Closed
Bug 778492
Opened 12 years ago
Closed 12 years ago
SVG element too far outside viewBox crashes Firefox
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: nickers, Assigned: jwatt)
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(1 file)
|
(deleted),
image/svg+xml
|
Details |
crashes Firefox
Viewing the attached SVG file crashes Firefox:
$ ./firefox /tmp/crash.svg
Segmentation fault
$
The bug is also reproducible in nightly build 20120728030524 with a new profile. No crash report is generated.
|
||
Comment 1•12 years ago
|
||
It's a stack overflow: bp-6eb14b02-e703-43a0-b9b7-485262120729
PresShell::DidDoReflow layout/base/nsPresShell.cpp:7311
PresShell::ProcessReflowCommands layout/base/nsPresShell.cpp:7610
PresShell::FlushPendingNotifications layout/base/nsPresShell.cpp:3867
PresShell::DidDoReflow layout/base/nsPresShell.cpp:7311
PresShell::ProcessReflowCommands layout/base/nsPresShell.cpp:7610
PresShell::FlushPendingNotifications layout/base/nsPresShell.cpp:3867
...
I can reproduce the crash with a 32-bit Linux build, but not 64-bit.
It's likely the same underlying problem as bug 762987 / bug 774561.
Severity: normal → critical
Component: General → SVG
Depends on: 762987
Product: Firefox → Core
Version: Trunk → unspecified
|
||
Updated•12 years ago
|
Status: UNCONFIRMED → NEW
Crash Signature: [@ nsIFrame::GetUsedBorderAndPadding]
Ever confirmed: true
Keywords: reproducible
|
||
Comment 2•12 years ago
|
||
bug 767056 has landed. Did it fix this crash?
|
|
||
Comment 3•12 years ago
|
||
WFM, in both 32-bit and 64-bit Linux builds.
nickers@lgav.ath.cx, please reopen the bug if you can still reproduce
the crash in a Nightly build, thanks. http://nightly.mozilla.org/
Status: NEW → RESOLVED
Closed: 12 years ago
No longer depends on: 762987
Flags: in-testsuite?
Resolution: --- → WORKSFORME
|
||
Comment 4•12 years ago
|
||
Works for me as well :)
The bug is no longer reproducible in nightly build 20120902030516, thank you.
|
Assignee | |
Comment 6•12 years ago
|
||
Pushed testcase:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7d95f9ee1165
Flags: in-testsuite? → in-testsuite+
|
||
Comment 7•12 years ago
|
||
Assignee: nobody → jwatt
You need to log in
before you can comment on or make changes to this bug.
Description
•