Crash [@ nsUserFontSet::LogMessage] with data: URL

RESOLVED FIXED

Status

()

Core
Graphics
--
critical
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Jesse Ruderman, Assigned: jfkthame)

Tracking

(Blocks: 1 bug, {crash, regression, testcase})

Trunk
x86_64
Windows 7
crash, regression, testcase
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

(Reporter)

Description

6 years ago
Created attachment 546105 [details]
testcase (crashes Firefox when loaded)
(Assignee)

Comment 1

6 years ago
Created attachment 546116 [details] [diff] [review]
patch, check whether mURI is null

The problem arises because when a relative URI is used in a data: document, it fails to resolve (naturally), which leaves mURI null in the font-face source. Solution is to check before trying to retrieve the spec, and provide a generic placeholder if not available. (I'm not sure if there are other cases where mURI could be null, but this should protect us from them however it arises.)
Assignee: nobody → jfkthame
Attachment #546116 - Flags: review?(jdaggett)

Updated

6 years ago
Attachment #546116 - Flags: review?(jdaggett) → review+
There are other cases where mURI could be null.  For example, "http://spaces in hostname/".

Might be worth it to add a crashtest.
(Assignee)

Comment 3

6 years ago
http://hg.mozilla.org/mozilla-central/rev/911439385a90

I'll put together crashtests based on the examples in comment #0 and comment #2.
(Assignee)

Comment 4

6 years ago
Created attachment 546154 [details] [diff] [review]
crashtests

These testcases both hit the "null mURI" path in the @font-face load-failure logging code.
Attachment #546154 - Flags: review?(bzbarsky)
Comment on attachment 546154 [details] [diff] [review]
crashtests

r=me
Attachment #546154 - Flags: review?(bzbarsky) → review+
(Assignee)

Comment 6

6 years ago
Pushed crashtests:
http://hg.mozilla.org/mozilla-central/rev/85b1015168a0
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.