Closed
Bug 462369
Opened 16 years ago
Closed 16 years ago
Crash [@ nsSVGEffects::AddRenderingObserver] with filter, position: inherit and removing element
Categories
(Core :: SVG, defect, P2)
Tracking
()
VERIFIED
FIXED
People
(Reporter: martijn.martijn, Assigned: roc)
References
Details
(Keywords: crash, testcase, verified1.9.1, Whiteboard: [depends on 455314])
Crash Data
Attachments
(1 file)
550 bytes,
application/vnd.mozilla.xul+xml
|
Details |
See testcase, which crashes current trunk build after 100ms. I guess this might perhaps get fixed by bug 455314 or related bugs. http://crash-stats.mozilla.com/report/index/23500bae-a69d-11dd-b302-001a4bd43ed6?p=1 0 xul.dll nsSVGEffects::AddRenderingObserver layout/svg/base/src/nsSVGEffects.cpp:428 1 xul.dll nsSVGRenderingObserver::GetReferencedFrame layout/svg/base/src/nsSVGEffects.cpp:89 2 xul.dll nsSVGRenderingObserver::GetReferencedFrame layout/svg/base/src/nsSVGEffects.cpp:99 3 xul.dll nsSVGFilterProperty::GetFilterFrame layout/svg/base/src/nsSVGEffects.cpp:183 4 xul.dll nsSVGEffects::GetFilterFrame layout/svg/base/src/nsSVGEffects.h:257 5 xul.dll nsSVGIntegrationUtils::GetInvalidAreaForChangedSource layout/svg/base/src/nsSVGIntegrationUtils.cpp:144 6 xul.dll xul.dll@0x2d9e28 7 xul.dll nsBlockFrame::InvalidateInternal layout/generic/nsBlockFrame.cpp:515 8 xul.dll nsIFrame::InvalidateWithFlags layout/generic/nsFrame.cpp:3654 9 xul.dll nsIFrame::Invalidate layout/generic/nsIFrame.h:1678 10 xul.dll nsFrameManager::RemoveFrame layout/base/nsFrameManager.cpp:697 11 xul.dll DeletingFrameSubtree layout/base/nsCSSFrameConstructor.cpp:9254 12 xul.dll nsCSSFrameConstructor::ContentRemoved layout/base/nsCSSFrameConstructor.cpp:9439 13 xul.dll PresShell::ContentRemoved layout/base/nsPresShell.cpp:4760 14 xul.dll nsNodeUtils::ContentRemoved content/base/src/nsNodeUtils.cpp:168 15 xul.dll nsGenericElement::doRemoveChildAt content/base/src/nsGenericElement.cpp:3359 16 xul.dll nsXULElement::RemoveChildAt content/xul/content/src/nsXULElement.cpp:989 17 xul.dll nsGenericElement::doReplaceOrInsertBefore content/base/src/nsGenericElement.cpp:3738
Comment 1•16 years ago
|
||
This bug, bug 462369, bug 455314, bug 461289, bug 454945 and bug 458453 are all the same. In each one nsSVGIntegrationUtils::GetInvalidAreaForChangedSource calls nsSVGFilterProperty::GetFilterFrame while the filter frame is being destroyed and crashes.
Comment 2•16 years ago
|
||
bug 461289 is the odd one out. It does not have a non-SVG frame containing a filter which is then removed so that one is a different issue.
Reporter | ||
Updated•16 years ago
|
Flags: blocking1.9.1?
Assignee | ||
Updated•16 years ago
|
Flags: blocking1.9.1? → blocking1.9.1+
Assignee | ||
Updated•16 years ago
|
Priority: -- → P2
Assignee | ||
Updated•16 years ago
|
Assignee: nobody → roc
Whiteboard: [depends on 455314]
Reporter | ||
Comment 3•16 years ago
|
||
Fixed by bug 455314.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Comment 4•15 years ago
|
||
... which landed on 1.9.1 in bug 455314 comment 27. Hence, this should be fixed there, too.
Keywords: fixed1.9.1
Comment 5•15 years ago
|
||
verified FIXED On builds (i.e. attached testcase does not crash firefox): Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090603 Minefield/3.6a1pre (.NET CLR 3.5.30729) ID:20090603045425 and Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1pre) Gecko/20090603 Shiretoko/3.5pre (.NET CLR 3.5.30729) ID:20090603042055
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1 → verified1.9.1
Updated•13 years ago
|
Crash Signature: [@ nsSVGEffects::AddRenderingObserver]
You need to log in
before you can comment on or make changes to this bug.
Description
•