New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 753254 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 2017
Cc:
ranjitkan@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

crash caused by SVG text element with matrix transform

Reported by pa...@inutilfutil.com, Aug 8 2017 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36

Steps to reproduce the problem:
1. Go to https://jsfiddle.net/7542rpa6/
2. Chrome tab takes up all CPU for a while
3. Tab crashes

What is the expected behavior?
Page doesn't crash, SVG file is shown

What went wrong?
I'm using a matrix transform to create "3D" effects with SVG images.
Sometimes, when the 3d orientation yields a very skewed matrix, chrome crashes.

I may be wrong, but as far as I can tell the problem only affects text elements, and the code gets stuck inside FreeType library (in FT_Outline_Render)

This is one example SVG element that crashes the page:

<svg viewBox="0 0 800 800" height="800" width="800" xmlns="http://www.w3.org/2000/svg" style="font-family:&quot;Lucida Grande&quot;, &quot;Lucida Sans Unicode&quot;, Arial, Helvetica, sans-serif;font-size:12px;">
  <text transform="matrix(0.0001,-0.25,0,1,597.7063184567365,154.06755614742025)">
    <tspan>Foobar</tspan>
  </text>
</svg>

For context, I'm working on a 3D chart demo based on Highcharts: http://jsfiddle.net/rb31w59p/.
Just set the value of Beta to 90.01 and it will crash.

Crashed report ID: ba72effc84000000

How much crashed? Just one tab

Is it a problem with a plugin? No 

Did this work before? N/A 

Chrome version: 59.0.3071.115  Channel: stable
OS Version: Ubuntu 17.04
Flash Version:

Comment 1 by ranjitkan@chromium.org, Aug 11 2017

Cc: ranjitkan@chromium.org
@paulo: Thanks for filing the issue, we are unable to reproduce the issue using chrome stable version 60.0.3112.90 using Ubuntu 14.04 OS. Navigated to the js fiddle provided. 

Stack trace for the Crash ID provided do not have any relevant information:

Stack trace:
============
Thread 7 (id: 9875) CRASHED [SIGSEGV @ 0x00007ef67f194bc8 ]
Stack Quality0%Show frame trust levels
0x00007efe90675508	(libfreetype.so.6.12.3 + 0x00066508 )	
0x00007efe9067607c	(libfreetype.so.6.12.3 + 0x0006707c )	
0x00007efe9067627a	(libfreetype.so.6.12.3 + 0x0006727a )	
0x00007efe90676a31	(libfreetype.so.6.12.3 + 0x00067a31 )	
0x00007efe90623ab7	(libfreetype.so.6.12.3 + 0x00014ab7 )	
0x00007efe906755fa	(libfreetype.so.6.12.3 + 0x000665fa )	
0x00007efe90675c10	(libfreetype.so.6.12.3 + 0x00066c10 )	
0x00007efe90674bda	(libfreetype.so.6.12.3 + 0x00065bda )	
0x00007efe90675f2d	(libfreetype.so.6.12.3 + 0x00066f2d )	

Request you to please check the example provided and try the same on the latest stable available. Please update us with your observations.

Thanks.!

Comment 2 by ranjitkan@chromium.org, Aug 11 2017

Labels: Needs-Milestone

Comment 3 by pa...@inutilfutil.com, Aug 11 2017 

The latest version indeed fixes this issue.
Thanks!

Comment 4 by hdodda@chromium.org, Aug 14 2017

Status: WontFix (was: Unconfirmed)
As per comment #3, closing this issue as it no-longer exists. Please feel free to raise a new issue , if any issues faced in latest chrome channels.

Thanks!

Sign in to add a comment