"ASSERTION: don't think me need this any more" with font-size: 0

RESOLVED FIXED in mozilla16

Status

()

defect
RESOLVED FIXED
8 years ago
7 years ago

People

(Reporter: jruderman, Assigned: jwatt)

Tracking

(Blocks 1 bug, {assertion, testcase})

Trunk
mozilla16
x86_64
macOS
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

Posted image testcase
###!!! ASSERTION: don't think me need this any more: 'Not Reached', file layout/svg/base/src/nsSVGOuterSVGFrame.h, line 148

This assertion was added in
https://hg.mozilla.org/mozilla-central/rev/2b4aed5ee94e#l2.17
as a (possibly-unreviewed) addition to the patch in bug 732429.

Fix this and I'll let you know if the fuzzer turns up any other testcases that trigger the assertion ;)
Blocks: 732429
Yeah, that was an assertion I added in just before pushing, since I wondered if we could actually just remove much of the code that was touched in the patch for bug 732429. We tried removing that code in bug 411334, but as noted in bug 411334 comment 3, doing so regressed gearflowers. Removing the code no longer seems to regress gearflowers, hence why I wondered if it could die now.

Thanks for fuzzing and finding this issue. It seems like we shouldn't be trying to paint SVG text that has a font-size of zero. Preventing that should be a simple patch, but I don't have time even for that right now. If nobody else writes the patch in the meantime, I'll get to it later.
Posted patch patchSplinter Review
Assignee: nobody → jwatt
Attachment #637748 - Flags: review?(roc)
Blocks: 769514
Comment on attachment 637748 [details] [diff] [review]
patch

Review of attachment 637748 [details] [diff] [review]:
-----------------------------------------------------------------

You had this in the other patch. I don't care which one it lands in.
Attachment #637748 - Flags: review?(roc) → review+
Pushed https://hg.mozilla.org/integration/mozilla-inbound/rev/fed6b276ad32
Target Milestone: --- → mozilla16
Flags: in-testsuite+
Keywords: regression
I checked in a test for this as well, which required a follow-up to fix it:

https://hg.mozilla.org/integration/mozilla-inbound/rev/ef04a2a3284e
Blocks: 614732
You need to log in before you can comment on or make changes to this bug.