Closed Bug 381804 Opened 17 years ago Closed 17 years ago

Crash [@ gfxQuartzSurface::~gfxQuartzSurface] with <svg:text> and <svg:pattern>

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 378583

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(1 file)

testcase (crashes Firefox when loaded)
471 bytes, image/svg+xml
Details 
Loading the testcase in a nightly or a debug build triggers a crash [@ gfxQuartzSurface::~gfxQuartzSurface].  A debug build outputs some assertions before the crash:

###!!! ASSERTION: Surface size too large (would overflow)!: 'Error', gfx/thebes/src/gfxASurface.cpp, line 291
###!!! ASSERTION: gfxASurface::AddRef without mSurface: 'mSurface != nsnull', gfx/thebes/src/gfxASurface.cpp, line 66
###!!! ASSERTION: gfxASurface::CairoSurface called with mSurface == nsnull!: 'mSurface != nsnull', file ../../../dist/include/thebes/gfxASurface.h, line 98
###!!! ASSERTION: gfxASurface::Release without mSurface: 'mSurface != nsnull', gfx/thebes/src/gfxASurface.cpp, line 87
Crashes windows too.

Is nsSVGPatternFrame::PaintPattern missing an addref?
The ref count looks okay to me. What seems to be a problem is that the gfxWindowsSurface ctor simply returns early when the requested surface size is too large. As a result we end up with a gfxWindowsSurface object (non-null, so the null check doesn't catch it) that hasn't been constructed properly and things go pear shaped from there.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
This testcase still causes an assertion (but not a crash).  See bug 385228.
Crash Signature: [@ gfxQuartzSurface::~gfxQuartzSurface]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: