Closed Bug 454945 Opened 16 years ago Closed 16 years ago

Crash [@ nsSVGIntegrationUtils::GetInvalidAreaForChangedSource][@ nsSVGPropertyBase::GetReferencedFrame] with 2 filters and removing style

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: martijn.martijn, Unassigned)

References

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(2 files)

testcase
305 bytes, application/xhtml+xml
Details
stack from debug build
2.86 KB, text/plain
Details
Attached file testcase 
See testcase which crashes current trunk build, within 100ms.

http://crash-stats.mozilla.com/report/index/4bb24cf3-806b-11dd-b191-0013211cbf8a?p=1
0  	 	@0x1  	
1 	xul.dll 	nsSVGIntegrationUtils::GetInvalidAreaForChangedSource 	
2 	xul.dll 	xul.dll@0x308f25 	
3 	xul.dll 	nsIFrame::Invalidate 	
4 	xul.dll 	nsFrameManager::RemoveFrame 	
5 	xul.dll 	nsCSSFrameConstructor::ContentRemoved 	
6 	xul.dll 	nsCSSFrameConstructor::RecreateFramesForContent 	
7 	xul.dll 	nsCSSFrameConstructor::ProcessRestyledFrames 	
8 	xul.dll 	nsCSSFrameConstructor::RestyleElement 	
9 	xul.dll 	nsCSSFrameConstructor::ProcessOneRestyle 	
10 	xul.dll 	nsCSSFrameConstructor::ProcessPendingRestyles 	
11 	xul.dll 	PresShell::DoFlushPendingNotifications 	
12 	xul.dll 	PresShell::FlushPendingNotifications 	
13 	xul.dll 	nsDocument::FlushPendingNotifications 	
14 	xul.dll 	nsGenericElement::GetPrimaryFrame 	
15 	xul.dll 	nsGenericElement::GetStyledFrame 	
16 	xul.dll 	nsNSElementTearoff::GetScrollInfo 	
17 	xul.dll 	nsNSElementTearoff::SetScrollLeft 	
18 	xul.dll 	NS_InvokeByIndex_P 	
19 	xul.dll 	XPCWrappedNative::CallMethod
Attached file stack from debug build 
>	gklayout.dll!nsSVGPropertyBase::GetReferencedFrame(nsIAtom * aFrameType=0x012d7a18, int * aOK=0x0012ed38)  Line 68 + 0xe bytes	C++
 	gklayout.dll!nsSVGFilterProperty::GetFilterFrame(int * aOK=0x0012ed38)  Line 109	C++
 	gklayout.dll!nsSVGEffects::GetFilterFrame(nsIFrame * aFrame=0x0989cc28)  Line 193 + 0x12 bytes	C++
 	gklayout.dll!nsSVGIntegrationUtils::GetInvalidAreaForChangedSource(nsIFrame * aFrame=0x0989cc28, const nsRect & aInvalidRect={...})  Line 141 + 0x9 bytes	C++
 	gklayout.dll!nsIFrame::InvalidateInternal(const nsRect & aDamageRect={...}, int aX=0, int aY=0, nsIFrame * aForChild=0x00000000, int aImmediate=0)  Line 3709 + 0x2c bytes	C++
 	gklayout.dll!nsIFrame::Invalidate(const nsRect & aDamageRect={...}, int aImmediate=0)  Line 3655	C++
 	gklayout.dll!nsFrameManager::RemoveFrame(nsIFrame * aParentFrame=0x0cfb1b84, nsIAtom * aListName=0x00000000, nsIFrame * aOldFrame=0x0989cc28)  Line 693 + 0x17 bytes	C++
 	gklayout.dll!nsCSSFrameConstructor::ContentRemoved(nsIContent * aContainer=0x05e191d8, nsIContent * aChild=0x0cec61d8, int aIndexInContainer=3, int * aDidReconstruct=0x0012efd4)  Line 9457 + 0x12 bytes	C++
 	gklayout.dll!nsCSSFrameConstructor::RecreateFramesForContent(nsIContent * aContent=0x0cec61d8)  Line 11080 + 0x1d bytes	C++
etc..
Summary: Crash [@ nsSVGIntegrationUtils::GetInvalidAreaForChangedSource] with 2 filters and removing style → Crash [@ nsSVGIntegrationUtils::GetInvalidAreaForChangedSource][@ nsSVGPropertyBase::GetReferencedFrame] with 2 filters and removing style
I guess this will be fixed by bug 455984.
Depends on: 455984
Bug still occurs. It's essentially the same as bug 455314.
Depends on: 455314
Crashes in a different place on Mac: [@ nsSVGRenderingObserver::GetReferencedFrame]
Depends on: 458493
longsonr has a patch in bug 458493.
Assignee: nobody → longsonr
OS: Windows XP → All
Hardware: PC → All
not any more I don't :-(
Assignee: longsonr → nobody
No longer depends on: 458493
Fixed by bug 455314.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Flags: in-testsuite?
Crash Signature: [@ nsSVGIntegrationUtils::GetInvalidAreaForChangedSource] [@ nsSVGPropertyBase::GetReferencedFrame]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: