Closed Bug 615423 Opened 14 years ago Closed 14 years ago

Shutdown crash [@ mozilla::imagelib::SVGDocumentWrapper::StartAnimation]

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla2.0b9
Tracking Flags:
Tracking Status
blocking2.0 --- final+

People

(Reporter: jruderman, Assigned: dholbert)

References

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(4 files, 1 obsolete file)

stack trace
18.59 KB, text/plain
Details
inner.svg (part of testcase)
66 bytes, image/svg+xml
Details
c.svg (part of testcase)
210 bytes, image/svg+xml
Details
fix
1.47 KB, patch
roc
: review+
Details | Diff | Splinter Review
Attached file stack trace 
      No description provided.

    
    

    
  


  

    
    

    
  
Steps to reproduce:
1. Save inner.svg and c.svg to the same directory.
2. Load c.svg.
3. Quit Firefox.

Result: Crash during shutdown 
[@ mozilla::imagelib::SVGDocumentWrapper::StartAnimation]

    
    

    
  
bp-bfe4f4b6-6db4-4fa7-844e-83fff2101129 (no other reports with this signature).

    
    

    
  

      
      
      
      

        Attached patch
          
          
        fix? (obsolete)
        — Splinter Review
      

    


  
Looks like we just need to handle the case where document teardown triggers a spurious (ignorable) StartAnimation call after XPCOM shutdown.

This patch should fix it. (just adding a null-check before the null-deref that's crashing here.)
Assignee: nobody → dholbert
Status: NEW → ASSIGNED

    
    

    
  
(Will request review after I verify that this fixes it & write an automated test.)
blocking2.0: --- → ?

    
  
Summary: Crash [@ mozilla::imagelib::SVGDocumentWrapper::StartAnimation] → Shutdown crash [@ mozilla::imagelib::SVGDocumentWrapper::StartAnimation]

    
    

    
  

      
      
      
      

        Attached patch
          
          
        fixSplinter Review
      

    


  
Here's the fix again.  I verified that it fixes the crash.

It turns out that creating an automated test for this is non-trivial, though... The attached testcase only crashes if you quit Firefox (run mozilla::ShutdownXPCOM) *while* viewing the testcase.  As soon as you navigate to a different page (which the crashtest suite does many times before shutdown), you're safe from crashing.

dbaron says that this might be testable with an xpcshell test, but that this would be a fair amount of work to write.  So, I'm tempted to skip the automated test for this bug, since this is just a null-check to prevent a null-deref at shutdown (which only happens with a semi-crazy fuzzer testcase)...

        Attachment #496023 -
        Attachment is obsolete: true

        Attachment #498363 -
        Flags: review?(roc)

    
  
OS: Mac OS X → All
Hardware: x86 → All

    
    

    
  
(btw, new fix is identical to old fix - I just tweaked the comment slightly)

    
    

    
  
(In reply to comment #7)
> dbaron says that this might be testable with an xpcshell test, but that this
> would be a fair amount of work to write.  So, I'm tempted to skip the automated
> test for this bug, since this is just a null-check

Yeah, don't spend lots of time on that. Let's land this and move on to more pressing things.

    
    

    
  
Landed: http://hg.mozilla.org/mozilla-central/rev/bc5f97f02556
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b9
Crash Signature: [@ mozilla::imagelib::SVGDocumentWrapper::StartAnimation]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: