Closed
Bug 473081
Opened 16 years ago
Closed 16 years ago
Tiny SVG causes Firefox to crash [@ nsGenericDOMDataNode::GetOwnerDocument ]
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: niki, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008123017 GranParadiso/3.0.5 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008123017 GranParadiso/3.0.5 When trying to render this SVG image, firefox crashes. Tested with different PCs. Reproducible: Always Steps to Reproduce: 1.Open the SVG-File http://baaa.ba.funpic.de/upl/img/bf4b5f4e640b7a47f8c6d6336e82ddd3.svg with Firefox Actual Results: Firefox crashed Expected Results: Not crashing but rendering the image. Firefox does not produce any bug related output when crashing. Content of the SVG file: <?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg version="1.0" width="200" height="200" xmlns="http://www.w3.org/2000/svg"> <title>SVG test</title> <style type="text/css"><![CDATA[text {font-size:60px; text-anchor:middle;}]]></style> <line x1="0.5" y1="0.5" x2="200.5" y2="200.5" fill="#000000" stroke="#FF0000" stroke-width="3" stroke-dasharray="none" /> <line x1="0.5" y1="200.5" x2="200.5" y2="0.5" fill="#000000" stroke="#0000FF" stroke-width="3" stroke-dasharray="1%, 1%" /> <circle cx="100.5" cy="100.5" r="50" fill="#00FF00" stroke="#000000" stroke-width="1" stroke-dasharray="1%, 1%" /> <text x="100.5" y="100.5" font-size="30px" fill="#00FF00" stroke="#000000" stroke-width="1" stroke-dasharray="1%, 1%">Igel</text> </svg>
Comment 1•16 years ago
|
||
Crashes 3. Does not crash 3.1 or trunk. (tested on Kubuntu 8.04.1) bp-7b28c041-7974-4561-8f5b-d368f2090111 0 libxul.so nsGenericDOMDataNode::GetOwnerDocument nsNodeInfoManager.h:117 1 libxul.so nsTextNode::GetOwnerDocument mozilla/content/base/src/nsTextNode.cpp:66 2 libxul.so nsSVGElement::GetCtx mozilla/content/svg/content/src/nsSVGElement.cpp:1007 3 libxul.so nsSVGLength::MaybeGetCtxRect mozilla/content/svg/content/src/nsSVGLength.cpp:606 4 libxul.so nsSVGLength::MaybeAddAsObserver mozilla/content/svg/content/src/nsSVGLength.cpp:617 5 libxul.so nsSVGLength::SetContext mozilla/content/svg/content/src/nsSVGLength.cpp:524 6 libxul.so nsSVGUtils::CoordToFloat mozilla/layout/svg/base/src/nsSVGUtils.cpp:664 7 libxul.so nsSVGGeometryFrame::GetStrokeDashArray mozilla/layout/svg/base/src/nsSVGGeometryFrame.cpp:219 8 libxul.so nsSVGGeometryFrame::SetupCairoStrokeHitGeometry mozilla/layout/svg/base/src/nsSVGGeometryFrame.cpp:421 9 libxul.so nsSVGGeometryFrame::SetupCairoStroke mozilla/layout/svg/base/src/nsSVGGeometryFrame.cpp:431 10 libxul.so nsSVGGlyphFrame::PaintSVG mozilla/layout/svg/base/src/nsSVGGlyphFrame.cpp:344 11 libxul.so nsSVGUtils::PaintChildWithEffects mozilla/layout/svg/base/src/nsSVGUtils.cpp:1380 12 libxul.so nsSVGDisplayContainerFrame::PaintSVG mozilla/layout/svg/base/src/nsSVGContainerFrame.cpp:183 13 libxul.so nsSVGTextFrame::PaintSVG mozilla/layout/svg/base/src/nsSVGTextFrame.cpp:250 14 libxul.so nsSVGUtils::PaintChildWithEffects mozilla/layout/svg/base/src/nsSVGUtils.cpp:1380 15 libxul.so nsSVGOuterSVGFrame::Paint mozilla/layout/svg/base/src/nsSVGOuterSVGFrame.cpp:585 16 libxul.so nsDisplaySVG::Paint mozilla/layout/svg/base/src/nsSVGOuterSVGFrame.cpp:465 17 libxul.so nsDisplayList::Paint const mozilla/layout/base/nsDisplayList.cpp:296 18 libxul.so nsDisplayClip::Paint mozilla/layout/base/nsDisplayList.cpp:693 19 libxul.so nsDisplayList::Paint const mozilla/layout/base/nsDisplayList.cpp:296 20 libxul.so nsLayoutUtils::PaintFrame mozilla/layout/base/nsLayoutUtils.cpp:988 21 libxul.so PresShell::Paint mozilla/layout/base/nsPresShell.cpp:5421 22 libxul.so nsViewManager::RenderViews mozilla/view/src/nsViewManager.cpp:614 23 libxul.so nsViewManager::Refresh mozilla/view/src/nsViewManager.cpp:502 24 libxul.so nsViewManager::DispatchEvent mozilla/view/src/nsViewManager.cpp:1134 ... ... In the future, please include a crash ID or stack trace with your report. Seeing as this already appears to be fixed for the next major release, closing as WFM.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Component: General → SVG
Product: Firefox → Core
QA Contact: general → general
Resolution: --- → WORKSFORME
Summary: Tiny SVG causes Firefox to crash → Tiny SVG causes Firefox to crash [@ nsGenericDOMDataNode::GetOwnerDocument ]
Version: unspecified → 1.9.0 Branch
Comment 2•16 years ago
|
||
If someone can find the bug where this was fixed, please dupe.
Comment 3•16 years ago
|
||
Oh, and looks like it does not crash latest 3.0.x. Expect fix in next update. Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6pre) Gecko/2009011104 GranParadiso/3.0.6pre
You need to log in
before you can comment on or make changes to this bug.
Description
•