Closed
Bug 842630
Opened 10 years ago
Closed 10 years ago
OOB in nsSVGTextFrame2::ResolvePositions with svg.text.css-frames.enabled
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
FIXED
mozilla22
People
(Reporter: jruderman, Assigned: longsonr)
References
Details
(Keywords: assertion, testcase)
Attachments
(3 files)
With: user_pref("svg.text.css-frames.enabled", true); the testcase causes an OOB array access in nsSVGTextFrame2::ResolvePositions, which is reported as: Assertion failure: i < Length() (invalid array index), at nsTArray.h:632
Reporter | ||
Comment 1•10 years ago
|
||
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → longsonr
Assignee | ||
Comment 2•10 years ago
|
||
Attachment #728767 -
Flags: review?(cam)
Updated•10 years ago
|
Attachment #728767 -
Flags: review?(cam) → review+
Assignee | ||
Comment 3•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/362d0632ed67
Assignee | ||
Updated•10 years ago
|
Flags: in-testsuite+
Comment 4•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/362d0632ed67
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla22
You need to log in
before you can comment on or make changes to this bug.
Description
•