Closed
Bug 975773
Opened 10 years ago
Closed 10 years ago
Hit MOZ_CRASH(this shouldn't be called for filters without inputs) [@ mozilla::gfx::SourceNeededRegionForPrimitive]
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
FIXED
mozilla30
People
(Reporter: jruderman, Assigned: mstange)
References
Details
(Keywords: assertion, crash, testcase)
Crash Data
Attachments
(3 files)
258 bytes,
image/svg+xml
|
Details | |
21.06 KB,
text/plain
|
Details | |
2.13 KB,
patch
|
roc
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
Hit MOZ_CRASH(this shouldn't be called for filters without inputs) at gfx/src/FilterSupport.cpp:1415
Reporter | ||
Comment 1•10 years ago
|
||
Reporter | ||
Updated•10 years ago
|
Crash Signature: [@ mozilla::gfx::SourceNeededRegionForPrimitive] → [@ mozilla::gfx::SourceNeededRegionForPrimitive]
[@ mozilla::gfx::FilterSupport::ComputeSourceNeededRegions]
Assignee | ||
Comment 2•10 years ago
|
||
aDescription.Type() is FilterPrimitiveDescription::eNone here, because the specular lighting filter primitive refuses to be created at http://dxr.mozilla.org/mozilla-central/source/content/svg/content/src/nsSVGFilters.cpp?from=nsSVGFilters.cpp:515#517 because it has no frame. In nsSVGFilterInstance::BuildPrimitives(), we don't check the primitive's type and assign the inputs regardless, so the resulting eNone filter has NumberOfInputs() == 1. And there's nothing wrong with that, so we should just not crash in that case.
Attachment #8380553 -
Flags: review?(roc) → review+
Comment 3•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/3cfdf8037ca3
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
Assignee | ||
Comment 4•10 years ago
|
||
This was caused by bug 924103 and affects Firefox 28 and 29 as well.
Blocks: 924103
status-firefox27:
--- → unaffected
status-firefox28:
--- → affected
status-firefox29:
--- → affected
status-firefox30:
--- → fixed
tracking-firefox28:
--- → ?
tracking-firefox29:
--- → ?
Assignee | ||
Comment 5•10 years ago
|
||
Comment on attachment 8380553 [details] [diff] [review] v1 [Approval Request Comment] Bug caused by (feature/regressing bug #): bug 924103 User impact if declined: crash on specifically-constructed web pages Testing completed (on m-c, etc.): local testing + patch contains crashtest Risk to taking this patch (and alternatives if risky): extremely low String or IDL/UUID changes made by this patch: none
Attachment #8380553 -
Flags: approval-mozilla-beta?
Attachment #8380553 -
Flags: approval-mozilla-aurora?
Updated•10 years ago
|
Attachment #8380553 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•10 years ago
|
Attachment #8380553 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Updated•10 years ago
|
Updated•10 years ago
|
status-b2g-v1.3:
--- → fixed
status-b2g-v1.4:
--- → fixed
Updated•10 years ago
|
status-b2g-v1.3T:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•