
||
Jesse, this fixes anything where the object being marked (the line in this case) is a child of a marker and you call getBoundingClientRect. I'm a little worried that there might still be a similar hole unfixed... Calling getBoundingClientRect on a line that has a marker but is not a child of a marker where the marker is nested and/or has line children that may themselves have markers.
Status: NEW → RESOLVED
Closed: 14 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b9
|
||
Updated•13 years ago
|
Crash Signature: [@ nsSVGMarkerFrame::GetCanvasTM]
You need to log in
before you can comment on or make changes to this bug.
Description
•