Bug 1267272 - NULL pointer mozilla::dom::SVGSVGElement::GetIntrinsicHeight. r=seth
new file mode 100644
--- /dev/null
+++ b/dom/svg/crashtests/1267272-1.svg
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+ <filter id="f">
+ <feImage xlink:href="invalid-image.svg"/>
+ </filter>
+ <rect filter='url(#f)' width="1" height="1"/>
+</svg>
--- a/dom/svg/crashtests/crashtests.list
+++ b/dom/svg/crashtests/crashtests.list
@@ -70,11 +70,12 @@ load 880544-1.svg
load 880544-2.svg
load 880544-3.svg
load 880544-4.svg
load 880544-5.svg
load 898915-1.svg
load 1035248-1.svg
load 1035248-2.svg
load 1244898-1.xhtml
+load 1267272-1.svg
# Disabled for now due to it taking a very long time to run - bug 1259356
#load long-clipPath-reference-chain.svg
load zero-size-image.svg
new file mode 100644
--- /dev/null
+++ b/dom/svg/crashtests/invalid-image.svg
@@ -0,0 +1,1 @@
+X
--- a/image/VectorImage.cpp
+++ b/image/VectorImage.cpp
@@ -681,16 +681,20 @@ VectorImage::IsOpaque()
{
return false; // In general, SVG content is not opaque.
}
//******************************************************************************
NS_IMETHODIMP_(already_AddRefed<SourceSurface>)
VectorImage::GetFrame(uint32_t aWhichFrame, uint32_t aFlags)
{
+ if (mError) {
+ return nullptr;
+ }
+
// Look up height & width
// ----------------------
SVGSVGElement* svgElem = mSVGDocumentWrapper->GetRootSVGElem();
MOZ_ASSERT(svgElem, "Should have a root SVG elem, since we finished "
"loading without errors");
nsIntSize imageIntSize(svgElem->GetIntrinsicWidth(),
svgElem->GetIntrinsicHeight());
