Crashes while loading certain .SVG files

RESOLVED WORKSFORME

Status

()

Core
SVG
--
critical
RESOLVED WORKSFORME
5 years ago
5 years ago

People

(Reporter: mailc23, Assigned: jwatt)

Tracking

({crash, regression, reproducible})

15 Branch
x86
Linux
crash, regression, reproducible
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox15+ wontfix, firefox16- affected, firefox17- affected, firefox18-)

Details

(crash signature)

Attachments

(1 attachment)

600.62 KB, application/zip
Details
(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0
Build ID: 20120731150526

Steps to reproduce:

Open one of the following .SVG files:
* https://upload.wikimedia.org/wikipedia/commons/archive/b/bd/20120719043656%21Test.svg
* https://upload.wikimedia.org/wikipedia/de/archive/0/00/20120806153955%21Erzbistum_K%C3%B6ln_Logo.svg


Actual results:

Crash


Expected results:

No crash
(Reporter)

Comment 1

5 years ago
It seems nearly every fifth file produces a crash:
https://commons.wikimedia.org/wiki/File:Test.svg#filehistory

Comment 2

5 years ago
These files don't crash for me in 15.0 Beta or Nightly on Windows.

Can you provide the crash ID from about:crashes?
Does it happen in Safe Mode (see https://support.mozilla.org/kb/troubleshoot-firefox-issues-using-safe-mode)?

Comment 3

5 years ago
Cannot Repro on WinXP - probably a Linux-only bug.
(Reporter)

Comment 4

5 years ago
* It's only? on Linux (Ubuntu?)
* about:crashes does not contain any crashes from today
* It does also happen in safe mode
* It does also crash in Nightly
* Works in FF14!

Comment 5

5 years ago
Can you provide a valid stack trace (see https://wiki.ubuntu.com/MozillaTeam/Bugs#Run_Firefox_in_a_Debugger)?

Comment 6

5 years ago
Regression window(m-c)
Good:
http://hg.mozilla.org/mozilla-central/rev/762e95608da3
Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/15 Firefox/15.0a1 ID:20120517030523
Crash:
http://hg.mozilla.org/mozilla-central/rev/e794cef56df6
Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/15 Firefox/15.0a1 ID:20120518030516
Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=762e95608da3&tochange=e794cef56df6


Regression window(m-i)
Good:
http://hg.mozilla.org/integration/mozilla-inbound/rev/55b4de9a4f53
Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/15 Firefox/15.0a1 ID:20120516040218
Crash:
http://hg.mozilla.org/integration/mozilla-inbound/rev/12f13acb5ea8
Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/15 Firefox/15.0a1 ID:20120517040216
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=55b4de9a4f53&tochange=12f13acb5ea8



In local build
Last Good: d3b11e443f04
First Bad: 05a339620439

Triggered by: 05a339620439	Jonathan Watt — Bug 734082 - Compute and store bounds and visual overflow bounds for both SVG leaf and container frames. r=roc.
Blocks: 734082

Updated

5 years ago
Severity: normal → critical
Status: UNCONFIRMED → NEW
Component: Untriaged → SVG
Ever confirmed: true
Keywords: crash, regression, reproducible
Product: Firefox → Core

Comment 7

5 years ago
Created attachment 649633 [details]
gdb log

Updated

5 years ago
Crash Signature: [@ nsRegion::SetToElements]
Jonathan, can you take a look?
tracking-firefox15: --- → ?
tracking-firefox16: --- → ?
tracking-firefox17: --- → ?
Reproducible crash, so tracking and adding Johnathan as the assignee for now to investigate.
Assignee: nobody → jwatt
status-firefox15: --- → affected
status-firefox16: --- → affected
status-firefox17: --- → affected
tracking-firefox15: ? → +
tracking-firefox16: ? → +
tracking-firefox17: ? → +

Updated

5 years ago
Duplicate of this bug: 782229
Looks like a stack overflow crash similar to bug 767056. Let's see if that fixes it.
Depends on: 767056
Wontfixing for FF15 as bug 767056 won't be making it into Beta. Patches ready to be uplifted to Aurora are most welcome (for either bug).
status-firefox15: affected → wontfix
Can someone who can reproduce this try one of the Try server builds from the following link to see if bug 767056 fixes this too?

https://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/jwatt@jwatt.org-f5886441f001/
(Reporter)

Comment 14

5 years ago
...seems to be fixed for me
Excellent
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WORKSFORME
Duplicate of this bug: 788198
(Reporter)

Updated

5 years ago
tracking-firefox18: --- → ?
Duplicate of this bug: 788277
tracking-firefox16: + → -
tracking-firefox17: + → -
tracking-firefox18: ? → -
You need to log in before you can comment on or make changes to this bug.