Closed
Bug 1160471
Opened 9 years ago
Closed 8 years ago
Firefox crashes when manipulating an SVG file
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: petersz.szabo, Assigned: bas.schouten)
References
Details
(Keywords: crash, regression)
Crash Data
User Story
Caused by https://hg.mozilla.org/integration/mozilla-inbound/rev/4f086025350f which was from 934305 (despite what the mistaken commit message says)
Attachments
(3 files)
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Steps to reproduce: I was manipulating an SVG file with JavaScript Actual results: The browser crashes Expected results: The browser should not crash :)
Comment 1•9 years ago
|
||
I can confirm a OOM crash with Firefox37 on Windows7
Severity: normal → critical
Status: UNCONFIRMED → NEW
Crash Signature: [@ OOM | large | mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | std::vector<ots::OpenTypeCMAPSubtableRange, std::allocator<ots::OpenTypeCMAPSubtableRange> >::_Reallocate(unsigned int) ]
Component: Untriaged → SVG
Ever confirmed: true
Keywords: crash
OS: Unspecified → Windows
Product: Firefox → Core
Hardware: Unspecified → x86
Comment 2•9 years ago
|
||
Can you add the report ids (including the bp) from about:crashes please
Reporter | ||
Comment 3•9 years ago
|
||
bp-88c9c843-6655-4edc-975c-800072150501 bp-7ae723e7-7701-4145-aed3-5c5ed2150427 bp-965591ac-1fb1-4dec-84d5-d741a2150427 bp-cfff3941-ead8-4f8d-959e-255192150427 bp-406148ca-a4ca-403d-9e1e-d52922150427
Comment 4•9 years ago
|
||
Pushlog: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=92f737230338&tochange=af0931327e49 Triggered by: Bug 651858
Blocks: 651858
Updated•9 years ago
|
Keywords: regression
Comment 5•9 years ago
|
||
Sorry, it should be Bug 930577
Updated•9 years ago
|
Flags: needinfo?(jwatt)
Comment 6•9 years ago
|
||
Peter, would you be able to reduce your testcase to something considerably smaller by incrementally chopping bits out of it until you can no longer remove any more without the crash failing to occur?
Flags: needinfo?(jwatt) → needinfo?(petersz.szabo)
Reporter | ||
Comment 7•9 years ago
|
||
Flags: needinfo?(petersz.szabo)
Comment 8•9 years ago
|
||
That's much better, but I'm not familiar with DrawSVGPlugin or TweenMax. Can you also get rid of those?
Reporter | ||
Comment 9•9 years ago
|
||
Unfortunately neither I'm familiar with those libraries. They are third-party libraries from http://greensock.com/drawSVG
Comment 10•9 years ago
|
||
But I assume you wrote the code: TweenMax.staggerTo("#main-line-10", 0, {drawSVG: 0}, 0); Can you explain what that does? The staggerTo part seems to essentially do some sort of step from one value to another, but the {drawSVG: 0} part and what the value is changing to is not at all clear.
Reporter | ||
Comment 11•9 years ago
|
||
I wanted to create an animation, which draws the paths of an SVG image. To achieve that, I "initialize" the SVG by calling the mentioned function to display "0%" of the given SVG path. Then I call TweenMax.staggerTo("#main-line-10", 0.5, {drawSVG: "100%"}, 0.1); to slowly draw the full path. Basically something similar to this: http://codepen.io/netgfx/pen/OPNOgM I was able to draw other SVG paths, only the one in the attached HTML file is causing the browser to crash.
Comment 12•9 years ago
|
||
Does this still cause issues on Windows?
Updated•9 years ago
|
Attachment #8607227 -
Attachment description: reduced testcase → reduced testcase (WATCH OUT! HANG/CRASH!)
Reporter | ||
Comment 13•9 years ago
|
||
Yes, It does.
Comment 14•9 years ago
|
||
Great, thanks for your help reducing the testcase. Bas, can you take a look at what's going wrong with the path measuring code?
Flags: needinfo?(bas)
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → bas
Flags: needinfo?(bas)
Updated•9 years ago
|
Crash Signature: [@ OOM | large | mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | std::vector<ots::OpenTypeCMAPSubtableRange, std::allocator<ots::OpenTypeCMAPSubtableRange> >::_Reallocate(unsigned int) ] → [@ OOM | large | mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | std::vector<ots::OpenTypeCMAPSubtableRange, std::allocator<ots::OpenTypeCMAPSubtableRange> >::_Reallocate(unsigned int) ]
[@ OOM | large | mozalloc_abo…
Comment 16•8 years ago
|
||
I can no longer reproduce in Ubuntu 15.10, now that the patch referred to in comment 15 was pushed in https://hg.mozilla.org/mozilla-central/rev/3e73fc0dfb01
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•