Closed Bug 778492 Opened 7 years ago Closed 7 years ago

SVG element too far outside viewBox crashes Firefox

Categories

(Core :: SVG, defect, critical)

x86
Linux
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: nickers, Assigned: jwatt)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(1 file)

Attached image crashes Firefox
Viewing the attached SVG file crashes Firefox:

$ ./firefox /tmp/crash.svg
Segmentation fault
$

The bug is also reproducible in nightly build 20120728030524 with a new profile. No crash report is generated.
It's a stack overflow:  bp-6eb14b02-e703-43a0-b9b7-485262120729

PresShell::DidDoReflow	layout/base/nsPresShell.cpp:7311
PresShell::ProcessReflowCommands	layout/base/nsPresShell.cpp:7610
PresShell::FlushPendingNotifications	layout/base/nsPresShell.cpp:3867
PresShell::DidDoReflow	layout/base/nsPresShell.cpp:7311
PresShell::ProcessReflowCommands	layout/base/nsPresShell.cpp:7610
PresShell::FlushPendingNotifications	layout/base/nsPresShell.cpp:3867
...

I can reproduce the crash with a 32-bit Linux build, but not 64-bit.
It's likely the same underlying problem as bug 762987 / bug 774561.
Severity: normal → critical
Component: General → SVG
Depends on: 762987
Product: Firefox → Core
Version: Trunk → unspecified
Status: UNCONFIRMED → NEW
Crash Signature: [@ nsIFrame::GetUsedBorderAndPadding]
Ever confirmed: true
Keywords: reproducible
bug 767056 has landed. Did it fix this crash?
WFM, in both 32-bit and 64-bit Linux builds.

nickers@lgav.ath.cx, please reopen the bug if you can still reproduce
the crash in a Nightly build, thanks.  http://nightly.mozilla.org/
Status: NEW → RESOLVED
Closed: 7 years ago
No longer depends on: 762987
Flags: in-testsuite?
Resolution: --- → WORKSFORME
Works for me as well :)
The bug is no longer reproducible in nightly build 20120902030516, thank you.
Pushed testcase:

https://hg.mozilla.org/integration/mozilla-inbound/rev/7d95f9ee1165
Flags: in-testsuite? → in-testsuite+
You need to log in before you can comment on or make changes to this bug.