"ASSERTION: index out of range" involving gradient (nsSVGValue::NotifyObservers)

RESOLVED FIXED

Status

()

Core
SVG
RESOLVED FIXED
12 years ago
10 years ago

People

(Reporter: Jesse Ruderman, Assigned: tor)

Tracking

(Blocks: 1 bug, {assertion, testcase})

Trunk
PowerPC
Mac OS X
assertion, testcase
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(4 attachments)

(Reporter)

Description

12 years ago
This testcase causes:

###!!! ASSERTION: index out of range: '0 <= aIndex && aIndex < Count()', file /Users/admin/trunk/mozilla/xpcom/build/../glue/nsVoidArray.h, line 373

The assertion fires from nsSmallVoidArray::ElementAt, which also does run-time bounds checking.
(Reporter)

Comment 1

12 years ago
Created attachment 230103 [details]
testcase
(Reporter)

Comment 2

12 years ago
Created attachment 230104 [details]
stack trace (mac debug / gdb)
(Reporter)

Updated

12 years ago
Attachment #230103 - Attachment mime type: application/xhtml+xml → image/svg+xml
(Reporter)

Updated

12 years ago
Summary: "ASSERTION: index out of range" involving gradient → "ASSERTION: index out of range" involving gradient (nsSVGValue::NotifyObservers)
(Assignee)

Comment 3

12 years ago
Created attachment 230148 [details] [diff] [review]
prevent duplicate observers from being added

This was happening because a nsSVGGeometryFrame was adding itself as an observer of the gradient for both fill and stroke.  Since two entries were added, the logic in NotifyObservers for teardown got itself twisted.
Assignee: general → tor
Status: NEW → ASSIGNED
Attachment #230148 - Flags: review?(roc)
Attachment #230148 - Flags: superreview?(roc)
Attachment #230148 - Flags: review?(roc)
Attachment #230148 - Flags: review+
(Reporter)

Comment 4

12 years ago
If an element has both fill and stroke pointing at a given gradient, and then you remove one of those attributes (but leave the other), will the element continue to observe the gradient with this patch?
(Assignee)

Comment 5

12 years ago
Yes, because on a style change we remove both, as the change notification isn't fine grained, and re-add as appropriate.
Comment on attachment 230148 [details] [diff] [review]
prevent duplicate observers from being added

Add the explanation in comment #5 as a comment
Attachment #230148 - Flags: superreview?(roc) → superreview+
(Assignee)

Comment 7

12 years ago
Created attachment 230581 [details] [diff] [review]
version for checkin - expanded comment
(Assignee)

Comment 8

12 years ago
Checked in.
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
(Reporter)

Comment 9

10 years ago
Crashtest checked in.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.