Closed
Bug 237216
Opened 21 years ago
Closed 21 years ago
crash after gfxImageFrame::Init called with zero-sized rect
Categories
(Core :: SVG, defect)
Core
SVG
Tracking
()
RESOLVED
FIXED
People
(Reporter: sicking, Assigned: alex)
Details
Attachments
(1 file, 1 obsolete file)
1.38 KB,
patch
|
sicking
:
review+
|
Details | Diff | Splinter Review |
When doing some simple DOM-animations with svg i every now and then get an assertion "error - negative image size" followed by a null-nsCOMPtr dereference assertion and a crash. The problem seems to originate in nsSVGOuterSVGFrame::Paint producing a zero-sized rect. The zero comes from |aDirtyRect.height*pxPerTwips| resulting in zero. In my case aDirtyRect.height was 8. A little bit later i crash in nsSVGLibartBitmapDefault::Flush since nsCOMPtr<nsIImage> img(do_GetInterface(ireq)); has resulted in a null |img|. Although the actual crash is a libart-specific (it needs to check successvalue better), it seems wront that nsSVGOuterSVGFrame::Paint should produce a zerosized area to paint.
Assignee | ||
Comment 1•21 years ago
|
||
OK, looks like we need to change the rounding when converting from twips->px rect.
Assignee | ||
Updated•21 years ago
|
Attachment #143696 -
Flags: review?(bugmail)
Reporter | ||
Comment 2•21 years ago
|
||
Comment on attachment 143696 [details] [diff] [review] patch to nsSVGOuterSVGFrame.cpp this patch will 'round to nearest' for x1 and y1 (and strange rounding for x0, y0). Don't you want to round towards positive infinity rounding for x1, y1 and negative infinity for x0, y0? Note that (int) rounding always rounds towards 0 which is extra hairy if these numbers can be negative. You might want to use the ceil() and floor() functions.
Attachment #143696 -
Flags: review?(bugmail) → review-
Assignee | ||
Comment 3•21 years ago
|
||
Attachment #143696 -
Attachment is obsolete: true
Assignee | ||
Updated•21 years ago
|
Attachment #143731 -
Flags: review?(bugmail)
Reporter | ||
Updated•21 years ago
|
Attachment #143731 -
Flags: review?(bugmail) → review+
Assignee | ||
Comment 4•21 years ago
|
||
checked in
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•