Closed Bug 387290 Opened 18 years ago Closed 17 years ago

svg rect + scale + filter causes int overflow

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: guninski, Unassigned)

Details

(Keywords: crash, testcase)

Attachments

(1 file)

svg6e.xml
731 bytes, text/xml
Details
Attached file svg6e.xml
<rect fill="red" width="256" height="256" filter="url(#dafilter)" transform="scale(262145,9)" /> causes crash with signs of integer overflow. the stack is blown. may be related to Bug 361745
(In reply to comment #0) > > may be related to Bug 361745 > ooops wrong bug. the correct one is Bug 376713 – margin-top, height crash @ARGB32_image_mark on trunk macosx
Component: General → SVG
Product: Firefox → Core
QA Contact: general → general
Georgi, did you need to let this run for a while or does it crash immediately? And on which build of Mac OS X are you seeing this? (Run System Profiler, choose Software, example: Mac OS X 10.4.10 (8R2218)) Running this for a few minutes seems to work for me but maybe this needs to run longer before it crashes. Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a9pre) Gecko/2007092604 Minefield/3.0a9pre
(In reply to comment #2) > Georgi, did you need to let this run for a while or does it crash immediately? > And on which build of Mac OS X are you seeing this? (Run System Profiler, > choose Software, example: Mac OS X 10.4.10 (8R2218)) > > Running this for a few minutes seems to work for me but maybe this needs to run > longer before it crashes. > doesn't crash for me now. software is mac os x 10.4.10 8R218
Marking as WFM based on comment 3.
Group: security
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
Flags: in-testsuite?
Crashtest checked in.
Flags: in-testsuite? → in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: