Closed Bug 975773 Opened 6 years ago Closed 6 years ago

Hit MOZ_CRASH(this shouldn't be called for filters without inputs) [@ mozilla::gfx::SourceNeededRegionForPrimitive]

Categories

(Core :: Layout, defect, critical)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla30
Tracking Status
firefox27 --- unaffected
firefox28 + fixed
firefox29 + fixed
firefox30 --- fixed
b2g-v1.3 --- fixed
b2g-v1.3T --- fixed
b2g-v1.4 --- fixed

People

(Reporter: jruderman, Assigned: mstange)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, crash, testcase)

Crash Data

Attachments

(3 files)

Hit MOZ_CRASH(this shouldn't be called for filters without inputs) at gfx/src/FilterSupport.cpp:1415
Attached file stack
Crash Signature: [@ mozilla::gfx::SourceNeededRegionForPrimitive] → [@ mozilla::gfx::SourceNeededRegionForPrimitive] [@ mozilla::gfx::FilterSupport::ComputeSourceNeededRegions]
Attached patch v1Splinter Review
aDescription.Type() is FilterPrimitiveDescription::eNone here, because the specular lighting filter primitive refuses to be created at http://dxr.mozilla.org/mozilla-central/source/content/svg/content/src/nsSVGFilters.cpp?from=nsSVGFilters.cpp:515#517 because it has no frame. In nsSVGFilterInstance::BuildPrimitives(), we don't check the primitive's type and assign the inputs regardless, so the resulting eNone filter has NumberOfInputs() == 1. And there's nothing wrong with that, so we should just not crash in that case.
Assignee: nobody → mstange
Status: NEW → ASSIGNED
Attachment #8380553 - Flags: review?(roc)
https://hg.mozilla.org/mozilla-central/rev/3cfdf8037ca3
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
This was caused by bug 924103 and affects Firefox 28 and 29 as well.
Comment on attachment 8380553 [details] [diff] [review]
v1

[Approval Request Comment]
Bug caused by (feature/regressing bug #): bug 924103
User impact if declined: crash on specifically-constructed web pages
Testing completed (on m-c, etc.): local testing + patch contains crashtest
Risk to taking this patch (and alternatives if risky): extremely low
String or IDL/UUID changes made by this patch: none
Attachment #8380553 - Flags: approval-mozilla-beta?
Attachment #8380553 - Flags: approval-mozilla-aurora?
Attachment #8380553 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Attachment #8380553 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.