WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
Bug 15306
Animated Halloween card trips ASSERT in <use> code
https://bugs.webkit.org/show_bug.cgi?id=15306
Summary
Animated Halloween card trips ASSERT in <use> code
Eric Seidel (no email)
Reported
2007-09-28 08:59:16 PDT
ASSERTION FAILED: target->nodeName() == originalElement->nodeName() (/Stuff/Projects/WebKit/WebCore/ksvg2/svg/SVGUseElement.cpp:695 void WebCore::SVGUseElement::associateInstancesWithShadowTreeElements(WebCore::Node*, WebCore::SVGElementInstance*)) Date/Time: 2007-09-28 10:57:14.593 -0500 OS Version: 10.4.10 (Build 8R2218) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: zsh [18887] Version: 3.0.3 (522.12.1) Build Version: 2 Project Name: WebBrowser Source Version: 45221201 PID: 1774 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef Thread 0 Crashed: 0 com.apple.WebCore 0x010c293d WebCore::SVGUseElement::associateInstancesWithShadowTreeElements(WebCore::Node*, WebCore::SVGElementInstance*) + 611 (SVGUseElement.cpp:695) 1 com.apple.WebCore 0x010c2a20 WebCore::SVGUseElement::associateInstancesWithShadowTreeElements(WebCore::Node*, WebCore::SVGElementInstance*) + 838 (SVGUseElement.cpp:709) 2 com.apple.WebCore 0x010c2a20 WebCore::SVGUseElement::associateInstancesWithShadowTreeElements(WebCore::Node*, WebCore::SVGElementInstance*) + 838 (SVGUseElement.cpp:709) 3 com.apple.WebCore 0x010c46ef WebCore::SVGUseElement::buildPendingResource() + 1421 (SVGUseElement.cpp:352) 4 com.apple.WebCore 0x010c2b49 WebCore::SVGUseElement::insertedIntoDocument() + 249 (SVGUseElement.cpp:126) 5 com.apple.WebCore 0x010fe74b WebCore::ContainerNode::addChild(WTF::PassRefPtr<WebCore::Node>) + 301 (ContainerNode.cpp:573) 6 com.apple.WebCore 0x0102ee4a WebCore::XMLTokenizer::startElementNs(unsigned char const*, unsigned char const*, unsigned char const*, int, unsigned char const**, int, int, unsigned char const**) + 990 (XMLTokenizer.cpp:696) 7 com.apple.WebCore 0x0102f00d WebCore::startElementNsHandler(void*, unsigned char const*, unsigned char const*, unsigned char const*, int, unsigned char const**, int, int, unsigned char const**) + 95 (XMLTokenizer.cpp:988) 8 libxml2.2.dylib 0x91c0aad5 xmlParseStartTag + 8465 9 libxml2.2.dylib 0x91bea4df xmlParseChunk + 1912 10 com.apple.WebCore 0x0102bcce WebCore::XMLTokenizer::write(WebCore::SegmentedString const&, bool) + 314 (XMLTokenizer.cpp:579) 11 com.apple.WebCore 0x013ba3bb WebCore::FrameLoader::write(char const*, int, bool) + 933 (FrameLoader.cpp:940) 12 com.apple.WebCore 0x013ba4ed WebCore::FrameLoader::addData(char const*, int) + 275 (FrameLoader.cpp:1620) 13 com.apple.WebCore 0x01102bd9 -[WebCoreFrameBridge addData:] + 163 (WebCoreFrameBridge.mm:290) 14 com.apple.WebCore 0x01105d74 -[WebCoreFrameBridge receivedData:textEncodingName:] + 250 (WebCoreFrameBridge.mm:1427) 15 com.apple.WebKit 0x00333085 -[WebHTMLRepresentation receivedData:withDataSource:] + 199 (WebHTMLRepresentation.mm:175) 16 com.apple.WebKit 0x0032e57b -[WebDataSource(WebInternal) _receivedData:] + 89 (WebDataSource.mm:177) 17 com.apple.WebKit 0x003916cd WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 127 (WebFrameLoaderClient.mm:659) 18 com.apple.WebCore 0x013b706f WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader*, char const*, int) + 53 (FrameLoader.cpp:3066) 19 com.apple.WebCore 0x013c7e21 WebCore::DocumentLoader::commitLoad(char const*, int) + 87 (DocumentLoader.cpp:347) 20 com.apple.WebCore 0x013c7e7a WebCore::DocumentLoader::receivedData(char const*, int) + 76 (DocumentLoader.cpp:360) 21 com.apple.WebCore 0x013b6569 WebCore::FrameLoader::receivedData(char const*, int) + 41 (FrameLoader.cpp:2076) 22 com.apple.WebCore 0x013c9744 WebCore::MainResourceLoader::addData(char const*, int, bool) + 80 (MainResourceLoader.cpp:134) 23 com.apple.WebCore 0x013cb8ed WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 83 24 com.apple.WebCore 0x013c9a79 WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 281 (MainResourceLoader.cpp:289) 25 com.apple.WebCore 0x013cb4f4 WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 58 26 com.apple.WebCore 0x013a7e02 -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] + 172 (ResourceHandleMac.mm:352) 27 com.apple.Foundation 0x9285aafa -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 641 28 com.apple.Foundation 0x92858ddb -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 686 29 com.apple.Foundation 0x92858ab5 _sendCallbacks + 201 30 com.apple.CoreFoundation 0x9082cf92 CFRunLoopRunSpecific + 1213 31 com.apple.CoreFoundation 0x9082cace CFRunLoopRunInMode + 61 32 com.apple.HIToolbox 0x92de28d8 RunCurrentEventLoopInMode + 285 33 com.apple.HIToolbox 0x92de1f19 ReceiveNextEventCommon + 184 34 com.apple.HIToolbox 0x92de1e39 BlockUntilNextEventMatchingListInMode + 81 35 com.apple.AppKit 0x93288465 _DPSNextEvent + 572 36 com.apple.AppKit 0x93288056 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 137 37 com.apple.Safari 0x00005ff8 0x1000 + 20472 38 com.apple.AppKit 0x93281ddb -[NSApplication run] + 512 39 com.apple.AppKit 0x93275d2f NSApplicationMain + 573 40 com.apple.Safari 0x00002302 0x1000 + 4866 41 com.apple.Safari 0x00048ef5 0x1000 + 294645 Thread 1: 0 libSystem.B.dylib 0x9001a1cc select + 12 1 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 2: 0 libSystem.B.dylib 0x900248c7 semaphore_wait_signal_trap + 7 1 com.apple.Foundation 0x9284a26c -[NSConditionLock lockWhenCondition:] + 39 2 com.apple.Syndication 0x9ae9d052 -[AsyncDB _run:] + 181 3 com.apple.Foundation 0x927f42e0 forkThreadForFunction + 123 4 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 3: 0 libSystem.B.dylib 0x90009cd7 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082d2b3 CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x9082cace CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x92829a0f +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 259 4 com.apple.Foundation 0x927f42e0 forkThreadForFunction + 123 5 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 4: 0 libSystem.B.dylib 0x90009cd7 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082d2b3 CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x9082cace CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x92850bc2 +[NSURLCache _diskCacheSyncLoop:] + 206 4 com.apple.Foundation 0x927f42e0 forkThreadForFunction + 123 5 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 5: 0 libSystem.B.dylib 0x900248c7 semaphore_wait_signal_trap + 7 1 com.apple.ColorSync 0x915a16cf pthreadSemaphoreWait(t_pthreadSemaphore*) + 35 2 com.apple.ColorSync 0x915bbde0 CMMConvTask(void*) + 60 3 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 6: 0 libSystem.B.dylib 0x900248c7 semaphore_wait_signal_trap + 7 1 com.apple.Foundation 0x9284a26c -[NSConditionLock lockWhenCondition:] + 39 2 com.apple.AppKit 0x9335f270 -[NSUIHeartBeat _heartBeatThread:] + 377 3 com.apple.Foundation 0x927f42e0 forkThreadForFunction + 123 4 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 7: 0 libSystem.B.dylib 0x90026d5c kevent + 12 1 ...ple.CoreServices.CarbonCore 0x90cb8c6c PrivateMPEntryPoint + 51 2 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 8: 0 libSystem.B.dylib 0x900248c7 semaphore_wait_signal_trap + 7 1 ...ple.CoreServices.CarbonCore 0x90cb8e11 MPWaitOnQueue + 198 2 com.apple.DesktopServices 0x9271b953 TNodeSyncTask::SyncTaskProc(void*) + 143 3 ...ple.CoreServices.CarbonCore 0x90cb8c6c PrivateMPEntryPoint + 51 4 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 9: 0 libSystem.B.dylib 0x90009cd7 mach_msg_trap + 7 1 com.apple.opengl 0x931dd6d8 glcDebugListener + 338 2 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 0 crashed with X86 Thread State (32-bit): eax: 0xbbadbeef ebx: 0x010c26e7 ecx: 0xa0001e80 edx: 0x00000000 edi: 0x1af77f10 esi: 0x00000001 ebp: 0xbfffdb38 esp: 0xbfffdae0 ss: 0x0000001f efl: 0x00010286 eip: 0x010c293d cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 Binary Images Description: 0x1000 - 0x10cfff com.apple.Safari 3.0.3 (522.12.1) /Applications/Safari.app/Contents/MacOS/Safari 0x305000 - 0x3e1fff com.apple.WebKit 522+ /Stuff/Users/eric/Projects/build/Debug/WebKit.framework/Versions/A/WebKit 0x4d4000 - 0x57afff com.apple.JavaScriptCore 522+ /Stuff/Users/eric/Projects/build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x1008000 - 0x16abfff com.apple.WebCore 522+ /Stuff/Users/eric/Projects/build/Debug/WebCore.framework/Versions/A/WebCore 0x2321000 - 0x238efff com.DivXInc.DivXDecoder 6.6.0 /Library/QuickTime/DivX Decoder.component/Contents/MacOS/DivX Decoder 0x2486000 - 0x2488fff net.culater.SIMBL 0.8 (8) /Library/InputManagers/SIMBL/SIMBL.bundle/Contents/MacOS/SIMBL 0x249e000 - 0x24a5fff net.culater.DuctTape ??? (6.0) /Library/Frameworks/DuctTape.framework/Versions/A/DuctTape 0x2673000 - 0x269efff net.culater.PithHelmet 2.7 (78) /Library/Application Support/SIMBL/Plugins/PithHelmet.bundle/Contents/MacOS/PithHelmet 0x1601f000 - 0x1601ffff com.apple.SpotLightCM 1.0 (121.36) /System/Library/Contextual Menu Items/SpotlightCM.plugin/Contents/MacOS/SpotlightCM 0x183ee000 - 0x183f0fff com.lemkesoft.GraphicConverterCMI 1.5 /Stuff/Users/eric/Library/Contextual Menu Items/GraphicConverterCMI.plugin/Contents/MacOS/GraphicConverterCMI 0x18978000 - 0x1897afff com.apple.AutomatorCMM 1.0.1 (68) /System/Library/Contextual Menu Items/AutomatorCMM.plugin/Contents/MacOS/AutomatorCMM 0x19ac1000 - 0x19ac5fff com.apple.locale.textbreak.thai 1.0.2 /System/Library/LocalePlugins/ThaiTextBreak.localePlugin/Contents/MacOS/ThaiTextBreak 0x1acf4000 - 0x1acf8fff com.apple.FolderActionsMenu 1.3.1 /System/Library/Contextual Menu Items/FolderActionsMenu.plugin/Contents/MacOS/FolderActionsMenu 0x1c245000 - 0x1c261fff GLDriver /System/Library/Frameworks/OpenGL.framework/Versions/A/Resources/GLDriver.bundle/GLDriver 0x1db31000 - 0x1db55fff GLRendererFloat /System/Library/Frameworks/OpenGL.framework/Versions/A/Resources/GLRendererFloat.bundle/GLRendererFloat 0x1de38000 - 0x1df91fff GLEngine /System/Library/Frameworks/OpenGL.framework/Resources/GLEngine.bundle/GLEngine 0x1f335000 - 0x1f523fff com.apple.ATIRadeonX1000GLDriver 1.4.56 (4.5.6) /System/Library/Extensions/ATIRadeonX1000GLDriver.bundle/Contents/MacOS/ATIRadeonX1000GLDriver 0x41340000 - 0x4137cfff com.apple.CoreMediaIOServicesPrivate 1.0 /System/Library/PrivateFrameworks/CoreMediaIOServicesPrivate.framework/Versions/A/CoreMediaIOServicesPrivate 0x41410000 - 0x414adfff com.apple.QuickTimeImporters.component 7.2 /System/Library/QuickTime/QuickTimeImporters.component/Contents/MacOS/QuickTimeImporters 0x41840000 - 0x41863fff com.apple.CoreMediaPrivate 1.0 /System/Library/PrivateFrameworks/CoreMediaPrivate.framework/Versions/A/CoreMediaPrivate 0x8fe00000 - 0x8fe4afff dyld 46.12 /usr/lib/dyld 0x90000000 - 0x90171fff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x901c1000 - 0x901c3fff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib 0x901c5000 - 0x90202fff com.apple.CoreText 1.1.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90229000 - 0x902fffff ATS /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x9031f000 - 0x90774fff com.apple.CoreGraphics 1.258.75 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x9080b000 - 0x908d3fff com.apple.CoreFoundation 6.4.7 (368.28) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x90911000 - 0x90911fff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x90913000 - 0x90a07fff libicucore.A.dylib /usr/lib/libicucore.A.dylib 0x90a57000 - 0x90ad6fff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90aff000 - 0x90b63fff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib 0x90bd2000 - 0x90bd9fff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib 0x90bde000 - 0x90c51fff com.apple.framework.IOKit 1.4.8 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x90c66000 - 0x90c78fff libauto.dylib /usr/lib/libauto.dylib 0x90c7e000 - 0x90f24fff com.apple.CoreServices.CarbonCore 682.26 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x90f67000 - 0x90fcffff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x91007000 - 0x91046fff com.apple.CFNetwork 129.21 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x91059000 - 0x91069fff com.apple.WebServices 1.1.3 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore 0x91074000 - 0x910f2fff com.apple.SearchKit 1.0.5 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x91127000 - 0x91145fff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x91151000 - 0x9115ffff libz.1.dylib /usr/lib/libz.1.dylib 0x91162000 - 0x91301fff com.apple.security 4.5.2 (29774) /System/Library/Frameworks/Security.framework/Versions/A/Security 0x913ff000 - 0x91407fff com.apple.DiskArbitration 2.1.1 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x9140e000 - 0x91415fff libbsm.dylib /usr/lib/libbsm.dylib 0x91419000 - 0x9143ffff com.apple.SystemConfiguration 1.8.6 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x91451000 - 0x914cafff com.apple.audio.CoreAudio 3.0.4 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x91518000 - 0x91518fff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x9151a000 - 0x91545fff com.apple.AE 314 (313) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x91558000 - 0x9162cfff com.apple.ColorSync 4.4.9 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x91667000 - 0x916e4fff com.apple.print.framework.PrintCore 4.6 (177.13) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x91711000 - 0x917bafff com.apple.QD 3.10.24 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x917e0000 - 0x9182bfff com.apple.HIServices 1.5.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x9184a000 - 0x91860fff com.apple.LangAnalysis 1.6.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x9186c000 - 0x91886fff com.apple.FindByContent 1.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent 0x91890000 - 0x918cdfff com.apple.LaunchServices 182 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x918e1000 - 0x918edfff com.apple.speech.synthesis.framework 3.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x918f4000 - 0x91934fff com.apple.ImageIO.framework 1.5.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x91947000 - 0x919f9fff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib 0x91a3f000 - 0x91a55fff libcups.2.dylib /usr/lib/libcups.2.dylib 0x91a5a000 - 0x91a78fff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x91a7d000 - 0x91adcfff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x91aee000 - 0x91af2fff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91af4000 - 0x91b7afff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib 0x91b7e000 - 0x91bbbfff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91bc1000 - 0x91bdbfff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91be0000 - 0x91be2fff libRadiance.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x91be4000 - 0x91cc2fff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x91cdf000 - 0x91cdffff com.apple.Accelerate 1.3.1 (Accelerate 1.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x91ce1000 - 0x91d6ffff com.apple.vImage 2.5 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91d76000 - 0x91d76fff com.apple.Accelerate.vecLib 3.3.1 (vecLib 3.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x91d78000 - 0x91dd1fff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x91dda000 - 0x91dfefff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x91e06000 - 0x9220ffff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x92249000 - 0x925fdfff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x9262a000 - 0x92717fff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x92719000 - 0x92796fff com.apple.DesktopServices 1.3.6 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x927d7000 - 0x92a07fff com.apple.Foundation 6.4.8 (567.29) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92b21000 - 0x92b38fff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x92b43000 - 0x92b9bfff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x92baf000 - 0x92baffff com.apple.Carbon 10.4 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x92bb1000 - 0x92bc1fff com.apple.ImageCapture 3.0.4 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x92bcf000 - 0x92bd7fff com.apple.speech.recognition.framework 3.6 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92bdd000 - 0x92be2fff com.apple.securityhi 2.0.1 (24742) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x92be8000 - 0x92c79fff com.apple.ink.framework 101.2.1 (71) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x92c8d000 - 0x92c90fff com.apple.help 1.0.3 (32.1) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x92c93000 - 0x92cb0fff com.apple.openscripting 1.2.5 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x92cc0000 - 0x92cc6fff com.apple.print.framework.Print 5.2 (192.4) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x92ccc000 - 0x92d2ffff com.apple.htmlrendering 66.1 (1.1.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x92d53000 - 0x92d94fff com.apple.NavigationServices 3.4.4 (3.4.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x92dbb000 - 0x92dc8fff com.apple.audio.SoundManager 3.9.1 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x92dcf000 - 0x92dd4fff com.apple.CommonPanels 1.2.3 (73) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x92dd9000 - 0x930cefff com.apple.HIToolbox 1.4.9 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x931d4000 - 0x931dffff com.apple.opengl 1.4.16 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x931e4000 - 0x931fffff com.apple.DirectoryService.Framework 3.2 /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x9326f000 - 0x9326ffff com.apple.Cocoa 6.4 (???) /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x93271000 - 0x93927fff com.apple.AppKit 6.4.8 (824.42) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x93ca8000 - 0x93d23fff com.apple.CoreData 91 (92.1) /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x93d5c000 - 0x93e16fff com.apple.audio.toolbox.AudioToolbox 1.4.5 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x93e59000 - 0x93e59fff com.apple.audio.units.AudioUnit 1.4.2 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x93e5b000 - 0x9401cfff com.apple.QuartzCore 1.4.12 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x94062000 - 0x940a3fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib 0x940ab000 - 0x940e5fff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x940ea000 - 0x94100fff com.apple.CoreVideo 1.4.1 /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x94198000 - 0x941d6fff com.apple.vmutils 4.0.2 (93.1) /System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils 0x9421a000 - 0x9422afff com.apple.securityfoundation 2.2.1 (28150) /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x94237000 - 0x94274fff com.apple.securityinterface 2.2.1 (27695) /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x94290000 - 0x9429ffff libCGATS.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x942a6000 - 0x942b1fff libCSync.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x942b6000 - 0x942dafff libPDFRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libPDFRIP.A.dylib 0x942fd000 - 0x94317fff libRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x9431d000 - 0x94626fff com.apple.QuickTime 7.2.0 /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x947a8000 - 0x948eefff com.apple.AddressBook.framework 4.0.5 (487) /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x9497a000 - 0x94989fff com.apple.DSObjCWrappers.Framework 1.1 /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x94990000 - 0x949b9fff com.apple.LDAPFramework 1.4.2 (69.1.1) /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x949bf000 - 0x949cefff libsasl2.2.dylib /usr/lib/libsasl2.2.dylib 0x949d2000 - 0x949f7fff libssl.0.9.7.dylib /usr/lib/libssl.0.9.7.dylib 0x94a03000 - 0x94a20fff libresolv.9.dylib /usr/lib/libresolv.9.dylib 0x95a95000 - 0x95a9afff com.apple.agl 2.5.9 (AGL-2.5.9) /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x95a9e000 - 0x95ac1fff libxslt.1.dylib /usr/lib/libxslt.1.dylib 0x95e39000 - 0x95eb9fff com.apple.QTKit 7.2 /System/Library/Frameworks/QTKit.framework/Versions/A/QTKit 0x95f27000 - 0x95f5ffff com.apple.PDFKit 1.0.4 /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/PDFKit.framework/Versions/A/PDFKit 0x96482000 - 0x96498fff libJapaneseConverter.dylib /System/Library/CoreServices/Encodings/libJapaneseConverter.dylib 0x96e94000 - 0x96e94fff com.apple.vecLib 3.3.1 (vecLib 3.3.1) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x9740a000 - 0x974e1fff libGLProgrammability.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x974fc000 - 0x974fdfff libGLSystem.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLSystem.dylib 0x97e78000 - 0x97f4ffff com.apple.QuartzComposer 1.2.6 (32.25) /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzComposer.framework/Versions/A/QuartzComposer 0x97fd8000 - 0x97fd8fff com.apple.quartzframework 1.0 /System/Library/Frameworks/Quartz.framework/Versions/A/Quartz 0x98f04000 - 0x99d68fff com.apple.QuickTimeComponents.component 7.2 /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTimeComponents 0x9ae9a000 - 0x9aed1fff com.apple.Syndication 1.0.6 (54) /System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication 0x9aeed000 - 0x9aefffff com.apple.SyndicationUI 1.0.6 (54) /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI Model: MacBookPro1,1, BootROM MBP11.0055.B08, 2 processors, Intel Core Duo, 2.16 GHz, 2 GB Graphics: ATI Radeon X1600, ATY,RadeonX1600, PCIe, 256 MB Memory Module: BANK 0/DIMM0, 1 GB, DDR2 SDRAM, 667 MHz Memory Module: BANK 1/DIMM1, 1 GB, DDR2 SDRAM, 667 MHz AirPort: spairport_wireless_card_type_airport_extreme (0x168C, 0x86), 1.1.8.5 Bluetooth: Version 1.9.0f8, 2 service, 0 devices, 1 incoming serial ports Network Service: AirPort, AirPort, en1 Serial ATA Device: ST9100824AS, 93.16 GB Parallel ATA Device: MATSHITADVD-R UJ-857 USB Device: Built-in iSight, Micron, Up to 480 Mb/sec, 500 mA USB Device: IR Receiver, Apple Computer, Inc., Up to 12 Mb/sec, 500 mA USB Device: Bluetooth USB Host Controller, Apple, Inc., Up to 12 Mb/sec, 500 mA USB Device: Apple Internal Keyboard / Trackpad, Apple Computer, Up to 12 Mb/sec, 500 mA
Attachments
First attempt
(20.55 KB, patch)
2007-09-29 12:45 PDT
,
Rob Buis
eric
: review-
Details
Formatted Diff
Diff
Cover some more cases
(61.29 KB, patch)
2007-09-30 08:51 PDT
,
Rob Buis
eric
: review-
Details
Formatted Diff
Diff
New problematic testcase
(981 bytes, image/svg+xml)
2007-09-30 10:24 PDT
,
Rob Buis
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Rob Buis
Comment 1
2007-09-29 12:45:13 PDT
Created
attachment 16458
[details]
First attempt Anims do not work ofcourse, but with this patch at least the svg shouldn't crash. Cheers, Rob.
Eric Seidel (no email)
Comment 2
2007-09-29 13:00:21 PDT
Comment on
attachment 16458
[details]
First attempt I'm not sure I fully understand this fix. I also worry (entirely due to my lack of understanding) if this change could introduce a cyclic <use> crash (i.e. make it possible to make an SVG to overflow the stack using your new code).
Rob Buis
Comment 3
2007-09-30 06:52:21 PDT
Hi Eric, (In reply to
comment #2
)
> (From update of
attachment 16458
[details]
[edit]) > I'm not sure I fully understand this fix. I also worry (entirely due to my > lack of understanding) if this change could introduce a cyclic <use> crash > (i.e. make it possible to make an SVG to overflow the stack using your new > code).
The idea is that when we are expanding <use> in the shadow tree we do that now by cloning the <use> referenced content and replacing the <use> with the clone. However we forget that the <use> can have children, and these are lost when we do the replace! That is what the patch tries to fix. The referencing could go wrong maybe if the svg is illegal, ie. the <use> can only have desc or anim stuff as children. In an illegal <use> there could be a <use> as child, I don't think we check that very well. Let me know if I should investigate such an illegal svg, maybe its better... Cheers, Rob.
Eric Seidel (no email)
Comment 4
2007-09-30 07:22:15 PDT
Comment on
attachment 16458
[details]
First attempt Rob and I talked on IRC. This introduces a crasher (due to a <use> cycle causing stack overflow). He investigated if other browsers allow <use> to have <use> children, and they do. We just need to not do anything with those <use> children.
Rob Buis
Comment 5
2007-09-30 08:51:51 PDT
Created
attachment 16471
[details]
Cover some more cases This patch handles more problems with children of <use>, namely ones that are illegal and especially the case of <use> in <use> (again, illegal, but should still not crash as it did before). A testcase for this scenario is added next to one for the original bug. Cheers, Rob.
Rob Buis
Comment 6
2007-09-30 10:24:06 PDT
Created
attachment 16472
[details]
New problematic testcase While the patch is incredibly clever, Eric came up with a situation where it does not work, attached. Cheers, Rob.
Eric Seidel (no email)
Comment 7
2007-09-30 10:36:43 PDT
Rob and I talked about this extensively over IRC. I believe the current plan is to implement a method similar to HTMLElement::checkDTD(Node*) on SVGElement and use that method, in conjunction with a ancestor tree walk to determine if a <use> element should be "active" or not. SVGUseElement would also need to make sure to override setParent (or any other points where its ancestor tree could change) to make sure that it knew to expand itself appropriately were it to become "active". Another option we discussed was using such a checkDTD method to block insertion of elements under <use> but neither FF or Opera seem to do that (at least at parse time) and I have some vague recollection of Maciej discouraging such many months ago in a conversation he and I had over IRC. I would note that it appears that HTML does use checkDTD selectively to block insertion of certain elements however. I think the "active" element approach (based on checkDTD and an ancestry walk) will work well... now we just have to implement it. :) Rob mentioned he may have time to look at it more this evening.
Eric Seidel (no email)
Comment 8
2007-09-30 10:41:32 PDT
Comment on
attachment 16471
[details]
Cover some more cases Still could crash, as you showed with your most recent test case.
Eric Seidel (no email)
Comment 9
2007-12-27 01:36:44 PST
Just reconfirmed that this does not crash Release builds.
Nikolas Zimmermann
Comment 10
2010-01-21 15:37:03 PST
Bug fixed with the new <use> implementation, yay! The only problem remains it the initial viewBox animation. We don't support animating multi-value properties, would need to animate the individual values on their own. So it just jumps from a big card to a smaller one instead of slowly resizing, but the rest works great incuding all other animations. There are animate bugs already convering the viewBox case, closing this crash-report.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug