Closed
Bug 374882
Opened 17 years ago
Closed 17 years ago
SVG filter crash [@ nsSVGFEOffsetElement::Filter]
Categories
(Core :: SVG, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: jruderman, Assigned: longsonr)
References
Details
(Keywords: crash, testcase, Whiteboard: [sg:critical] post-1.8-branch)
Crash Data
Attachments
(2 files)
298 bytes,
image/svg+xml
|
Details | |
1.07 KB,
patch
|
tor
:
review+
tor
:
superreview+
|
Details | Diff | Splinter Review |
Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x03008000 Thread 0 Crashed: 0 libgklayout.dylib 0x0579081d nsSVGFEOffsetElement::Filter(nsSVGFilterInstance*) + 797 (nsSVGFilters.cpp:2576) 1 libgklayout.dylib 0x0575b67b nsSVGFilterFrame::FilterPaint(nsSVGRenderState*, nsISVGChildFrame*) + 3399 (nsSVGFilterFrame.cpp:342) 2 libgklayout.dylib 0x057761fd nsSVGUtils::PaintChildWithEffects(nsSVGRenderState*, nsRect*, nsIFrame*) + 703 (nsSVGUtils.cpp:951) 3 libgklayout.dylib 0x057693dc nsSVGOuterSVGFrame::Paint(nsIRenderingContext&, nsRect const&, nsPoint) + 366 (nsSVGOuterSVGFrame.cpp:483) 4 libgklayout.dylib 0x057694a0 nsDisplaySVG::Paint(nsDisplayListBuilder*, nsIRenderingContext*, nsRect const&) + 74 (nsSVGOuterSVGFrame.cpp:377) 5 libgklayout.dylib 0x0524be1b nsDisplayList::Paint(nsDisplayListBuilder*, nsIRenderingContext*, nsRect const&) const + 61 (nsDisplayList.cpp:298) ...
Flags: blocking1.9?
Reporter | ||
Updated•17 years ago
|
Whiteboard: [sg:critical]
Reporter | ||
Updated•17 years ago
|
Whiteboard: [sg:critical] → [sg:critical] post-1.8
Assignee | ||
Comment 1•17 years ago
|
||
Assignee: general → longsonr
Status: NEW → ASSIGNED
Attachment #259310 -
Flags: superreview?(tor)
Attachment #259310 -
Flags: review?(tor)
Attachment #259310 -
Flags: superreview?(tor)
Attachment #259310 -
Flags: superreview+
Attachment #259310 -
Flags: review?(tor)
Attachment #259310 -
Flags: review+
Reporter | ||
Updated•17 years ago
|
Whiteboard: [sg:critical] post-1.8 → [sg:critical] post-1.8-branch
Updated•17 years ago
|
Flags: wanted1.8.1.x-
Assignee | ||
Comment 2•17 years ago
|
||
checked in.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Updated•17 years ago
|
Group: security
Comment 4•17 years ago
|
||
verified fixed using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9b3pre) Gecko/2008011009 Firefox/3.0b3pre ID:2008011009, no crash on testcase - > Verified fixed
Status: RESOLVED → VERIFIED
Updated•13 years ago
|
Crash Signature: [@ nsSVGFEOffsetElement::Filter]
You need to log in
before you can comment on or make changes to this bug.
Description
•