Closed Bug 344892 Opened 18 years ago Closed 18 years ago

<svg:text stroke-width="50%"> causes crash [@ nsSVGUtils::CoordToFloat]

Categories

(Core :: SVG, defect)

PowerPC
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: jruderman, Assigned: tor)

References

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(2 files)

#0 0x0732f52c in nsSVGUtils::CoordToFloat (aPresContext=0x270498d0, aContent=0x270737f0, aCoord=@0x2dbb2f0) at /Users/admin/trunk/mozilla/layout/svg/base/src/nsSVGUtils.cpp:148 #1 0x0730f684 in nsSVGGeometryFrame::GetStrokeWidth (this=0x2dbb074) at /Users/admin/trunk/mozilla/layout/svg/base/src/nsSVGGeometryFrame.cpp:163 #2 0x0730fac4 in nsSVGGeometryFrame::HasStroke (this=0x2dbb074) at /Users/admin/trunk/mozilla/layout/svg/base/src/nsSVGGeometryFrame.cpp:241 CoordToFloat is passed an aContent that is an nsTextNode. CoordToFloat's "case eStyleUnit_Percent" branch tries to QI aContent to nsIDOMSVGElement and then crashes dereferencing a null pointer.
Attached image testcase
Blocks: 344905
Assignee: general → tor
Status: NEW → ASSIGNED
Attachment #229484 - Flags: review?(scootermorris)
Comment on attachment 229484 [details] [diff] [review] make sure we give the right context for glyph frames Looks right to me.
Attachment #229484 - Flags: review?(scootermorris) → review+
Attachment #229484 - Flags: superreview?(roc)
Attachment #229484 - Flags: superreview?(roc) → superreview+
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Crashtest checked in.
Flags: in-testsuite?
Flags: in-testsuite? → in-testsuite+
Crash Signature: [@ nsSVGUtils::CoordToFloat]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: