Closed Bug 1528635 Opened 9 months ago Closed 9 months ago

Crash in [@ nsSVGFilterInstance::GetFilterFrame]

Categories

(Core :: Graphics: WebRender, defect, critical)

Unspecified
Linux
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla67
Tracking Status
firefox-esr60 --- unaffected
firefox65 --- disabled
firefox66 --- disabled
firefox67 --- fixed

People

(Reporter: TD-Linux, Assigned: violet.bugreport)

References

()

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Instant crash upon visiting URL specified.

This bug is for crash report bp-a013a5e2-770b-4bf7-95cf-0cf2a0190217.

Top 10 frames of crashing thread:

0 libxul.so nsSVGFilterInstance::GetFilterFrame xpcom/base/nsCOMPtr.h:823
1 libxul.so nsSVGFilterInstance::nsSVGFilterInstance layout/svg/nsSVGFilterInstance.cpp:43
2 libxul.so nsFilterInstance::BuildPrimitivesForFilter layout/svg/nsFilterInstance.cpp:514
3 libxul.so nsFilterInstance::BuildPrimitives layout/svg/nsFilterInstance.cpp:493
4 libxul.so nsFilterInstance::nsFilterInstance layout/svg/nsFilterInstance.cpp:429
5 libxul.so nsFilterInstance::BuildWebRenderFilters layout/svg/nsFilterInstance.cpp:116
6 libxul.so nsDisplayFilters::CreateWebRenderCommands layout/painting/nsDisplayList.cpp:9485
7 libxul.so mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList gfx/layers/wr/WebRenderCommandBuilder.cpp:1660
8 libxul.so mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands gfx/layers/wr/WebRenderCommandBuilder.cpp:1463
9 libxul.so mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer gfx/layers/wr/WebRenderLayerManager.cpp:276

Instant crash upon visiting URL specified.

Did you mean this URL https://www.bayareafastrak.org/en/support/mounting.shtml? I couldn't reproduce the crash. And the webpage doesn't contain any SVG element.

Flags: needinfo?(tdaede)

Yes. It likely needs WebRender on to reproduce.

Flags: needinfo?(tdaede)
Component: SVG → Graphics: WebRender

urlExtraReferrer could be null, we should check before dereference. Otherwise
it will cause crash when webrender is enabled by gfx.webrender.enabled=true
and gfx.webrender.all=true,

I'll land this tomorrow for you unless someone beats me to it.

Pushed by kgupta@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/23359968e785
Check urlExtraReferrer not null before dereference to avoid crash r=longsonr
Status: NEW → RESOLVED
Closed: 9 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
Assignee: nobody → violet.bugreport
You need to log in before you can comment on or make changes to this bug.