Assertion failure: inverted (Attempted to get the inverse of a non-invertible matrix) [@ gfxContext::DeviceToUser]
Categories
(Core :: Graphics, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | wontfix |
| firefox-esr78 | --- | wontfix |
| firefox-esr91 | --- | wontfix |
| firefox-esr102 | --- | wontfix |
| firefox55 | --- | wontfix |
| firefox56 | --- | wontfix |
| firefox57 | --- | wontfix |
| firefox58 | --- | wontfix |
| firefox59 | --- | wontfix |
| firefox86 | --- | wontfix |
| firefox87 | --- | wontfix |
| firefox88 | --- | wontfix |
| firefox103 | --- | wontfix |
| firefox104 | --- | wontfix |
| firefox105 | --- | wontfix |
| firefox106 | --- | fixed |
People
(Reporter: tsmith, Assigned: nical)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase, Whiteboard: [gfx-noted])
Attachments
(2 files)
|
||
Updated•7 years ago
|
|
||
Updated•7 years ago
|
|
|
||
Updated•7 years ago
|
|
||
Comment 2•7 years ago
|
||
|
Reporter | |
Comment 3•4 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/J-MnW3AATlA6h5Vc9HlXJg/index.html
|
|
Reporter | |
Comment 4•4 years ago
|
||
Are you still looking in to this?
|
||
Comment 5•3 years ago
|
||
The bug assignee didn't login in Bugzilla in the last 7 months.
:bhood, could you have a look please?
For more information, please visit auto_nag documentation.
|
||
Updated•3 years ago
|
|
|
Reporter | |
Updated•2 years ago
|
|
|
||
Comment 6•2 years ago
|
||
Clear a needinfo that is pending on an inactive user.
Inactive users most likely will not respond; if the missing information is essential and cannot be collected another way, the bug maybe should be closed as INCOMPLETE.
For more information, please visit auto_nag documentation.
|
|
||
Updated•2 years ago
|
|
|
Reporter | |
Comment 7•2 years ago
|
||
The attached test case still reproduces the issue. The fuzzer are also still reporting this issue.
:bhood, is there someone that can have a look? Or if this assertion is not providing any value perhaps downgrade it to a warning?
|
|
Reporter | |
Updated•2 years ago
|
|
Assignee | |
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
|
Assignee | |
Comment 8•2 years ago
•
|
||
We run into an non invertible transform because while building the matrix, it is scaled by a zero scale factor that was produced here: https://searchfox.org/mozilla-central/rev/8dd35cd8f5284fbaa506aab02fe42fc87efb249e/layout/svg/SVGTextFrame.cpp#4906 with expectedTextLength also begin equal to zero. Looking at the test case, it explicitly sets the text length to zero, so I guess there's no need to seach further for reasons why we get this value.
I'm not intimate with the text layout code but my uneducated guess would be that in this case we should bail out earlier, maybe in nsTextFrame::PaintText either after checking whether the scale factor is zero (or the text length itself), or if we think that there's a lot of other wonky input that can get us in this situation, by checking early if the matrix is invertible.
Jonathan, does that sound right?
|
||
Comment 9•2 years ago
|
||
Yeah, the text is being forcibly scaled to zero size, so we can bail out of attempting to paint -- nothing's going to be visible.
It looks to me like we could do an early-return from SVGTextFrame::PaintSVG if mLengthAdjustScaleFactor is zero, somewhere around here. (It needs to be after we've called UpdateGlyphPositioning if necessary, as that's what will set the scale factor.)
We could explicitly check in nsTextFrame::PaintText that the current matrix is invertible, but I guess that's a bit more expensive so let's try to avoid it. In general we aim to short-circuit text painting when the size computes to zero, but this case is a somewhat more obscure way to achieve that.
|
|
Assignee | |
Comment 10•2 years ago
|
||
|
||
Updated•2 years ago
|
|
|
Assignee | |
Updated•2 years ago
|
|
||
Comment 11•2 years ago
|
||
|
||
Comment 12•2 years ago
|
||
| bugherder | ||
|
|
||
Updated•2 years ago
|
Description
•