12015 – svg/W3C-SVG-1.1/painting-marker-03-f.svg crashes

Bug 12015 - svg/W3C-SVG-1.1/painting-marker-03-f.svg crashes

Summary: svg/W3C-SVG-1.1/painting-marker-03-f.svg crashes

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	SVG (show other bugs)
Version:	420+
Hardware:	Mac OS X 10.4

Importance:	P1 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-12-28 11:44 PST by Alexey Proskuryakov
Modified:	2006-12-28 15:41 PST (History)
CC List:	0 users

See Also:

Attachments
Fix as described by ap (1.17 KB, patch) 2006-12-28 12:43 PST, Eric Seidel (no email)	rwlbuis: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexey Proskuryakov 2006-12-28 11:44:37 PST

Open this test in the browser, or 
run-webkit-tests --pixel svg/W3C-SVG-1.1/painting-marker-03-f.svg
to reproduce the crash. I'm running a debug build of TOT.

Thread 0 Crashed:
0   com.apple.WebCore        	0x014b0cd0 WebCore::drawStartAndMidMarkers(void*, WebCore::PathElement const*) + 104 (RenderPath.cpp:388)
1   com.apple.WebCore        	0x014d54ec WebCore::CGPathApplierToPathApplier(void*, CGPathElement const*) + 464 (PathCG.cpp:229)
2   com.apple.CoreGraphics   	0x90435c70 CGPathApply + 548
3   com.apple.WebCore        	0x014d5554 WebCore::Path::apply(void*, void (*)(void*, WebCore::PathElement const*)) const + 84 (PathCG.cpp:237)
4   com.apple.WebCore        	0x014b1034 WebCore::RenderPath::drawMarkersIfNeeded(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::Path const&) const + 628 (RenderPath.cpp:424)
5   com.apple.WebCore        	0x014b1664 WebCore::RenderPath::paint(WebCore::RenderObject::PaintInfo&, int, int) + 1528 (RenderPath.cpp:206)

Comment 1 Eric Seidel (no email) 2006-12-28 12:22:05 PST

I am unable to reproduce the crash in my local build.

I'll try with --guard and see if that causes a crash.

Comment 2 Eric Seidel (no email) 2006-12-28 12:23:27 PST

run-webkit-tests --guard --pixel svg/W3C-SVG-1.1/painting-marker-03-f.svg
also does not crash for me.

Comment 3 Eric Seidel (no email) 2006-12-28 12:24:48 PST

I'm not able to reproduce this with 18457.

Comment 4 Alexey Proskuryakov 2006-12-28 12:39:09 PST

The problem is in CGPathApplierToPathApplier(), points[2] is out of bounds.

Comment 5 Eric Seidel (no email) 2006-12-28 12:43:43 PST

Created attachment 12085 [details]
Fix as described by ap

I never saw it crash for me, but this should fix things.  Strange that ap was getting a crash and I was not.

Comment 6 David Kilzer (:ddkilzer) 2006-12-28 15:41:46 PST

Landed in r18458 by eseidel.