Closed
Bug 381804
Opened 18 years ago
Closed 18 years ago
Crash [@ gfxQuartzSurface::~gfxQuartzSurface] with <svg:text> and <svg:pattern>
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 378583
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(1 file)
|
471 bytes,
image/svg+xml
|
Details |
testcase (crashes Firefox when loaded)
Loading the testcase in a nightly or a debug build triggers a crash [@ gfxQuartzSurface::~gfxQuartzSurface]. A debug build outputs some assertions before the crash:
###!!! ASSERTION: Surface size too large (would overflow)!: 'Error', gfx/thebes/src/gfxASurface.cpp, line 291
###!!! ASSERTION: gfxASurface::AddRef without mSurface: 'mSurface != nsnull', gfx/thebes/src/gfxASurface.cpp, line 66
###!!! ASSERTION: gfxASurface::CairoSurface called with mSurface == nsnull!: 'mSurface != nsnull', file ../../../dist/include/thebes/gfxASurface.h, line 98
###!!! ASSERTION: gfxASurface::Release without mSurface: 'mSurface != nsnull', gfx/thebes/src/gfxASurface.cpp, line 87
|
||
Comment 1•18 years ago
|
||
Crashes windows too.
Is nsSVGPatternFrame::PaintPattern missing an addref?
|
||
Comment 2•18 years ago
|
||
The ref count looks okay to me. What seems to be a problem is that the gfxWindowsSurface ctor simply returns early when the requested surface size is too large. As a result we end up with a gfxWindowsSurface object (non-null, so the null check doesn't catch it) that hasn't been constructed properly and things go pear shaped from there.
|
|
||
Updated•18 years ago
|
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
|
Reporter | |
Comment 4•18 years ago
|
||
This testcase still causes an assertion (but not a crash). See bug 385228.
|
Assignee | |
Updated•14 years ago
|
Crash Signature: [@ gfxQuartzSurface::~gfxQuartzSurface]
You need to log in
before you can comment on or make changes to this bug.
Description
•