RESOLVED FIXED 14780
calling dataWithPDFInsideRect on an SVG image with a gradient crashes 
https://bugs.webkit.org/show_bug.cgi?id=14780
Summary calling dataWithPDFInsideRect on an SVG image with a gradient crashes
Alan Shouls
Reported 2007-07-27 04:23:03 PDT
It seems that calling dataWithPDFInsideRect on a web-view that has an SVG image that has a gradient fill crashes. This makes a proposed use of web-kit within our application impossible - so for us it is quite serious. I have tested the print within Safari on the same file, and got Safari to generate a PDF and this works fine. I am using the Safari 3.0 Beta of web-kit (522.12). Testing the same use dataWithPDFInsideRect against other SVG files is fine. I will attached a hacked version of the CarbonWeb application that exhibits the crash. The hacks to CarbonWeb are quick and dirty - but the crash happens. The steps that repeat the crash for me are as as follows. 1. Build and run the hacked version of CarbonWeb 2. Drag 'color-prop-01-b.svg' or 'coords-units-01-b.svg' into Safari 3. >> The image displays fine 4. Copy the URL from the safari tool bar and paste it into the address area of the hacked CarbonWeb application 5. Hit return (to get hacked CarbonWeb to load the URL) 6. >> Crash I append the top part of the stack Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000010 Thread 0 Crashed: 0 com.apple.WebCore 0x961fa3a8 WebCore::cgGradientCallback(void*, float const*, float*) + 72 1 com.apple.CoreGraphics 0x904848e4 CGFunctionEvaluate + 184 2 libPDFRIP.A.dylib 0x947ed2b8 emitSamples + 216 3 libPDFRIP.A.dylib 0x947ed754 PDFFunctionEmitDefinition + 872 4 libPDFRIP.A.dylib 0x947ed970 emitFunctionDefinition + 24 5 com.apple.CoreFoundation 0x907dbb3c CFSetApplyFunction + 268 6 libPDFRIP.A.dylib 0x947dbd3c PDFFunctionSetEmitDefinitions + 80 7 libPDFRIP.A.dylib 0x947da0ec PDFDocumentEndPage + 388 8 libPDFRIP.A.dylib 0x947d9f54 pdf_EndPage + 20 9 com.apple.AppKit 0x93a07f98 -[NSPSAndPDFGraphicsContext endPage] + 48 10 com.apple.AppKit 0x93a07a4c -[NSView(NSPrinting) _realCopyPSCodeInside:helpedBy:] + 588 11 com.apple.AppKit 0x939996cc -[NSConcretePrintOperation _doActualViewPrinting] + 120 12 com.apple.AppKit 0x93a07700 -[NSConcretePrintOperation runOperation] + 372 13 com.apple.AppKit 0x93a07370 -[NSView(NSPrinting) dataWithPDFInsideRect:] + 104 14 com.apple.CarbonWeb 0x00013b14 TWebWindow::FrameLoadDone(NSError*, WebDataSource*) + 676 (TWebWindow.cp:1251) 15 com.apple.CarbonWeb 0x00015090 TWebWindow::HandleFrameLoad(TCarbonEvent&) + 376 (TWebWindow.cp:696) 16 com.apple.CarbonWeb 0x00015484 TWebWindow::HandleEvent(OpaqueEventHandlerCallRef*, TCarbonEvent&) + 224 (TWebWindow.cp:928) 17 com.apple.CarbonWeb 0x00009e94 TWindow::EventHandlerProc(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) + 100 (TWindow.cp:527) 18 com.apple.HIToolbox 0x93296934 DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 692 19 com.apple.HIToolbox 0x9329608c SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 372 20 com.apple.HIToolbox 0x93295f08 SendEventToEventTargetWithOptions + 40 21 com.apple.CarbonWeb 0x00016030 FinishFrameLoadEvent(OpaqueEventRef*, OpaqueHIObjectRef*) + 56 (MyFrameLoadAdapter.m:224) 22 com.apple.CarbonWeb 0x00016464 -[MyFrameLoadAdapter webView:didFinishLoadForFrame:] + 128 (MyFrameLoadAdapter.m:127) 23 libobjc.A.dylib 0x90a451f4 objc_msgSendv + 180 24 com.apple.Foundation 0x92bdbc94 -[NSInvocation invoke] + 944 25 com.apple.Foundation 0x92bdc244 -[NSInvocation invokeWithTarget:] + 64 26 com.apple.Foundation 0x92bd4040 -[NSObject(NSForwardInvocation) forward::] + 408 27 libobjc.A.dylib 0x90a450b0 _objc_msgForward + 176 28 com.apple.WebKit 0x95c686fc WebFrameLoaderClient::dispatchDidFinishLoad() + 92 29 com.apple.WebCore 0x961bb59c WebCore::FrameLoader::checkLoadCompleteForThisFrame() + 908 30 com.apple.WebCore 0x961bbb98 WebCore::FrameLoader::recursiveCheckLoadComplete() + 504 31 com.apple.WebCore 0x961bbe20 WebCore::FrameLoader::finishedLoading() + 368 32 com.apple.WebCore 0x961cc3d8 WebCore::MainResourceLoader::didFinishLoading() + 56 33 com.apple.WebCore 0x961a2d14 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 84 34 com.apple.Foundation 0x92c1289c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188 35 com.apple.Foundation 0x92c10b08 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556
Attachments
zip archive of sample SVG files & an app that exhibit the crash (142.20 KB, application/octet-stream)
2007-07-27 04:29 PDT, Alan Shouls 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alan Shouls
Comment 1 2007-07-27 04:29:32 PDT
Created attachment 15701 [details] zip archive of sample SVG files & an app that exhibit the crash This is the hacked version of CarbonWeb and the SVG files that show the crash. Just follow the steps in the bug report. The pasting of the URL from safari is important as CarbonWeb need a correctly formated URL. The SVG files are from WC3
David Kilzer (:ddkilzer)
Comment 2 2007-07-27 10:14:46 PDT
Alan, are you using the "feature-branch" of WebKit (which has many more fixes/improvements in SVG) or the main trunk?
David Kilzer (:ddkilzer)
Comment 3 2007-07-27 10:15:27 PDT
<rdar://problem/5365541>
Rob Buis
Comment 4 2007-07-27 12:09:34 PDT
Hi David, Alan, (In reply to comment #2) > Alan, are you using the "feature-branch" of WebKit (which has many more > fixes/improvements in SVG) or the main trunk? Alas, the crash happens on feature branch too. Cheers, Rob.
Alan Shouls
Comment 5 2007-07-30 02:26:35 PDT
Hi Sorry for the tardy delay - I am building against the Safari 3 public beta Alan
David Kilzer (:ddkilzer)
Comment 6 2007-09-20 15:27:44 PDT
(In reply to comment #3) > <rdar://problem/5365541> In the future, please note a radar number in Bugzilla if one already exists. <rdar://problem/5365030>
Eric Seidel (no email)
Comment 7 2007-09-24 08:12:48 PDT
Reproducible crashers are P1, no?
Eric Seidel (no email)
Comment 8 2007-11-14 10:36:06 PST
I think this should be fixed by r27781, right oliver?
Oliver Hunt
Comment 9 2007-11-14 10:38:15 PST
yup, should be fixed -- isn't it wonderful that cg can do stuff completely out of order?
Note You need to log in before you can comment on or make changes to this bug.