Closed Bug 1067695 Opened 10 years ago Closed 10 years ago

SVG with text path causes browser to crash

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1066556

People

(Reporter: damon.default, Unassigned)

Details

Attachments

(1 file)

crasher.svg
726 bytes, image/svg+xml
Details
Attached image crasher.svg 
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0
Build ID: 20140830210550

Steps to reproduce:

load the attached SVG


Actual results:

firefox became unresponsive, used max CPU and ran out of memory.

It crashes in firefox latest (32.0) on both Ubuntu Linux 64bit and MacOS, and also in today's Firefox Nightly in Linux 64bit.


Expected results:

SVG should load normally.
We're looping forever inside of FlattenBezierCurveSegment (with t = 0.000103094149 when I broke in, in GDB), which means this is the same issue as bug 1066556.

So, marking as a duplicate of that bug, since it's the same underlying problem. Thank you very much for the testcase -- it's much more minimal than the testcase we've currently got for that bug, and hopefully it will make it much easier to isolate & fix the problem!
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Fantastic, so happy to contribute at all! Also, the bug has probably been introduced recently as I have had a page up with the full version of that svg for only about a year, and I'm fairly sure it was working fine when I checked it a few months ago.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: