Closed Bug 407099 Opened 17 years ago Closed 17 years ago

Crash loading SVG page in cairo-quartz code

Categories

(Core :: Graphics, defect, P2)

Product:
Core
Component:
Graphics
Platform:
x86
macOS
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: roc, Assigned: vlad)

References

(
URL
)

Details

(Keywords: crash) 

Load http://www.svg-whiz.com/svg/linguistics/theCreepyMouth.svg, instant crash. Relevant call stack:

#0  0x14db7ede in _moz_cairo_surface_get_type (surface=0x328) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo-surface.c:142
#1  0x14dc0e9e in _cairo_quartz_surface_to_quartz (target=0x0, pat_surf=0x328, quartz_surf=0xbfffbb28) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo-quartz-surface.c:465
#2  0x14dc3e11 in _cairo_quartz_surface_mask_with_surface (surface=0x3ec158c0, op=CAIRO_OPERATOR_OVER, source=0xbfffbc88, mask=0xbfffbbb4) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo-quartz-surface.c:1588
#3  0x14dc408b in _cairo_quartz_surface_mask (abstract_surface=0x3ec158c0, op=CAIRO_OPERATOR_OVER, source=0xbfffbc88, mask=0xbfffbbb4) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo-quartz-surface.c:1629
#4  0x14db9aa7 in _cairo_surface_mask (surface=0x3ec158c0, op=CAIRO_OPERATOR_OVER, source=0xbfffbe68, mask=0xbfffbd94) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo-surface.c:1435
#5  0x14da4d65 in _cairo_gstate_mask (gstate=0x3ec37ec0, mask=0x3e69f150) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo-gstate.c:971
#6  0x14d9e3db in _moz_cairo_mask (cr=0x2753600, pattern=0x3e69f150) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo.c:1962
#7  0x14d86d03 in gfxContext::Mask (this=0x3e09ed40, pattern=0x3e8c6690) at /Users/roc/mozilla-checkin/mozilla/gfx/thebes/src/gfxContext.cpp:689
#8  0x1579d35f in nsSVGUtils::PaintChildWithEffects (aContext=0xbfffc050, aDirtyRect=0xbfffc05c, aFrame=0x428ee744) at /Users/roc/mozilla-checkin/mozilla/layout/svg/base/src/nsSVGUtils.cpp:1201
#9  0x1578f15d in nsSVGOuterSVGFrame::Paint (this=0x428ec530, aRenderingContext=@0x3e60b030, aDirtyRect=@0xbfffc150, aPt=@0xbfffc0d8) at /Users/roc/mozilla-checkin/mozilla/layout/svg/base/src/nsSVGOuterSVGFrame.cpp:589
#10 0x1578f22c in nsDisplaySVG::Paint (this=0x2374a1c, aBuilder=0xbfffc1d8, aCtx=0x3e60b030, aDirtyRect=@0xbfffc150) at /Users/roc/mozilla-checkin/mozilla/layout/svg/base/src/nsSVGOuterSVGFrame.cpp:445
Flags: blocking1.9? → blocking1.9+
Priority: -- → P2
I'm not seeing this crash in 
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9b2pre) Gecko/2007120623 Minefield/3.0b2pre

I couldn't get it in my previous build either, from a week or so ago; and beta 1 doesn't crash. However, beta 1 shows and animates the vocal folds, they don't show up for me in these recent builds. They'd be rendered via the path above, so seems likely to be the same bug. Not sure why I don't get the crash though.
I get the crash now in debug builds. However, it seems vlad has already fixed this on cairo master, in this commit:

http://gitweb.freedesktop.org/?p=cairo;a=commit;h=150564c7f8792fa2217fc2574e9e1925c9cd500f

(setting the value of extents ends up overwriting the contents of pat_surf, causing the crash; using the correct size for extents fixes the bug)
Blocks: 408145
Assignee: nobody → vladimir
Checked in patch from upstream; still need to do a cairo update soon, but wanted to get this in beforehand.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Flags: in-testsuite?
in-testsuite+: there are svg:mask testcases that are marked as "skip-if mac" due to this bug.
Flags: in-testsuite? → in-testsuite+
Oh, I misread comment 4 earlier.  I have re-enabled those tests now.
verified fixed using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9pre) Gecko/2008050621 Firefox/3.0pre and the url from comment #0 -> no crash

--> Verified fixed
Status: RESOLVED → VERIFIED
Keywords: crash
You need to log in before you can comment on or make changes to this bug.