Closed Bug 323585 Opened 19 years ago Closed 19 years ago

Putting empty or whitespace text node in <svg:text> causes crash [@ SelectAndVendDataForGlyphVector]

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 294022

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(1 file)

testcase
383 bytes, image/svg+xml
Details 
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20060113 Firefox/1.6a1

Steps to reproduce:
1. Load the testcase using an opt build.

Result: crash.

0   com.apple.QD             	0x91734e80 SelectAndVendDataForGlyphVector(ATSGlyphVector*, unsigned long, unsigned char, unsigned char, void**, unsigned long*) + 284
1   com.apple.QD             	0x91737cf0 ATSUDirectGetLayoutDataArrayPtrFromTextLayout + 156
2   org.mozilla.firefox      	0x00876ef8 _cairo_hash_table_remove + 2920
3   org.mozilla.firefox      	0x00869444 _cairo_scaled_font_text_to_glyphs + 80
4   org.mozilla.firefox      	0x007bed70 _cairo_gstate_text_to_glyphs + 88
5   org.mozilla.firefox      	0x005a362c cairo_text_extents + 156
6   org.mozilla.firefox      	0x00581248 nsSVGCairoGlyphMetrics::Update(unsigned, int*) + 244
7   org.mozilla.firefox      	0x0061d30c nsSVGGlyphFrame::NotifyMetricsUnsuspended() + 72
8   org.mozilla.firefox      	0x0060f6c4 nsSVGTextFrame::NotifyRedrawUnsuspended() + 236
9   org.mozilla.firefox      	0x0065d9b0 nsSVGOuterSVGFrame::UnsuspendRedraw() + 152
10  org.mozilla.firefox      	0x0061b048 nsSVGGlyphFrame::Update(unsigned) + 120
11  org.mozilla.firefox      	0x0060eb38 nsSVGTextFrame::InsertFrames(nsIAtom*, nsIFrame*, nsIFrame*) + 156
12  org.mozilla.firefox      	0x002cbbc8 nsCSSFrameConstructor::AppendFrames(nsFrameConstructorState const&, nsIContent*, nsIFrame*, nsIFrame*, nsIFrame*) + 132
13  org.mozilla.firefox      	0x002cd380 nsCSSFrameConstructor::ContentAppended(nsIContent*, int) + 2360
14  org.mozilla.firefox      	0x0019dde8 PresShell::ContentAppended(nsIDocument*, nsIContent*, int) + 60
15  org.mozilla.firefox      	0x00200798 nsDocument::ContentAppended(nsIContent*, int) + 124
16  org.mozilla.firefox      	0x0029b170 nsGenericElement::InsertChildAt(nsIContent*, unsigned, int) + 668
...
Attached image testcase 

    
  
Summary: Putting empty text node in <svg:text> causes crash → Putting empty or whitespace text node in <svg:text> causes crash

    
    

    
  
<vlad> so what I don't understand is frame 2 there
<vlad> ATSUDirectGetLayoutDataArrayPtrFromTextLayout is called from _cairo_scaled_font_text_to_glyphs
<vlad> also +2920 is a large offset
<vlad> it could be you're off in some very strange palce and that's the closest symbol

    
    

    
  

*** This bug has been marked as a duplicate of 294022 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Summary: Putting empty or whitespace text node in <svg:text> causes crash → Putting empty or whitespace text node in <svg:text> causes crash [@ SelectAndVendDataForGlyphVector]

    
    

    
  
Without disputing the resolution of this report, FWIW, I haven't seen this
crash, and doubt that it is due to a zero-length unicode string, but it is
likely that a fix for Bug 294022"Crash when loading SVG 
[@SelectAndVendDataForGlyphVector]" will also fix this one.
Crash Signature: [@ SelectAndVendDataForGlyphVector]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: