RESOLVED FIXED 12598
DumpRenderTree crashes running the pixel tests in WebCore::SVGTransformDistance::SVGTransformDistance 
https://bugs.webkit.org/show_bug.cgi?id=12598
Summary DumpRenderTree crashes running the pixel tests in WebCore::SVGTransformDistan...
Maciej Stachowiak
Reported 2007-02-04 11:05:16 PST
2007-01-31 18:23:47 Stephanie Lewis: Crashes while running the pixel tests fairly often. http://buildbotsafari.apple.com:8010/post-commit-leak-tests-powerpc-mac-os-x/builds/1348/step-pixel-layout-test/0 ASSERTION FAILED: m_type == toSVGTransform.type() (/Volumes/Big/slave/post-commit-leak-tests-powerpc-mac-os-x/build/OpenSource/WebCore/ksvg2/svg/SVGTransformDistance.cpp:55 WebCore::SVGTransformDistance::SVGTransformDistance(const WebCore::SVGTransform&, const WebCore::SVGTransform&)) Segmentation fault LEAK: 223 Node LEAK: 39 RenderObject LEAK: 3 Frame LEAK: 465 KJS::Node svg/W3C-SVG-1.1/animate-elem-39-t.svg -> failed Thread 0 Crashed: 0 com.apple.WebCore 0x029571c4 WebCore::SVGTransformDistance::SVGTransformDistance[in-charge](WebCore::SVGTransform const&, WebCore::SVGTransform const&) + 236 (SVGTransformDistance.cpp:55) 1 com.apple.WebCore 0x02457934 WebCore::SVGAnimateTransformElement::updateAnimatedValue(WebCore::EAnimationMode, float, unsigned, float) + 252 (SVGAnimateTransformElement.cpp:82) 2 com.apple.WebCore 0x0245bbfc WebCore::SVGAnimationElement::handleTimerEvent(double, double) + 300 (SVGAnimationElement.cpp:730) 3 com.apple.WebCore 0x0245be34 WebCore::SVGAnimationElement::updateAnimatedValueForElapsedSeconds(double) + 364 (SVGAnimationElement.cpp:760) 4 com.apple.WebCore 0x0294aa00 WebCore::SVGTimer::applyAnimations(double, WTF::HashMap<WebCore::SVGElement*, WTF::Vector<WebCore::SVGAnimationElement*, (unsigned long)0>, WTF::PtrHash<WebCore::SVGElement*>, WTF::HashTraits<WebCore::SVGElement*>, WTF::HashTraits<WTF::Vector<WebCore::SVGAnimationElement*, (unsigned long)0> > > const&) + 244 (SVGTimer.cpp:112) 5 com.apple.WebCore 0x0294afdc WebCore::SVGTimer::notifyAll() + 140 (SVGTimer.cpp:137) 6 com.apple.WebCore 0x0245488c WebCore::TimeScheduler::timerFired(WebCore::Timer<WebCore::TimeScheduler>*) + 84 (TimeScheduler.cpp:115) 7 com.apple.WebCore 0x02c6e5d4 WebCore::Timer<WebCore::TimeScheduler>::fired() + 152 (Timer.h:96) 8 com.apple.WebCore 0x0269e698 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, (unsigned long)0> const&) + 236 (Timer.cpp:322) 9 com.apple.WebCore 0x0269e764 WebCore::TimerBase::sharedTimerFired() + 132 (Timer.cpp:355) 10 com.apple.WebCore 0x0269db10 WebCore::timerFired(__CFRunLoopTimer*, void*) + 60 (SharedTimerMac.cpp:47) 11 com.apple.CoreFoundation 0x907f0550 __CFRunLoopDoTimer + 184 12 com.apple.CoreFoundation 0x907dcec8 __CFRunLoopRun + 1680 13 com.apple.CoreFoundation 0x907dc47c CFRunLoopRunSpecific + 268 14 com.apple.Foundation 0x9296e164 -[NSRunLoop runMode:beforeDate:] + 172 15 DumpRenderTree 0x0000d4bc runTest + 1492 (DumpRenderTree.m:1209) 16 DumpRenderTree 0x00007f48 dumpRenderTree + 4144 (DumpRenderTree.m:412) 17 DumpRenderTree 0x000082b0 main + 120 (DumpRenderTree.m:464) 18 DumpRenderTree 0x00002564 _start + 340 (crt.c:272) 19 DumpRenderTree 0x0000240c start + 60 <rdar://problem/4968303>
Attachments
Add attachment proposed patch, testcase, etc.
Eric Seidel (no email)
Comment 1 2007-02-05 03:34:46 PST
It's very odd that this would just start happening now.
Eric Seidel (no email)
Comment 2 2007-02-06 05:38:47 PST
This no longer occurs after fixing bug 12620. However, the "bug" still exists. It's possible to provide a bad values array which would hit this. For example: <animateTransform type='rotate' value=';10' /> is likely to hit this ASSERT.
Eric Seidel (no email)
Comment 3 2007-03-24 00:55:28 PDT
I thought animation was turned off these days? This shouldn't be a P1 if that's the case.
Eric Seidel (no email)
Comment 4 2007-05-04 00:13:36 PDT
It's not possible to reach this crash on TOT since SVG animation is disabled via ifdef. Downgrading to p2.
Eric Seidel (no email)
Comment 5 2008-03-26 17:10:21 PDT
Animation is back on, this goes back to P1.
Nikolas Zimmermann
Comment 6 2012-05-19 08:34:58 PDT
We've never seen those anymore in the past months. Closing.
Note You need to log in before you can comment on or make changes to this bug.