Closed
Bug 381804
Opened 17 years ago
Closed 17 years ago
Crash [@ gfxQuartzSurface::~gfxQuartzSurface] with <svg:text> and <svg:pattern>
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 378583
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(1 file)
471 bytes,
image/svg+xml
|
Details |
Loading the testcase in a nightly or a debug build triggers a crash [@ gfxQuartzSurface::~gfxQuartzSurface]. A debug build outputs some assertions before the crash: ###!!! ASSERTION: Surface size too large (would overflow)!: 'Error', gfx/thebes/src/gfxASurface.cpp, line 291 ###!!! ASSERTION: gfxASurface::AddRef without mSurface: 'mSurface != nsnull', gfx/thebes/src/gfxASurface.cpp, line 66 ###!!! ASSERTION: gfxASurface::CairoSurface called with mSurface == nsnull!: 'mSurface != nsnull', file ../../../dist/include/thebes/gfxASurface.h, line 98 ###!!! ASSERTION: gfxASurface::Release without mSurface: 'mSurface != nsnull', gfx/thebes/src/gfxASurface.cpp, line 87
Comment 1•17 years ago
|
||
Crashes windows too. Is nsSVGPatternFrame::PaintPattern missing an addref?
Comment 2•17 years ago
|
||
The ref count looks okay to me. What seems to be a problem is that the gfxWindowsSurface ctor simply returns early when the requested surface size is too large. As a result we end up with a gfxWindowsSurface object (non-null, so the null check doesn't catch it) that hasn't been constructed properly and things go pear shaped from there.
Updated•17 years ago
|
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 4•17 years ago
|
||
This testcase still causes an assertion (but not a crash). See bug 385228.
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ gfxQuartzSurface::~gfxQuartzSurface]
You need to log in
before you can comment on or make changes to this bug.
Description
•