Closed
Bug 623945
Opened 14 years ago
Closed 14 years ago
Firefox 4.0b9pre Crash [@ mozilla::imagelib::SVGDocumentWrapper::StopAnimation() ]
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
RESOLVED
FIXED
People
(Reporter: marcia, Assigned: dholbert)
Details
(Keywords: crash, crashreportid, reproducible)
Crash Data
Attachments
(1 file, 1 obsolete file)
|
5.04 KB,
patch
|
roc
:
review+
joe
:
approval2.0+
|
Details | Diff | Splinter Review |
Seen while reviewing trunk crash stats. Crashes started showing up using the 2011010100 build. http://tinyurl.com/2cto7d8 to the crashes which are all Windows. Possible pushlog regression range: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=b083bc8b79ab&tochange=b2275b45a33d Frame Module Signature [Expand] Source 0 xul.dll mozilla::imagelib::SVGDocumentWrapper::StopAnimation modules/libpr0n/src/SVGDocumentWrapper.cpp:224 1 xul.dll mozilla::imagelib::SVGDocumentWrapper::OnStartRequest modules/libpr0n/src/SVGDocumentWrapper.cpp:273 2 xul.dll mozilla::imagelib::VectorImage::OnStartRequest modules/libpr0n/src/VectorImage.cpp:640 3 xul.dll imgRequest::OnDataAvailable 4 xul.dll nsRefPtr<nsPresContext>::~nsRefPtr<nsPresContext> obj-firefox/dist/include/nsAutoPtr.h:969 5 xul.dll NS_TableDrivenQI obj-firefox/xpcom/build/nsISupportsImpl.cpp:49 6 xul.dll nsBaseChannel::QueryInterface netwerk/base/src/nsBaseChannel.cpp:339 7 xul.dll nsACString_internal::Assign xpcom/string/src/nsTSubstring.cpp:390 8 xul.dll nsBaseChannel::GetContentType netwerk/base/src/nsBaseChannel.cpp:495 9 xul.dll nsRefPtr<nsPresContext>::~nsRefPtr<nsPresContext> obj-firefox/dist/include/nsAutoPtr.h:969 10 xul.dll ProxyListener::OnStartRequest modules/libpr0n/src/imgLoader.cpp:2000 11 xul.dll ProxyListener::OnDataAvailable modules/libpr0n/src/imgLoader.cpp:2019 12 xul.dll nsBaseChannel::OnDataAvailable netwerk/base/src/nsBaseChannel.cpp:755 13 xul.dll nsInputStreamPump::OnStateTransfer netwerk/base/src/nsInputStreamPump.cpp:510
|
Assignee | |
Comment 2•14 years ago
|
||
This exact crash doesn't ring any bells, but looks easy to fix.
It's crashing on a null-deref on the last line here:
> 221 nsIDocument* doc = mViewer->GetDocument();
> 222 if (doc) {
> 223#ifdef MOZ_SMIL
> 224 doc->GetAnimationController()->Pause(nsSMILTimeContainer::PAUSE_IMAGE);
We've already null-checked |doc|, so that's not null -- so it must be that |doc->GetAnimationController()| returns null.
...and that can easily happen if SMIL or image animations are disabled via an about:config pref, or for a few other reasons.
So I think we just need to null-check |doc->GetAnimationController()| there.
(I'm guessing the date that this started showing up corresponds more to when a particular user flipped a particular pref, or started using nightlies with an already-flipped pref. This has likely been a bug for a little while.)|
|
Assignee | |
Comment 3•14 years ago
|
||
Confirmed crash -- here are STEPS TO REPRODUCE: 1. Toggle about:config pref svg.smil.enabled --> false 2. Visit http://blog.dholbert.org/2010/10/svg-as-image.html --> CRASH [@ mozilla::imagelib::SVGDocumentWrapper::StopAnimation ] bp-f5eab1fd-67e9-4521-8fa1-628fd2110107
|
|
Assignee | |
Comment 4•14 years ago
|
||
Working on an automated test. (probably a mochitest, not a crashtest, since I need to flip a pref to trigger this crash.)
Attachment #502118 -
Flags: review?(roc)
|
Reporter | |
Updated•14 years ago
|
Keywords: reproducible
|
|
Assignee | |
Comment 5•14 years ago
|
||
Here's the fix with a crashtest loaded into an iframe, in a mochitest that toggles the svg.smil.enabled pref off for its duration.
I've confirmed that the mochitest passes with the fix, and fails without the fix. The failure looks like this, since we crash:
>TEST-UNEXPECTED-FAIL | /tests/content/svg/content/test/test_SVGAnimatedImageSMILDisabled.html | Exited with code -11 during test run
Attachment #502118 -
Attachment is obsolete: true
Attachment #502152 -
Flags: review?(roc)
Attachment #502118 -
Flags: review?(roc)
Attachment #502152 -
Flags: review?(roc) → review+
|
|
Assignee | |
Comment 6•14 years ago
|
||
Comment on attachment 502152 [details] [diff] [review] fix v1 now w/ test Requesting approval. Simple well-understood fix, fixes crash, includes tests.
Attachment #502152 -
Flags: approval2.0?
|
||
Comment 7•14 years ago
|
||
Comment on attachment 502152 [details] [diff] [review] fix v1 now w/ test It's like you have a key to my heart.
Attachment #502152 -
Flags: approval2.0? → approval2.0+
|
|
Assignee | |
Updated•14 years ago
|
Whiteboard: [needs landing]
|
|
Assignee | |
Comment 8•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/2bf97aec7fdd
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Whiteboard: [needs landing]
|
||
Updated•13 years ago
|
Crash Signature: [@ mozilla::imagelib::SVGDocumentWrapper::StopAnimation() ]
You need to log in
before you can comment on or make changes to this bug.
Description
•