Closed Bug 374882 Opened 17 years ago Closed 17 years ago

SVG filter crash [@ nsSVGFEOffsetElement::Filter]

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: jruderman, Assigned: longsonr)

References

Details

(Keywords: crash, testcase, Whiteboard: [sg:critical] post-1.8-branch)

Crash Data

Attachments

(2 files)

testcase (loading it crashes Firefox)
298 bytes, image/svg+xml
Details
patch
1.07 KB, patch
tor
: review+
tor
: superreview+
Details | Diff | Splinter Review 
Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x03008000

Thread 0 Crashed:
0   libgklayout.dylib        	0x0579081d nsSVGFEOffsetElement::Filter(nsSVGFilterInstance*) + 797 (nsSVGFilters.cpp:2576)
1   libgklayout.dylib        	0x0575b67b nsSVGFilterFrame::FilterPaint(nsSVGRenderState*, nsISVGChildFrame*) + 3399 (nsSVGFilterFrame.cpp:342)
2   libgklayout.dylib        	0x057761fd nsSVGUtils::PaintChildWithEffects(nsSVGRenderState*, nsRect*, nsIFrame*) + 703 (nsSVGUtils.cpp:951)
3   libgklayout.dylib        	0x057693dc nsSVGOuterSVGFrame::Paint(nsIRenderingContext&, nsRect const&, nsPoint) + 366 (nsSVGOuterSVGFrame.cpp:483)
4   libgklayout.dylib        	0x057694a0 nsDisplaySVG::Paint(nsDisplayListBuilder*, nsIRenderingContext*, nsRect const&) + 74 (nsSVGOuterSVGFrame.cpp:377)
5   libgklayout.dylib        	0x0524be1b nsDisplayList::Paint(nsDisplayListBuilder*, nsIRenderingContext*, nsRect const&) const + 61 (nsDisplayList.cpp:298)
...
Flags: blocking1.9?
Whiteboard: [sg:critical]
Whiteboard: [sg:critical] → [sg:critical] post-1.8
Attached patch patchSplinter Review 
Assignee: general → longsonr
Status: NEW → ASSIGNED

        Attachment #259310 -
        Flags: superreview?(tor)

        Attachment #259310 -
        Flags: review?(tor)

    
  

        Attachment #259310 -
        Flags: superreview?(tor)

        Attachment #259310 -
        Flags: superreview+

        Attachment #259310 -
        Flags: review?(tor)

        Attachment #259310 -
        Flags: review+

    
  
Whiteboard: [sg:critical] post-1.8 → [sg:critical] post-1.8-branch
Flags: wanted1.8.1.x-

    
  
Flags: blocking1.9? → blocking1.9+

    
    

    
  
checked in.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Group: security

    
    

    
  
Crashtest checked in.
Flags: in-testsuite+

    
    

    
  
verified fixed using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9b3pre) Gecko/2008011009 Firefox/3.0b3pre ID:2008011009, no crash on testcase - > Verified fixed
Status: RESOLVED → VERIFIED
Crash Signature: [@ nsSVGFEOffsetElement::Filter]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: