Crash report: https://crash-stats.mozilla.org/report/index/2d8f41fd-8e8b-4de5-99b4-dba330220304 MOZ_CRASH Reason: ```MOZ_CRASH(GFX: This should never be called without a context)``` Top 10 frames of crashing thread: ``` 0 libxul.so mozilla::SVGFilterObserverListForCanvasContext::OnRenderingChange layout/svg/SVGObserverUtils.cpp:867 1 libxul.so mozilla::SVGFilterObserver::OnRenderingChange layout/svg/SVGObserverUtils.cpp:748 2 libxul.so mozilla::SVGIDRenderingObserver::ElementTracker::ElementChanged layout/svg/SVGObserverUtils.cpp:357 3 libxul.so mozilla::dom::IDTracker::ChangeNotification::Run dom/base/IDTracker.h:140 4 libxul.so nsContentUtils::RemoveScriptBlocker dom/base/nsContentUtils.cpp:5696 5 libxul.so mozilla::dom::Document::cycleCollection::Unlink dom/base/Document.cpp:2652 6 libxul.so nsCycleCollector::CollectWhite xpcom/base/nsCycleCollector.cpp:3074 7 libxul.so nsCycleCollector::Collect xpcom/base/nsCycleCollector.cpp:3438 8 libxul.so nsCycleCollector_collectSlice xpcom/base/nsCycleCollector.cpp:3925 9 libxul.so mozilla::CCGCScheduler::CCRunnerFired dom/base/nsJSEnvironment.cpp:1572 ``` I just crashed with this signature a handful of times with a testcase that I was writing locally to exercise a (not-intended-to-be-crashy) SVG-filter-in-canvas rendering scenario. Seems to be a null-deref, so I'm assuming it's not security-sensitive for the time being.
Bug 1758029 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Crash report: https://crash-stats.mozilla.org/report/index/2d8f41fd-8e8b-4de5-99b4-dba330220304 MOZ_CRASH Reason: ```MOZ_CRASH(GFX: This should never be called without a context)``` Top 10 frames of crashing thread: ``` 0 libxul.so mozilla::SVGFilterObserverListForCanvasContext::OnRenderingChange layout/svg/SVGObserverUtils.cpp:867 1 libxul.so mozilla::SVGFilterObserver::OnRenderingChange layout/svg/SVGObserverUtils.cpp:748 2 libxul.so mozilla::SVGIDRenderingObserver::ElementTracker::ElementChanged layout/svg/SVGObserverUtils.cpp:357 3 libxul.so mozilla::dom::IDTracker::ChangeNotification::Run dom/base/IDTracker.h:140 4 libxul.so nsContentUtils::RemoveScriptBlocker dom/base/nsContentUtils.cpp:5696 5 libxul.so mozilla::dom::Document::cycleCollection::Unlink dom/base/Document.cpp:2652 6 libxul.so nsCycleCollector::CollectWhite xpcom/base/nsCycleCollector.cpp:3074 7 libxul.so nsCycleCollector::Collect xpcom/base/nsCycleCollector.cpp:3438 8 libxul.so nsCycleCollector_collectSlice xpcom/base/nsCycleCollector.cpp:3925 9 libxul.so mozilla::CCGCScheduler::CCRunnerFired dom/base/nsJSEnvironment.cpp:1572 ``` I just crashed with this signature a handful of times with a testcase that I was writing locally to exercise a (not-intended-to-be-crashy) SVG-filter-in-canvas rendering scenario. Seems to be a null-deref via MOZ_CRASH, so I'm assuming it's not security-sensitive for the time being.