Closed Bug 294022 Opened 20 years ago Closed 19 years ago

Crash when loading SVG [@ SelectAndVendDataForGlyphVector]

Categories

(Core :: SVG, defect)

PowerPC
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: richard, Assigned: tor)

References

Details

(Keywords: crash, fixed1.8, testcase)

Crash Data

Attachments

(3 files, 1 obsolete file)

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412 (KHTML, like Gecko) Safari/412 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050512 Firefox/1.0+ Crash when loading embedded SVG in an internal app. Unfortunately I can't give you a url for testing, but I'll try to come up with a simple test case. Reproducible: Always Steps to Reproduce: 1. Open the page with the embedded SVG. Actual Results: The browser crashes. Expected Results: not crashed! Talkback ID: TB5798862Y Command: firefox-bin Path: /Applications/Firefox.app/Contents/MacOS/firefox-bin Parent: launchd [1] Version: 1.0+ (1.0+) PID: 1172 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000006 Thread 0 Crashed: 0 com.apple.QD 0x916d0fa4 SelectAndVendDataForGlyphVector(ATSGlyphVector*, unsigned long, unsigned char, unsigned char, void**, unsigned long*) + 284 1 com.apple.QD 0x916d3df4 ATSUDirectGetLayoutDataArrayPtrFromTextLayout + 156 2 org.mozilla.firefox 0x00857140 _cairo_hash_string + 1516 3 org.mozilla.firefox 0x00840004 _cairo_gstate_text_to_glyphs + 152 4 org.mozilla.firefox 0x00821988 cairo_text_extents + 128 5 org.mozilla.firefox 0x003bf468 nsSVGCairoGlyphMetrics::Update(unsigned, int*) + 244 6 org.mozilla.firefox 0x0044504c nsSVGGlyphFrame::NotifyMetricsUnsuspended() + 72 7 org.mozilla.firefox 0x00437af4 nsSVGTextFrame::NotifyRedrawUnsuspended() + 236 8 org.mozilla.firefox 0x004327c4 nsSVGDefsFrame::NotifyRedrawUnsuspended() + 96 9 org.mozilla.firefox 0x004327c4 nsSVGDefsFrame::NotifyRedrawUnsuspended() + 96 10 org.mozilla.firefox 0x004327c4 nsSVGDefsFrame::NotifyRedrawUnsuspended() + 96 11 org.mozilla.firefox 0x0047f1a0 nsSVGOuterSVGFrame::UnsuspendRedraw() + 176 12 org.mozilla.firefox 0x0047e6fc nsSVGOuterSVGFrame::DidReflow(nsPresContext*, nsHTMLReflowState const*, int) + 160 13 org.mozilla.firefox 0x00365e48 nsContainerFrame::FinishReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowState const*, nsHTMLReflowMetrics&, int, int, unsigned) + 244 14 org.mozilla.firefox 0x0041d608 CanvasFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 388 15 org.mozilla.firefox 0x00365c48 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned, unsigned&) + 148 16 org.mozilla.firefox 0x0045ff6c nsHTMLScrollFrame::ReflowScrolledFrame(ScrollReflowState const&, int, nsHTMLReflowMetrics*, int) + 376 17 org.mozilla.firefox 0x004600c0 nsHTMLScrollFrame::ReflowContents(ScrollReflowState*, nsHTMLReflowMetrics const&) + 228 18 org.mozilla.firefox 0x004607d4 nsHTMLScrollFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 736 19 org.mozilla.firefox 0x00365c48 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned, unsigned&) + 148 20 org.mozilla.firefox 0x00458034 ViewportFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 300 21 org.mozilla.firefox 0x001eff20 PresShell::InitialReflow(int, int) + 536 22 org.mozilla.firefox 0x003d54f8 nsContentSink::StartLayout(int) + 208 23 org.mozilla.firefox 0x00381a98 nsXMLContentSink::StartLayout() + 144 24 org.mozilla.firefox 0x0038064c nsXMLContentSink::DidBuildModel() + 456 25 org.mozilla.firefox 0x00157ed0 nsExpatDriver::DidBuildModel(unsigned, int, nsIParser*, nsIContentSink*) + 56 26 org.mozilla.firefox 0x0013da84 nsParser::DidBuildModel(unsigned) + 120 27 org.mozilla.firefox 0x0013eb1c nsParser::ResumeParse(int, int, int) + 592 28 org.mozilla.firefox 0x0013dc7c nsParser::ContinueInterruptedParsing() + 108 29 org.mozilla.firefox 0x001df620 CSSLoaderImpl::SheetComplete(SheetLoadData*, int) + 216 30 org.mozilla.firefox 0x001df510 CSSLoaderImpl::ParseSheet(nsIUnicharInputStream*, SheetLoadData*, int&) + 448 31 org.mozilla.firefox 0x001de344 SheetLoadData::OnStreamComplete(nsIUnicharStreamLoader*, nsISupports*, unsigned, nsIUnicharInputStream*) + 1056 32 org.mozilla.firefox 0x000a3cc0 nsUnicharStreamLoader::OnStopRequest(nsIRequest*, nsISupports*, unsigned) + 388 33 org.mozilla.firefox 0x000bf718 nsHttpChannel::OnStopRequest(nsIRequest*, nsISupports*, unsigned) + 628 34 org.mozilla.firefox 0x0009c064 nsInputStreamPump::OnStateStop() + 160 35 org.mozilla.firefox 0x0009bbec nsInputStreamPump::OnInputStreamReady (nsIAsyncInputStream*) + 128 36 libxpcom_core.dylib 0x10081c50 nsAStreamCopier::PostContinuationEvent_Locked() + 1240 37 libxpcom_core.dylib 0x10044ea0 PL_HandleEvent + 36 38 libxpcom_core.dylib 0x10044dc4 PL_ProcessPendingEvents + 128 39 libxpcom_core.dylib 0x100452a8 PL_IsQueueNative + 136 40 com.apple.HIToolbox 0x93120dd4 DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 692 41 com.apple.HIToolbox 0x9312052c SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 372 42 com.apple.HIToolbox 0x931203a8 SendEventToEventTargetWithOptions + 40 43 com.apple.HIToolbox 0x931276ec ToolboxEventDispatcherHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) + 704 44 com.apple.HIToolbox 0x93121024 DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 1284 45 com.apple.HIToolbox 0x9312052c SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 372 46 com.apple.HIToolbox 0x931272b0 SendEventToEventTarget + 40 47 com.apple.HIToolbox 0x93168160 ToolboxEventDispatcher + 92 48 com.apple.HIToolbox 0x932070f4 TryEventDispatcher + 112 49 com.apple.HIToolbox 0x93206d48 GetOrPeekEvent + 304 50 com.apple.HIToolbox 0x93206a84 GetNextEventMatchingMask + 156 51 com.apple.HIToolbox 0x9320692c WNEInternal + 140 52 com.apple.HIToolbox 0x9320688c WaitNextEvent + 76 53 org.mozilla.firefox 0x001bf11c nsMacMessagePump::GetEvent(EventRecord&) + 116 54 org.mozilla.firefox 0x001bf000 nsMacMessagePump::DoMessagePump() + 48 55 org.mozilla.firefox 0x001a8a64 nsAppShell::Run() + 56 56 org.mozilla.firefox 0x007fee84 XRE_main + 3480 57 org.mozilla.firefox 0x0000f69c start + 432 58 org.mozilla.firefox 0x0000f51c start + 48 Thread 1: 0 libSystem.B.dylib 0x9001efcc select + 12 1 libnspr4.dylib 0x0301fa60 poll + 392 2 libnspr4.dylib 0x0301c284 PR_OpenDir + 944 3 org.mozilla.firefox 0x000a7ec4 nsSocketTransportService::Poll(unsigned*) + 116 4 org.mozilla.firefox 0x000a8610 nsSocketTransportService::Run() + 432 5 libxpcom_core.dylib 0x10047b7c nsThread::Main(void*) + 56 6 libnspr4.dylib 0x0301d6f8 PR_Select + 828 7 libSystem.B.dylib 0x9002c3b4 _pthread_body + 96 Thread 2: 0 libSystem.B.dylib 0x900563f8 semaphore_timedwait_signal_trap + 8 1 libSystem.B.dylib 0x90056264 pthread_cond_timedwait + 704 2 libnspr4.dylib 0x030185f8 PR_Unlock + 300 3 libnspr4.dylib 0x0301885c PR_WaitCondVar + 136 4 libxpcom_core.dylib 0x1004a6cc TimerThread::Run() + 412 5 libxpcom_core.dylib 0x10047b7c nsThread::Main(void*) + 56 6 libnspr4.dylib 0x0301d6f8 PR_Select + 828 7 libSystem.B.dylib 0x9002c3b4 _pthread_body + 96 Thread 3: 0 libSystem.B.dylib 0x900563f8 semaphore_timedwait_signal_trap + 8 1 libSystem.B.dylib 0x90056264 pthread_cond_timedwait + 704 2 libnspr4.dylib 0x030185f8 PR_Unlock + 300 3 libnspr4.dylib 0x0301885c PR_WaitCondVar + 136 4 org.mozilla.firefox 0x0006810c nsIOThreadPool::ThreadFunc(void*) + 116 5 libnspr4.dylib 0x0301d6f8 PR_Select + 828 6 libSystem.B.dylib 0x9002c3b4 _pthread_body + 96 Thread 0 crashed with PPC Thread State: srr0: 0x916d0fa4 srr1: 0x0200f930 vrsave: 0x00000000 cr: 0x24022442 xer: 0x00000000 lr: 0x916d3df4 ctr: 0x00000000 r0: 0xffffffff r1: 0xbfffcf90 r2: 0x00000000 r3: 0x00000064 r4: 0x04a2a620 r5: 0x04a2a62c r6: 0x00000001 r7: 0xbfffd0dc r8: 0x00000001 r9: 0x00000000 r10: 0xbfffd0dc r11: 0x00000000 r12: 0xbfffd0e0 r13: 0x00000002 r14: 0x00000000 r15: 0xa3120b38 r16: 0x01910970 r17: 0xbfffeb40 r18: 0x504c4543 r19: 0x00000001 r20: 0x00000001 r21: 0xbfffe048 r22: 0xbfffdb44 r23: 0x00000001 r24: 0xbfffd0dc r25: 0x00000000 r26: 0xbfffd0e0 r27: 0x00000064 r28: 0x04a2a530 r29: 0x00000000 r30: 0x00000000 r31: 0x0085709c Binary Images Description: 0x1000 - 0x9bdfff org.mozilla.firefox 1.0+ /Applications/Firefox.app/Contents/MacOS/ firefox-bin 0xfe5000 - 0xfeefff libqfaservices.dylib /Applications/Firefox.app/Contents/MacOS/ components/libqfaservices.dylib 0x1808000 - 0x182ffff talkback.dylib /Applications/Firefox.app/Contents/MacOS/components/ talkback/talkback.dylib 0x1849000 - 0x185efff libjsd.dylib /Applications/Firefox.app/Contents/MacOS/components/ libjsd.dylib 0x1beb000 - 0x1bedfff com.apple.textencoding.unicode 2.0 /System/Library/TextEncodings/Unicode Encodings.bundle/Contents/MacOS/Unicode Encodings 0x2d75000 - 0x2d7ffff com.netscape.DefaultPlugin ??? (1.0) /Applications/Firefox.app/Contents/ MacOS/plugins/Default Plugin.plugin/Contents/MacOS/Default Plugin 0x3000000 - 0x3033fff libnspr4.dylib /Applications/Firefox.app/Contents/MacOS/libnspr4.dylib 0x3f7e000 - 0x3fa9fff libnssckbi.dylib /Applications/Firefox.app/Contents/MacOS/libnssckbi.dylib 0x4000000 - 0x400dfff libplds4.dylib /Applications/Firefox.app/Contents/MacOS/libplds4.dylib 0x485d000 - 0x4935fff com.divxnetworks.DivXCodec 5.1b /Library/QuickTime/DivX 5.component/ Contents/MacOS/DivX 5 0x5000000 - 0x500efff libplc4.dylib /Applications/Firefox.app/Contents/MacOS/libplc4.dylib 0x6000000 - 0x6081fff libmozjs.dylib /Applications/Firefox.app/Contents/MacOS/libmozjs.dylib 0x7000000 - 0x7000fff libxpcom.dylib /Applications/Firefox.app/Contents/MacOS/libxpcom.dylib 0x8000000 - 0x801bfff libssl3.dylib /Applications/Firefox.app/Contents/MacOS/libssl3.dylib 0x9000000 - 0x905ffff libnss3.dylib /Applications/Firefox.app/Contents/MacOS/libnss3.dylib 0xa000000 - 0xa01dfff libsmime3.dylib /Applications/Firefox.app/Contents/MacOS/ libsmime3.dylib 0xb000000 - 0xb07afff libsoftokn3.dylib /Applications/Firefox.app/Contents/MacOS/ libsoftokn3.dylib 0xc000000 - 0xc019fff libxpcom_compat.dylib /Applications/Firefox.app/Contents/MacOS/ libxpcom_compat.dylib 0x10000000 - 0x10085fff libxpcom_core.dylib /Applications/Firefox.app/Contents/MacOS/ libxpcom_core.dylib 0x8fe00000 - 0x8fe50fff dyld 43 /usr/lib/dyld 0x90000000 - 0x901a6fff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x901fe000 - 0x90202fff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib 0x90204000 - 0x90257fff com.apple.CoreText 1.0.0 (???) /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90284000 - 0x90335fff ATS /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x90364000 - 0x9069cfff com.apple.CoreGraphics 1.256.0 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreGraphics.framework/Versions/A/CoreGraphics 0x90727000 - 0x90800fff com.apple.CoreFoundation 6.4 (368) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x90849000 - 0x90849fff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/ CoreServices.framework/Versions/A/CoreServices 0x9084b000 - 0x9094dfff libicucore.A.dylib /usr/lib/libicucore.A.dylib 0x909a7000 - 0x90a2bfff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90a55000 - 0x90ac9fff com.apple.framework.IOKit 1.4 (???) /System/Library/Frameworks/ IOKit.framework/Versions/A/IOKit 0x90ae3000 - 0x90af5fff libauto.dylib /usr/lib/libauto.dylib 0x90afc000 - 0x90dc1fff com.apple.CoreServices.CarbonCore 10.4 (611.1) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ CarbonCore.framework/Versions/A/CarbonCore 0x90e24000 - 0x90ea4fff com.apple.CoreServices.OSServices 4.0 (4.0.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ OSServices.framework/Versions/A/OSServices 0x90eee000 - 0x90f2efff com.apple.CFNetwork 4.0 (80) /System/Library/Frameworks/ CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x90f43000 - 0x90f5bfff com.apple.WebServices 1.1.2 (1.1.0) /System/Library/Frameworks/ CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/ WebServicesCore 0x90f6b000 - 0x90fe9fff com.apple.SearchKit 1.0.3 /System/Library/Frameworks/ CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x9102e000 - 0x91055fff com.apple.Metadata 0.1 (121) /System/Library/Frameworks/ CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x91066000 - 0x91073fff libz.1.dylib /usr/lib/libz.1.dylib 0x91076000 - 0x91238fff com.apple.security 4.0 (221) /System/Library/Frameworks/ Security.framework/Versions/A/Security 0x9133a000 - 0x91343fff com.apple.DiskArbitration 2.1 /System/Library/Frameworks/ DiskArbitration.framework/Versions/A/DiskArbitration 0x9134a000 - 0x91371fff com.apple.SystemConfiguration 1.8.0 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x91384000 - 0x9138cfff libbsm.dylib /usr/lib/libbsm.dylib 0x91390000 - 0x9140efff com.apple.audio.CoreAudio 3.0.0 (3.0) /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x9144c000 - 0x9144cfff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x9144e000 - 0x91486fff com.apple.AE 1.5 (297) /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x914a1000 - 0x9156cfff com.apple.ColorSync 4.4 /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x915c1000 - 0x91654fff com.apple.print.framework.PrintCore 4.0 (172) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ PrintCore.framework/Versions/A/PrintCore 0x9169a000 - 0x91757fff com.apple.QD 3.8.5 (???) /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x91795000 - 0x917f3fff com.apple.HIServices 1.5.0 (???) /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x91821000 - 0x91844fff com.apple.LangAnalysis 1.6 /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/ LangAnalysis 0x91858000 - 0x9187dfff com.apple.FindByContent 1.5 /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/ FindByContent 0x91890000 - 0x918d0fff com.apple.LaunchServices 10.4 (118) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ LaunchServices.framework/Versions/A/LaunchServices 0x918eb000 - 0x918fffff com.apple.speech.synthesis.framework 3.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x9190d000 - 0x91943fff com.apple.ImageIO.framework 1.0 /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x91957000 - 0x91a19fff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib 0x91a65000 - 0x91a7afff libcups.2.dylib /usr/lib/libcups.2.dylib 0x91a7f000 - 0x91a9bfff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x91aa0000 - 0x91b0ffff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x91b26000 - 0x91b2afff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91b2c000 - 0x91b44fff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib 0x91b47000 - 0x91b8afff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91b91000 - 0x91baafff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91baf000 - 0x91bb2fff libRadiance.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/ libRadiance.dylib 0x91bb4000 - 0x91bb4fff com.apple.Accelerate 1.1 (Accelerate 1.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x91bb6000 - 0x91ca0fff com.apple.vImage 2.0 /System/Library/Frameworks/ Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91ca8000 - 0x91cc7fff com.apple.Accelerate.vecLib 3.1 (vecLib 3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/ Versions/A/vecLib 0x91d33000 - 0x91d53fff libmx.A.dylib /usr/lib/libmx.A.dylib 0x91d59000 - 0x91dbefff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/ Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x91dc8000 - 0x91e5afff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/ Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x91e74000 - 0x92404fff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/ Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x9244c000 - 0x9275cfff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/ Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x92789000 - 0x92814fff com.apple.DesktopServices 1.3 /System/Library/PrivateFrameworks/ DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x92856000 - 0x92a7ffff com.apple.Foundation 6.4 (567) /System/Library/Frameworks/ Foundation.framework/Versions/C/Foundation 0x92b9d000 - 0x92c7bfff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x92c9b000 - 0x92d89fff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x92d9b000 - 0x92db9fff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/ A/Libraries/libGL.dylib 0x92dc4000 - 0x92e1efff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/ A/Libraries/libGLU.dylib 0x92e3c000 - 0x92e3cfff com.apple.Carbon 10.4 (???) /System/Library/Frameworks/ Carbon.framework/Versions/A/Carbon 0x92e3e000 - 0x92e52fff com.apple.ImageCapture 3.0 /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x92e6a000 - 0x92e7afff com.apple.speech.recognition.framework 3.4 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92e86000 - 0x92e9bfff com.apple.securityhi 2.0 (203) /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x92ead000 - 0x92f34fff com.apple.ink.framework 101.2 (69) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/ Versions/A/Ink 0x92f48000 - 0x92f53fff com.apple.help 1.0.3 (32) /System/Library/Frameworks/Carbon.framework/ Versions/A/Frameworks/Help.framework/Versions/A/Help 0x92f5d000 - 0x92f8afff com.apple.openscripting 1.2.2 (???) /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x92fa4000 - 0x92fb4fff com.apple.print.framework.Print 4.0 (187) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/ Versions/A/Print 0x92fc0000 - 0x93026fff com.apple.htmlrendering 1.1.2 /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x93057000 - 0x930a9fff com.apple.NavigationServices 3.4 /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/ NavigationServices 0x930d5000 - 0x930f2fff com.apple.audio.SoundManager 3.9 /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x93104000 - 0x93111fff com.apple.CommonPanels 1.2.2 (73) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ CommonPanels.framework/Versions/A/CommonPanels 0x9311a000 - 0x93429fff com.apple.HIToolbox 1.4.0 (???) /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x93574000 - 0x93580fff com.apple.opengl 1.4.0 /System/Library/Frameworks/OpenGL.framework/ Versions/A/OpenGL 0x93612000 - 0x93612fff com.apple.Cocoa 6.4 (???) /System/Library/Frameworks/ Cocoa.framework/Versions/A/Cocoa 0x93614000 - 0x93c45fff com.apple.AppKit 6.4 (824) /System/Library/Frameworks/ AppKit.framework/Versions/C/AppKit 0x93fd1000 - 0x9403bfff com.apple.CoreData 1.0 (46) /System/Library/Frameworks/ CoreData.framework/Versions/A/CoreData 0x94073000 - 0x9413dfff com.apple.audio.toolbox.AudioToolbox 1.4 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x94191000 - 0x94191fff com.apple.audio.units.AudioUnit 1.4 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x94193000 - 0x942f2fff com.apple.QuartzCore 1.4 /System/Library/Frameworks/ QuartzCore.framework/Versions/A/QuartzCore 0x9433a000 - 0x94377fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib 0x9437f000 - 0x943cafff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/ Versions/A/Libraries/libGLImage.dylib 0x9456a000 - 0x94579fff libCGATS.A.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/ Resources/libCGATS.A.dylib 0x94581000 - 0x9458dfff libCSync.A.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/ Resources/libCSync.A.dylib 0x945d2000 - 0x945e6fff libRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x945ec000 - 0x9484efff com.apple.QuickTime 7.0.0 /System/Library/Frameworks/ QuickTime.framework/Versions/A/QuickTime 0x94921000 - 0x94940fff com.apple.vecLib 3.1 (vecLib 3.1) /System/Library/Frameworks/ vecLib.framework/Versions/A/vecLib 0x97a71000 - 0x97a7efff com.apple.agl 2.5.6 (AGL-2.5.6) /System/Library/Frameworks/ AGL.framework/Versions/A/AGL 0x99414000 - 0x99ba6fff com.apple.QuickTimeComponents.component 7.0 /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/ QuickTimeComponents 0x9b2f9000 - 0x9b32efff libOpenGLContext.A.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/ Resources/libOpenGLContext.A.dylib Model: PowerBook5,2, BootROM 4.7.1f1, 1 processors, PowerPC G4 (1.1), 1.25 GHz, 768 MB Graphics: ATI Mobility Radeon 9600, ATY,RV350M10, AGP, 64 MB Memory Module: SODIMM0/J25LOWER, 256 MB, DDR SDRAM, PC2700U-25330 Memory Module: SODIMM1/J25UPPER, 512 MB, DDR SDRAM, PC2700U-25330 AirPort: AirPort Extreme, 3.5f1 (3.50.37.p6) Modem: LastDash, Euro, V.92, 4.0, APPLE VERSION 2.6.4 Bluetooth: Version 1.6.0f2, 2 service, 0 devices, 1 incoming serial ports Network Service: Built-in Ethernet, Ethernet, en0 PCI Card: TXN,PCIXXXX-00, cardbus, PC Card Parallel ATA Device: MATSHITACD-RW CW-8122, Parallel ATA Device: FUJITSU MHT2060AT, 55.89 GB USB Device: Bluetooth HCI, , Up to 12 Mb/sec, 500 mA
Keywords: crash
Summary: Crash when loading SVG → Crash when loading SVG [@ SelectAndVendDataForGlyphVector]
This seems to be the simplest file that demonstrates the crash. Looks like it is triggered by the clipPath.
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20051026 Firefox/1.6a1 I think this might've been fixed by the check-in for bug 298914. It's not crashing for me on Linux. Can anyone verify it's fixed on Mac?
It no longer crashes for me on the Mac (OSX 10.4).
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
Firefox trunk 13 nov, Mac OS 10.3.9 I'm reopening this bug - loading the testcase in comment #1 crashes for me. The stack is not identical, but the crash do occur in SelectAndVendDataForGlyphVector. Talkback ID: TB11801057Y I'll attach a log from crashreporter. I also get a similar crash by loading http://www.w3.org/Consortium/Offices/Presentations/SVG/0.svg - stack looks pretty much the same (at least to me). Talbacks from the w3 svg tutorial: TB11799958G, TB11800742W.
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
Attached file Crashlog
Status: UNCONFIRMED → NEW
Ever confirmed: true
I just saw this on an SVG file in the W3C test suite in the most recent Camino nightly (2005-12-15), though I'm not sure which one it was.
Actually, a whole bunch of the text ones seem to crash for me; one of them being http://www.w3.org/Graphics/SVG/Test/20030813/htmlframe/full-text-tref-01-b.html .
Wevah, I assume the stacktrace for all of the crashes is the same as this one? If they're not they could be different bugs.
The stacks are identical, line-for-line (with the exception of org.mozilla.firefox changing to org.mozilla.camino, of course).
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20060108 Firefox/1.6a1 I am seeing something very similar at http://www.skolelinux.no/mascot/tux_bag.svg , looking at the source 'cairo-atsui-font.c', Apple's documentation, e.g. http://developer.apple.com/documentation/Carbon/Reference/ATSUI_Reference/index.html and this bug report http://lists.freedesktop.org/archives/cairo-bugs/2005-November/000501.html , I suspect that the mechanism is the same as Bug 298914 "[mac] Firefox crashing while trying to view http://www.opera.com/features/svg/index.dml" in that we are passing a zero length unicode string to ATSUDirectGetLayoutDataArrayPtrFromTextLayout( ) . This spackle hides the problem: Index: cairo-atsui-font.c =================================================================== RCS file: /cvsroot/mozilla/gfx/cairo/cairo/src/cairo-atsui-font.c,v retrieving revision 1.11 diff -U8 -r1.11 cairo-atsui-font.c --- cairo-atsui-font.c 6 Oct 2005 04:32:44 -0000 1.11 +++ cairo-atsui-font.c 8 Jan 2006 20:59:44 -0000 @@ -507,24 +507,42 @@ cairo_atsui_font_t *font = abstract_font; ItemCount glyphCount; int i; status = _cairo_utf8_to_utf16 ((unsigned char *)utf8, -1, &utf16, &n16); if (status) return status; +// Curious bug in ATSU with zero-length strings + if( n16 == 0 ) { + fprintf( stderr, "Early return to avoid presenting ATSUDirectGetLayoutDataArrayPtrFromTextLayout( ) with a zero-lngth string\n" ); + return CAIRO_STATUS_NULL_POINTER; // Actually it is an internal error, 'Parameter error' or some such + }; + err = ATSUCreateTextLayout(&textLayout);
*** Bug 323585 has been marked as a duplicate of this bug. ***
Flags: blocking1.8.0.2?
Blocks: stirdom
Adding a note that this bug is still apparent in Tiger OS 10.4.4. (I have not seen it in 10.2 or 10.3)
This isn't crashing for me on either the trunk or 1.8 branch, with OS-X 10.4.4.
Odd. The testcase here still crashes for me with today's trunk nightly on Mac OS X 10.4.4 (PPC).
Keywords: testcase
I think you're supposed to use IsEmpty() instead of comparing Length() to zero. Does this patch fix the case in bug 323585, which involved a string consisting only of spaces? Isn't this really a cairo bug?
Attachment #209722 - Attachment is obsolete: true
(In reply to comment #17) > Does this patch fix the case in bug 323585, which involved a string consisting > only of spaces? 323585 ends up trying to work with an empty string, so it is the same bug. > Isn't this really a cairo bug? I don't belive cairo has a documented policy on what it does with degenerate objects, but generally it tends to loose its mind. Both the win32 and atsui font backends have problems with empty strings in our experience, and our code tries to avoid handing them to cairo. This was just a missed case.
Assignee: general → tor
Attachment #209742 - Flags: review?(scootermorris)
Attachment #209742 - Flags: review?(scootermorris) → review+
(In reply to comment #17) > > Isn't this really a cairo bug? > If cairo is crashing on empty strings, then yes that is a bug in cairo. (That might not change the need for a workaround in mozilla, but it is definitely the case that we over in cairo land want to see bug reports (http://bugs.freedesktop.org about things like this.) Thanks, -Carl
Checked in.
Status: NEW → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → FIXED
Comment on attachment 209742 [details] [diff] [review] use IsEmpty(), patch right location a=dveditz for drivers
Attachment #209742 - Flags: approval1.8.0.2+
Flags: blocking1.8.0.2? → blocking1.8.0.2+
1.8.0/1.8.0.x already have similar code, so this patch isn't needed there.
Keywords: fixed1.8
Flags: blocking1.8.0.2+
Attachment #209742 - Flags: approval1.8.0.2+
Flags: in-testsuite+
Crash Signature: [@ SelectAndVendDataForGlyphVector]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: