Closed Bug 344892 Opened 15 years ago Closed 15 years ago

<svg:text stroke-width="50%"> causes crash [@ nsSVGUtils::CoordToFloat]

Categories

(Core :: SVG, defect)

PowerPC
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: jruderman, Assigned: tor)

References

(Blocks 1 open bug)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(2 files)

#0  0x0732f52c in nsSVGUtils::CoordToFloat (aPresContext=0x270498d0, aContent=0x270737f0, aCoord=@0x2dbb2f0) at /Users/admin/trunk/mozilla/layout/svg/base/src/nsSVGUtils.cpp:148
#1  0x0730f684 in nsSVGGeometryFrame::GetStrokeWidth (this=0x2dbb074) at /Users/admin/trunk/mozilla/layout/svg/base/src/nsSVGGeometryFrame.cpp:163
#2  0x0730fac4 in nsSVGGeometryFrame::HasStroke (this=0x2dbb074) at /Users/admin/trunk/mozilla/layout/svg/base/src/nsSVGGeometryFrame.cpp:241

CoordToFloat is passed an aContent that is an nsTextNode.  CoordToFloat's "case eStyleUnit_Percent" branch tries to QI aContent to nsIDOMSVGElement and then crashes dereferencing a null pointer.
Attached image testcase
Blocks: 344905
Assignee: general → tor
Status: NEW → ASSIGNED
Attachment #229484 - Flags: review?(scootermorris)
Comment on attachment 229484 [details] [diff] [review]
make sure we give the right context for glyph frames

Looks right to me.
Attachment #229484 - Flags: review?(scootermorris) → review+
Attachment #229484 - Flags: superreview?(roc)
Attachment #229484 - Flags: superreview?(roc) → superreview+
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Crashtest checked in.
Flags: in-testsuite?
Flags: in-testsuite? → in-testsuite+
Crash Signature: [@ nsSVGUtils::CoordToFloat]
You need to log in before you can comment on or make changes to this bug.