Infinite recursion crash with <svg:pattern> loop

VERIFIED FIXED

Status

()

Core
SVG
--
critical
VERIFIED FIXED
12 years ago
10 years ago

People

(Reporter: Jesse Ruderman, Assigned: Scooter Morris)

Tracking

({crash, testcase})

Trunk
x86
Windows XP
crash, testcase
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 2 obsolete attachments)

(Reporter)

Description

12 years ago
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050914
Firefox/1.6a1

TB9365977Z
(Reporter)

Comment 1

12 years ago
Created attachment 196117 [details]
simple testcase
(Reporter)

Updated

12 years ago
Keywords: testcase
(Reporter)

Comment 2

12 years ago
See also bug 307322 and bug 278201.  Is there a general solution to the hangs
and crashes that occur due to reference loops?
(Assignee)

Comment 3

12 years ago
Created attachment 196282 [details] [diff] [review]
Catch pattern loop and degenerate sizes
(Assignee)

Updated

12 years ago
Status: NEW → ASSIGNED
(Assignee)

Updated

12 years ago
Attachment #196282 - Flags: review?(tor)
(Assignee)

Updated

12 years ago
Attachment #196282 - Flags: review?(tor)
(Assignee)

Comment 4

12 years ago
Created attachment 196607 [details] [diff] [review]
nsSVGPatternFrame should inherit from nsSVGDefsFrame -- also check for degenerate paths
Assignee: general → scootermorris
Attachment #196282 - Attachment is obsolete: true
Attachment #196607 - Flags: review?(tor)

Comment 5

12 years ago
This still won't handle the two pattern loop case, will it?
(Assignee)

Updated

12 years ago
Attachment #196607 - Flags: review?(tor)
(Assignee)

Comment 6

12 years ago
Created attachment 196826 [details] [diff] [review]
Same patch as previous, but add checking for multiple different patterns looping
Attachment #196607 - Attachment is obsolete: true
(In reply to comment #6)
> Created an attachment (id=196826) [edit]
> Same patch as previous, but add checking for multiple different patterns
> looping

Are you planning to seek reviews for this patch?  My hope is it simply fell off
the radar...
(Assignee)

Comment 8

12 years ago
(In reply to comment #7)
> (In reply to comment #6)
> > Created an attachment (id=196826) [edit] [edit]
> > Same patch as previous, but add checking for multiple different patterns
> > looping
> 
> Are you planning to seek reviews for this patch?  My hope is it simply fell off
> the radar...

Not really.  I'm holding off asking for reviews until after we past the 1.5b2
deadlines.  Most of the SVG team (i.e. tor & jwatt) are really buried with some
critical fixes to Windows Cairo and other 1.5-related things.  I'm also working
on a combined patch that fixes this problem as well as a couple of other
patterns issues.
https://bugzilla.mozilla.org/attachment.cgi?id=196117&action=view no longer crashes for me in build 2005-12-14-09, SeaMonkey trunk on Windows XP
(Reporter)

Comment 10

12 years ago
WFM Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051214 Firefox/1.6a1

Scooter, is the patch in comment 6 still worthwhile?
Flags: blocking1.9a1?
(Assignee)

Comment 11

12 years ago
Fixed by checkin to bug 308917
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
Verified FIXED using build 2006-02-10-10, Windows XP SeaMonkey trunk (no crash).
Status: RESOLVED → VERIFIED
Flags: blocking1.9a1?
(Reporter)

Comment 13

10 years ago
Crashtest checked in.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.