Closed
Bug 849688
Opened 12 years ago
Closed 12 years ago
Crash with getStartPositionOfChar, svg.text.css-frames.enabled
Categories
(Core :: SVG, defect)
Core
SVG
Tracking
()
RESOLVED
FIXED
mozilla22
People
(Reporter: jruderman, Assigned: longsonr)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(3 files)
testcase
With:
user_pref("svg.text.css-frames.enabled", true);
Crash [@ gfxSkipCharsIterator::SetOffsets]
|
Reporter | |
Comment 1•12 years ago
|
||
|
||
Comment 2•12 years ago
|
||
On Windows: bp-a59c21b6-9b55-4b17-8d91-7c8652130311.
Crash Signature: [@ gfxSkipCharsIterator::SetOffsets(unsigned int, bool) ]
OS: Mac OS X → All
Hardware: x86_64 → All
|
Assignee | |
Updated•12 years ago
|
Assignee: nobody → longsonr
|
|
Assignee | |
Comment 3•12 years ago
|
||
Bug 843072 was almost right but not quite. We need to check we're at the end before calling Next(chars)
Attachment #724061 -
Flags: review?(dholbert)
|
|
Assignee | |
Updated•12 years ago
|
Attachment #724061 -
Attachment is patch: true
|
|
Assignee | |
Comment 4•12 years ago
|
||
The kid stuff is unused code and never gets hit.
|
||
Comment 5•12 years ago
|
||
Comment on attachment 724061 [details] [diff] [review]
patch
r=me, but this also means that Next() is buggy (or at least doesn't hold up to its documentation)
It's currently documented as follows:
> 2037 /**
> 2038 * Advances ahead aCount matching characters. Returns true if there were
> 2039 * enough characters to advance past, and false otherwise.
> 2040 */
> 2041 bool Next(uint32_t aCount);
which implies that it should just return false (not crash) if we're at the end & try to advance.
Could you file a followup on fixing that? Not sure if it'll still be possible to trigger that behavior after this bug's fixed, but it's a footgun waiting to be loaded when someone adds a Next() call elsewhere and trusts its documentation to be accurate. :)
Attachment #724061 -
Flags: review?(dholbert) → review+
|
|
Assignee | |
Comment 6•12 years ago
|
||
|
|
Assignee | |
Comment 7•12 years ago
|
||
|
|
Assignee | |
Comment 8•12 years ago
|
||
Created bug 655877 per cooment 5
|
|
||
Comment 9•12 years ago
|
||
(In reply to Robert Longson from comment #8)
> Created bug 655877 per cooment 5
looks like a mis-paste?
|
|
||
Comment 10•12 years ago
|
||
yeah, comment 7 meant to say "bug 850655"
|
|
Assignee | |
Comment 11•12 years ago
|
||
can't type comment either :-(
|
||
Comment 12•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla22
You need to log in
before you can comment on or make changes to this bug.
Description
•