If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Crash loading SVG page in cairo-quartz code

VERIFIED FIXED

Status

()

Core
Graphics
P2
normal
VERIFIED FIXED
10 years ago
10 years ago

People

(Reporter: roc, Assigned: vlad)

Tracking

({crash})

Trunk
x86
Mac OS X
crash
Points:
---
Bug Flags:
blocking1.9 +
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Load http://www.svg-whiz.com/svg/linguistics/theCreepyMouth.svg, instant crash. Relevant call stack:

#0  0x14db7ede in _moz_cairo_surface_get_type (surface=0x328) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo-surface.c:142
#1  0x14dc0e9e in _cairo_quartz_surface_to_quartz (target=0x0, pat_surf=0x328, quartz_surf=0xbfffbb28) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo-quartz-surface.c:465
#2  0x14dc3e11 in _cairo_quartz_surface_mask_with_surface (surface=0x3ec158c0, op=CAIRO_OPERATOR_OVER, source=0xbfffbc88, mask=0xbfffbbb4) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo-quartz-surface.c:1588
#3  0x14dc408b in _cairo_quartz_surface_mask (abstract_surface=0x3ec158c0, op=CAIRO_OPERATOR_OVER, source=0xbfffbc88, mask=0xbfffbbb4) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo-quartz-surface.c:1629
#4  0x14db9aa7 in _cairo_surface_mask (surface=0x3ec158c0, op=CAIRO_OPERATOR_OVER, source=0xbfffbe68, mask=0xbfffbd94) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo-surface.c:1435
#5  0x14da4d65 in _cairo_gstate_mask (gstate=0x3ec37ec0, mask=0x3e69f150) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo-gstate.c:971
#6  0x14d9e3db in _moz_cairo_mask (cr=0x2753600, pattern=0x3e69f150) at /Users/roc/mozilla-checkin/mozilla/gfx/cairo/cairo/src/cairo.c:1962
#7  0x14d86d03 in gfxContext::Mask (this=0x3e09ed40, pattern=0x3e8c6690) at /Users/roc/mozilla-checkin/mozilla/gfx/thebes/src/gfxContext.cpp:689
#8  0x1579d35f in nsSVGUtils::PaintChildWithEffects (aContext=0xbfffc050, aDirtyRect=0xbfffc05c, aFrame=0x428ee744) at /Users/roc/mozilla-checkin/mozilla/layout/svg/base/src/nsSVGUtils.cpp:1201
#9  0x1578f15d in nsSVGOuterSVGFrame::Paint (this=0x428ec530, aRenderingContext=@0x3e60b030, aDirtyRect=@0xbfffc150, aPt=@0xbfffc0d8) at /Users/roc/mozilla-checkin/mozilla/layout/svg/base/src/nsSVGOuterSVGFrame.cpp:589
#10 0x1578f22c in nsDisplaySVG::Paint (this=0x2374a1c, aBuilder=0xbfffc1d8, aCtx=0x3e60b030, aDirtyRect=@0xbfffc150) at /Users/roc/mozilla-checkin/mozilla/layout/svg/base/src/nsSVGOuterSVGFrame.cpp:445
Flags: blocking1.9?

Updated

10 years ago
Flags: blocking1.9? → blocking1.9+
Priority: -- → P2

Comment 1

10 years ago
I'm not seeing this crash in 
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9b2pre) Gecko/2007120623 Minefield/3.0b2pre

I couldn't get it in my previous build either, from a week or so ago; and beta 1 doesn't crash. However, beta 1 shows and animates the vocal folds, they don't show up for me in these recent builds. They'd be rendered via the path above, so seems likely to be the same bug. Not sure why I don't get the crash though.

Comment 2

10 years ago
I get the crash now in debug builds. However, it seems vlad has already fixed this on cairo master, in this commit:

http://gitweb.freedesktop.org/?p=cairo;a=commit;h=150564c7f8792fa2217fc2574e9e1925c9cd500f

(setting the value of extents ends up overwriting the contents of pat_surf, causing the crash; using the correct size for extents fixes the bug)

Updated

10 years ago
Blocks: 408145

Updated

10 years ago
Duplicate of this bug: 408145
Assignee: nobody → vladimir
Checked in patch from upstream; still need to do a cairo update soon, but wanted to get this in beforehand.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Flags: in-testsuite?

Comment 5

10 years ago
in-testsuite+: there are svg:mask testcases that are marked as "skip-if mac" due to this bug.
Flags: in-testsuite? → in-testsuite+

Comment 6

10 years ago
Oh, I misread comment 4 earlier.  I have re-enabled those tests now.
verified fixed using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9pre) Gecko/2008050621 Firefox/3.0pre and the url from comment #0 -> no crash

--> Verified fixed
Status: RESOLVED → VERIFIED
Keywords: crash
You need to log in before you can comment on or make changes to this bug.