16163 – SVG crash in Node::setChanged() on Debug builds only (trashed parent)

RESOLVED FIXED 16163

SVG crash in Node::setChanged() on Debug builds only (trashed parent)

https://bugs.webkit.org/show_bug.cgi?id=16163

Summary SVG crash in Node::setChanged() on Debug builds only (trashed parent)

Beth Dakin

Reported 2007-11-27 13:19:06 PST

The SVG linked above crashes Debug builds of TOT. It does not, however, crash Release or Production builds. Enabling Malloc Scribble reveals the cause of the crash to be a parent node that has already been destroyed. Here is the stack trace: Process: Safari [25238] Path: /Build/symroots/Debug/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 3.0.4 (5525.1) Code Type: X86 (Native) Parent Process: launchd [87] Date/Time: 2007-11-27 13:11:57.111 -0800 OS Version: Mac OS X 10.5 (9A581) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x00000000021e904c Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x01ec9b33 WebCore::Node::setHasChangedChild(bool) + 35 (Node.h:237) 1 com.apple.WebCore 0x02163a1a WebCore::Node::setChanged(WebCore::StyleChangeType) + 154 (Node.cpp:408) 2 com.apple.WebCore 0x02323c71 WebCore::SVGResource::repaintClients(WTF::HashSet<WebCore::SVGStyledElement*, WTF::PtrHash<WebCore::SVGStyledElement*>, WTF::HashTraits<WebCore::SVGStyledElement*> >) + 149 (SVGResource.cpp:143) 3 com.apple.WebCore 0x02323d0a WebCore::SVGResource::repaintClients() const + 38 (SVGResource.cpp:131) 4 com.apple.WebCore 0x022ccd17 WebCore::SVGGradientElement::notifyAttributeChange() const + 133 (SVGGradientElement.cpp:96) 5 com.apple.WebCore 0x02339928 WebCore::SVGStyledElement::notifyResourceParentIfExistant() const + 282 (SVGStyledElement.cpp:221) 6 com.apple.WebCore 0x02339da7 WebCore::SVGStyledElement::notifyAttributeChange() const + 63 (SVGStyledElement.cpp:193) 7 com.apple.WebCore 0x0233815c WebCore::SVGStopElement::notifyAttributeChange() const + 104 (SVGStopElement.cpp:70) 8 com.apple.WebCore 0x02339980 WebCore::SVGStyledElement::attributeChanged(WebCore::Attribute*, bool) + 58 (SVGStyledElement.cpp:259) 9 com.apple.WebCore 0x01eef6fb WebCore::Element::setAttribute(WebCore::String const&, WebCore::String const&, int&) + 759 (Element.cpp:473) 10 com.apple.WebCore 0x02045335 WebCore::JSElement::setAttribute(KJS::ExecState*, KJS::List const&) + 313 (JSElementCustom.cpp:68) 11 com.apple.WebCore 0x02040730 WebCore::JSElementPrototypeFunctionSetAttribute::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 96 (JSElement.cpp:371) 12 com.apple.JavaScriptCore 0x005899f4 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222 (object.cpp:95) 13 com.apple.JavaScriptCore 0x005f081a KJS::FunctionCallDotNode::inlineEvaluate(KJS::ExecState*) + 776 (nodes.cpp:1203) 14 com.apple.JavaScriptCore 0x005a7804 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 30 (nodes.cpp:1209) 15 com.apple.JavaScriptCore 0x00598111 KJS::ExprStatementNode::execute(KJS::ExecState*) + 133 (nodes.cpp:3720) 16 com.apple.JavaScriptCore 0x00578b98 KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&, KJS::ExecState*) + 108 (nodes.cpp:3662) 17 com.apple.JavaScriptCore 0x00578cc1 KJS::BlockNode::execute(KJS::ExecState*) + 45 (nodes.cpp:3696) 18 com.apple.JavaScriptCore 0x0059513f KJS::FunctionBodyNode::execute(KJS::ExecState*) + 47 (nodes.cpp:4582) 19 com.apple.JavaScriptCore 0x0056bb70 KJS::FunctionImp::execute(KJS::ExecState*) + 38 (function.cpp:253) 20 com.apple.JavaScriptCore 0x0059ed0c KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 384 (function.cpp:94) 21 com.apple.JavaScriptCore 0x005899f4 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222 (object.cpp:95) 22 com.apple.JavaScriptCore 0x005f0ac5 KJS::FunctionCallResolveNode::inlineEvaluate(KJS::ExecState*) + 655 (nodes.cpp:1005) 23 com.apple.JavaScriptCore 0x005a86a0 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 30 (nodes.cpp:1016) 24 com.apple.JavaScriptCore 0x00598111 KJS::ExprStatementNode::execute(KJS::ExecState*) + 133 (nodes.cpp:3720) 25 com.apple.JavaScriptCore 0x00578b98 KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&, KJS::ExecState*) + 108 (nodes.cpp:3662) 26 com.apple.JavaScriptCore 0x00578cc1 KJS::BlockNode::execute(KJS::ExecState*) + 45 (nodes.cpp:3696) 27 com.apple.JavaScriptCore 0x0059513f KJS::FunctionBodyNode::execute(KJS::ExecState*) + 47 (nodes.cpp:4582) 28 com.apple.JavaScriptCore 0x0056bb70 KJS::FunctionImp::execute(KJS::ExecState*) + 38 (function.cpp:253) 29 com.apple.JavaScriptCore 0x0059ed0c KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 384 (function.cpp:94) 30 com.apple.JavaScriptCore 0x005899f4 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222 (object.cpp:95) 31 com.apple.JavaScriptCore 0x005f0ac5 KJS::FunctionCallResolveNode::inlineEvaluate(KJS::ExecState*) + 655 (nodes.cpp:1005) 32 com.apple.JavaScriptCore 0x005a86a0 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 30 (nodes.cpp:1016) 33 com.apple.JavaScriptCore 0x00598111 KJS::ExprStatementNode::execute(KJS::ExecState*) + 133 (nodes.cpp:3720) 34 com.apple.JavaScriptCore 0x00578b98 KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&, KJS::ExecState*) + 108 (nodes.cpp:3662) 35 com.apple.JavaScriptCore 0x00578cc1 KJS::BlockNode::execute(KJS::ExecState*) + 45 (nodes.cpp:3696) 36 com.apple.JavaScriptCore 0x0059513f KJS::FunctionBodyNode::execute(KJS::ExecState*) + 47 (nodes.cpp:4582) 37 com.apple.JavaScriptCore 0x005b4fac KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) + 834 (interpreter.cpp:381) 38 com.apple.WebCore 0x023ffd2d WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String const&) + 235 (kjs_proxy.cpp:87) 39 com.apple.WebCore 0x01f40428 WebCore::FrameLoader::executeScript(WebCore::String const&, int, WebCore::String const&) + 92 (FrameLoader.cpp:759) 40 com.apple.WebCore 0x01f404d0 WebCore::FrameLoader::executeScript(WebCore::String const&, bool) + 116 (FrameLoader.cpp:747) 41 com.apple.WebCore 0x02403a58 KJS::ScheduledAction::execute(KJS::Window*) + 1032 (kjs_window.cpp:1702) 42 com.apple.WebCore 0x02403c62 KJS::Window::timerFired(KJS::DOMWindowTimer*) + 418 (kjs_window.cpp:1833) 43 com.apple.WebCore 0x02403cd6 KJS::DOMWindowTimer::fired() + 48 (kjs_window.cpp:2126) 44 com.apple.WebCore 0x0239542e WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, 0ul> const&) + 198 (Timer.cpp:339) 45 com.apple.WebCore 0x023954d6 WebCore::TimerBase::sharedTimerFired() + 110 (Timer.cpp:359) 46 com.apple.WebCore 0x0236e8de WebCore::timerFired(__CFRunLoopTimer*, void*) + 78 (SharedTimerMac.cpp:85) 47 com.apple.CoreFoundation 0x9360eb7e CFRunLoopRunSpecific + 4494 48 com.apple.CoreFoundation 0x9360ed38 CFRunLoopRunInMode + 88 49 com.apple.HIToolbox 0x9016c8a4 RunCurrentEventLoopInMode + 283 50 com.apple.HIToolbox 0x9016c6bd ReceiveNextEventCommon + 374 51 com.apple.HIToolbox 0x9016c531 BlockUntilNextEventMatchingListInMode + 106 52 com.apple.AppKit 0x96355d5b _DPSNextEvent + 657 53 com.apple.AppKit 0x963556a0 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 54 com.apple.Safari 0x00023926 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 171 (BrowserApplication.m:161) 55 com.apple.AppKit 0x9634e6d1 -[NSApplication run] + 795 56 com.apple.AppKit 0x9631b9ba NSApplicationMain + 574 57 com.apple.Safari 0x000aa786 main + 90 (main.m:21) 58 com.apple.Safari 0x000021ca start + 54 Thread 1: 0 libSystem.B.dylib 0x943b6ace __semwait_signal + 10 1 libSystem.B.dylib 0x943e0ced pthread_cond_wait$UNIX2003 + 73 2 com.apple.WebCore 0x02391485 WebCore::ThreadCondition::wait(WebCore::Mutex&) + 39 (ThreadingPthreads.cpp:184) 3 com.apple.WebCore 0x01fd23e5 WebCore::IconDatabase::syncThreadMainLoop() + 641 (IconDatabase.cpp:1313) 4 com.apple.WebCore 0x01fd3c00 WebCore::IconDatabase::iconDatabaseSyncThread() + 1198 (IconDatabase.cpp:1015) 5 com.apple.WebCore 0x01fd3c2f WebCore::IconDatabase::iconDatabaseSyncThreadStart(void*) + 23 (IconDatabase.cpp:919) 6 libSystem.B.dylib 0x943e0075 _pthread_start + 321 7 libSystem.B.dylib 0x943dff32 thread_start + 34 Thread 2: 0 libSystem.B.dylib 0x943af8e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x943b70dc mach_msg + 72 2 com.apple.CoreFoundation 0x9360e0fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x9360ed38 CFRunLoopRunInMode + 88 4 com.apple.CFNetwork 0x934ef7be CFURLCacheWorkerThread(void*) + 396 5 libSystem.B.dylib 0x943e0075 _pthread_start + 321 6 libSystem.B.dylib 0x943dff32 thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x943af8e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x943b70dc mach_msg + 72 2 com.apple.CoreFoundation 0x9360e0fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x9360ed38 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x931fa560 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 320 5 com.apple.Foundation 0x9319704d -[NSThread main] + 45 6 com.apple.Foundation 0x93196bf4 __NSThread__main__ + 308 7 libSystem.B.dylib 0x943e0075 _pthread_start + 321 8 libSystem.B.dylib 0x943dff32 thread_start + 34 Thread 4: 0 libSystem.B.dylib 0x943af8e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x943b70dc mach_msg + 72 2 com.apple.CoreGraphics 0x955efba6 _CGSSynchronizeWindowBackingStore + 139 3 com.apple.CoreGraphics 0x955e2bbc _CGSLockWindow + 4600 4 com.apple.CoreGraphics 0x955ef6d3 CGSDeviceLock + 450 5 libRIP.A.dylib 0x900edde1 ripd_Lock + 61 6 libRIP.A.dylib 0x900e78ff ripl_BltImage + 321 7 libRIP.A.dylib 0x900d1c25 ripc_RenderImage + 273 8 libRIP.A.dylib 0x900e231c ripc_DrawImage + 4973 9 com.apple.CoreGraphics 0x955f843d CGContextDrawImage + 397 10 com.apple.AppKit 0x9650492f -[NSCGImageRep drawInRect:] + 145 11 com.apple.AppKit 0x96504893 -[NSCGImageRep draw] + 113 12 com.apple.AppKit 0x9645b001 -[NSCachedImageRep draw] + 66 13 com.apple.AppKit 0x963b314e -[NSImageRep drawInRect:] + 328 14 com.apple.AppKit 0x9645a642 -[NSCachedImageRep _drawFromRect:toRect:operation:alpha:compositing:flipped:ignoreContext:] + 2536 15 com.apple.AppKit 0x96459155 -[NSImage _composite:delta:fromRect:toPoint:] + 5060 16 com.apple.AppKit 0x96457d8a -[NSImage compositeToPoint:fromRect:operation:] + 63 17 com.apple.AppKit 0x96457d3f -[NSImage compositeToPoint:operation:] + 149 18 com.apple.Safari 0x000d4aa6 -[SpinningProgressIndicator drawImageAtIndex:] + 436 (SpinningProgressIndicator.m:206) 19 com.apple.Safari 0x000d4fd8 -[SpinningProgressIndicator heartbeatWithBirthDate:currentDate:context:] + 603 (SpinningProgressIndicator.m:298) 20 com.apple.Safari 0x000d564a -[Heartbeat _heartbeat] + 678 (SpinningProgressIndicator.m:412) 21 com.apple.Foundation 0x931cb663 __NSFireTimer + 147 22 com.apple.CoreFoundation 0x9360eb7e CFRunLoopRunSpecific + 4494 23 com.apple.CoreFoundation 0x9360ed38 CFRunLoopRunInMode + 88 24 com.apple.Foundation 0x931cb5b5 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 213 25 com.apple.Foundation 0x931d76d4 -[NSRunLoop(NSRunLoop) run] + 84 26 com.apple.Safari 0x000d5844 -[Heartbeat _startHeartbeatRunLoop] + 272 (SpinningProgressIndicator.m:450) 27 com.apple.Foundation 0x9319704d -[NSThread main] + 45 28 com.apple.Foundation 0x93196bf4 __NSThread__main__ + 308 29 libSystem.B.dylib 0x943e0075 _pthread_start + 321 30 libSystem.B.dylib 0x943dff32 thread_start + 34 Thread 5: 0 libSystem.B.dylib 0x943fef5a select$DARWIN_EXTSN + 10 1 libSystem.B.dylib 0x943e0075 _pthread_start + 321 2 libSystem.B.dylib 0x943dff32 thread_start + 34 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x002000f0 ebx: 0x0233981a ecx: 0x021e9028 edx: 0x00200000 edi: 0xbfffe060 esi: 0x00000000 ebp: 0xbfffdb78 esp: 0xbfffdb60 ss: 0x0000001f efl: 0x00010206 eip: 0x01ec9b33 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0x021e904c Binary Images: 0x1000 - 0x188fff com.apple.Safari 3.0.4 (5525.1) <e36f266726e4bc2386e50987318b6f2e> /Build/symroots/Debug/Safari.app/Contents/MacOS/Safari 0x2ce000 - 0x3d0fef com.apple.WebKit 525.1+ (525.1+) <a59fce1d6a7b1f508304ae260e5a6d25> /Build/symroots/Debug/WebKit.framework/Versions/A/WebKit 0x54d000 - 0x55bff8 SyndicationUI ??? (???) <b889956deee65d04d3540e0b71ef93d9> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0x56a000 - 0x63effb com.apple.JavaScriptCore 525.1+ (525.1+) <31902d8065592251ca36979e4ada7b15> /Build/symroots/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x9b5000 - 0x9baff3 libCGXCoreImage.A.dylib ??? (???) <978986709159e5fe9e094df5efddac1d> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib 0x1d86000 - 0x2757ff0 com.apple.WebCore 525.1+ (525.1+) <11f9d1ad086f130edd70c498d9c42f0f> /Build/symroots/Debug/WebCore.framework/Versions/A/WebCore 0x3d00000 - 0x3de6ff7 com.apple.RawCamera.bundle 2.0 (2.0) /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x185a2000 - 0x185a2ffe com.apple.JavaPluginCocoa 12.0.0 (12.0.0) <02a9f23a8bfc902c32ac0adfb66d6816> /Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/MacOS/JavaPluginCocoa 0x185ea000 - 0x185f1ffd com.apple.JavaVM 12.0.0 (12.0.0) <44b9536fe4d7c7fcb3506adb695a180f> /System/Library/Frameworks/JavaVM.framework/Versions/A/JavaVM 0x8fe00000 - 0x8fe2d883 dyld 95.3 (???) <81592e798780564b5d46b988f7ee1a6a> /usr/lib/dyld 0x90003000 - 0x9003fff7 com.apple.CoreMediaIOServicesPrivate 1.2 (1.2) /System/Library/PrivateFrameworks/CoreMediaIOServicesPrivate.framework/Versions/A/CoreMediaIOServicesPrivate 0x90040000 - 0x900bcfeb com.apple.audio.CoreAudio 3.1.0 (3.1) <70bb7c657061631491029a61babe0b26> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x900bd000 - 0x900bdffa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x900be000 - 0x900ccffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x900cd000 - 0x9010efe7 libRIP.A.dylib ??? (???) <bdc6d70bf4ed3dace321b4ff76a353b3> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x9010f000 - 0x90139fef libauto.dylib ??? (???) <d468bc4a8a69343f1748c293db1b57fb> /usr/lib/libauto.dylib 0x9013a000 - 0x9013cff5 libRadiance.dylib ??? (???) <20eadb285da83df96c795c2c5fa20590> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x9013d000 - 0x90443fff com.apple.HIToolbox 1.5.0 (???) <1b872a7151ee3f80c9c736a3e46d00d9> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x9095a000 - 0x90a0cffb libcrypto.0.9.7.dylib ??? (???) <330b0e48e67faffc8c22dfc069ca7a47> /usr/lib/libcrypto.0.9.7.dylib 0x90a0d000 - 0x90a0efef libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib 0x90a0f000 - 0x90a0fffd com.apple.vecLib 3.4 (vecLib 3.4) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x90a10000 - 0x90a3ffe3 com.apple.AE 402 (402) <994ba8e884aefe7bf1fc5987df099e7b> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x90b20000 - 0x90b34ff3 com.apple.ImageCapture 4.0 (5.0.0) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x90c27000 - 0x90c5dfff com.apple.SystemConfiguration 1.9.0 (1.9.0) <7919d9588c3b0d556646e555b7193f1f> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x90c5e000 - 0x90c6efff com.apple.speech.synthesis.framework 3.6.59 (3.6.59) <4ffef145fad3d4d787e0c33eab26b336> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x90d7a000 - 0x90d7ffff com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup 0x91d57000 - 0x91d5dfff com.apple.print.framework.Print 218 (220) <c35172175abbe554ddadd9b6401351fa> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x91d5e000 - 0x91d6aff5 libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x91d6b000 - 0x91d86ffb libPng.dylib ??? (???) <b6abcac36ec7654ff3e1cfa786b0117b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91dc5000 - 0x91e0ffe1 com.apple.securityinterface 3.0 (32532) <f521dae416ce7a3bdd594b0d4e2fb517> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x91e10000 - 0x91e1bff9 com.apple.helpdata 1.0 (14) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData 0x92085000 - 0x920beffe com.apple.securityfoundation 3.0 (32585) <cc88aa94d417917bdf35035819ccf4b4> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x920c5000 - 0x920c5ff8 com.apple.Cocoa 6.5 (???) <e064f94d969ce25cb7de3cfb980c3249> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x920c6000 - 0x920eafff libxslt.1.dylib ??? (???) <4933ddc7f6618743197aadc85b33b5ab> /usr/lib/libxslt.1.dylib 0x920eb000 - 0x920ecffc libffi.dylib ??? (???) <a3b573eb950ca583290f7b2b4c486d09> /usr/lib/libffi.dylib 0x920ed000 - 0x92147ff7 com.apple.CoreText 2.0.0 (???) <7fa39cd5bc847615ec02e7c7a37c0508> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x92148000 - 0x92150fff com.apple.DiskArbitration 2.2 (2.2) <1551b2af557fdf6f368f93e093933852> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x92151000 - 0x92463fe2 com.apple.QuickTime 7.3.0 (7.3.0) <adfe6f92ffe38bc57df6b8cb2e6ea9d9> /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x92467000 - 0x924a9fef com.apple.NavigationServices 3.5 (160) <26d03493eac3e290fd1d0fd5ff311863> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x924aa000 - 0x924adfff com.apple.help 1.1 (36) <b507b08e484cb89033e9cf23062d77de> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x924c2000 - 0x924c4fff com.apple.securityhi 3.0 (30817) <2b2854123fed609d1820d2779e2e0963> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x924c5000 - 0x9252affb com.apple.ISSupport 1.6 (34) /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport 0x9252b000 - 0x925dbfff edu.mit.Kerberos 6.0.11 (6.0.11) <33c25789baedcd70a7e24881775dd9ad> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x925dc000 - 0x925dcffd com.apple.Accelerate 1.4 (Accelerate 1.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x925dd000 - 0x9299bfea libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x9299c000 - 0x929d9ff7 libGLImage.dylib ??? (???) <2d5ec9fc8b04b7b33f1d40ec83d86bf3> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x929da000 - 0x92a02ff7 com.apple.shortcut 1 (1.0) <057783867138902b52bc0941fedb74d1> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut 0x92ac9000 - 0x92e5efef com.apple.QuartzCore 1.5.0 (1.5.0) <363cc63c669523cc3fec577949bb1308> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x92e5f000 - 0x92ebbff7 com.apple.htmlrendering 68 (1.1.3) <fe87a9dede38db00e6c8949942c6bd4f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x92ec8000 - 0x93046fff com.apple.AddressBook.framework 4.1 (687) <3f005092d08e963eabe8f7f66c09cc1e> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x93047000 - 0x9318cff7 com.apple.ImageIO.framework 2.0.0 (2.0.0) <154d4d8cda2bd99518cbabc9f2d69833> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x9318d000 - 0x93406fe7 com.apple.Foundation 6.5 (677) <d182b2cc21817f7e5b6c7a1b3f421a98> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x93458000 - 0x934e3ff7 com.apple.QTKit 7.3 (7.3) /System/Library/Frameworks/QTKit.framework/Versions/A/QTKit 0x934e4000 - 0x9355bfe3 com.apple.CFNetwork 217 (219) <f3c16ae4b2faeb134957ee96d90dc5ca> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x9355c000 - 0x9359bfef libTIFF.dylib ??? (???) <6d0f80e9d4d81f3f64c876aca005bd53> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x9359c000 - 0x936cefe7 com.apple.CoreFoundation 6.5 (476) <8bfebc0dbad6fc33bea0fa00a1b9ec37> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x936cf000 - 0x936fcfeb libvDSP.dylib ??? (???) <a26683d121ee0f96df9a9d0bfca36049> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x936fd000 - 0x93789ff7 com.apple.LaunchServices 283 (283) <30168051779817916e04eb8e85fcc17f> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x9378a000 - 0x93791ff7 libCGATS.A.dylib ??? (???) <9b29a5500efe01cc3adea67bbc42568e> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x93792000 - 0x93819ff7 libsqlite3.0.dylib ??? (???) <273efcb717e89c21207c851d7d33fda4> /usr/lib/libsqlite3.0.dylib 0x9381a000 - 0x93838fff libresolv.9.dylib ??? (???) <54e6a08c2f108bdf5916fb483d51961b> /usr/lib/libresolv.9.dylib 0x93839000 - 0x93840ffe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib 0x93841000 - 0x93922ff7 libxml2.2.dylib ??? (???) <450ec38b57fb46013847cce851001a2f> /usr/lib/libxml2.2.dylib 0x93923000 - 0x93973ff7 com.apple.HIServices 1.6.0 (???) <d74aa73e4cfd30a08fb169198a8d2539> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x939e4000 - 0x939e4ffd com.apple.Accelerate.vecLib 3.4 (vecLib 3.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x939e5000 - 0x93a3efff libGLU.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x93a3f000 - 0x93a75fef libtidy.A.dylib ??? (???) <e4d3e7399fb83d7f145f9b4ec8196242> /usr/lib/libtidy.A.dylib 0x93aa7000 - 0x93ad9fff com.apple.LDAPFramework 1.4.3 (106) <3a5c9df6032143cd6bc2658a9d328d8e> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x93ada000 - 0x93afdfff com.apple.CoreMediaPrivate 1.2 (1.2) <f2f275de4f50406fbebc42603399f029> /System/Library/PrivateFrameworks/CoreMediaPrivate.framework/Versions/A/CoreMediaPrivate 0x93b04000 - 0x93b0efeb com.apple.audio.SoundManager 3.9.2 (3.9.2) <0f2ba6e891d3761212cf5a5e6134d683> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x93ccb000 - 0x94197ffe libGLProgrammability.dylib ??? (???) <ebd2e6c99ec2662b4bdaa3212ab94aed> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x94198000 - 0x94277fff libobjc.A.dylib ??? (???) <5eda47fec2d0e7853b3506aa1fd2dafa> /usr/lib/libobjc.A.dylib 0x943af000 - 0x94509fe3 libSystem.B.dylib ??? (???) <8ecc83dc0399be3946f7a46e88cf4bbb> /usr/lib/libSystem.B.dylib 0x945ff000 - 0x94603fff libGIF.dylib ??? (???) <d4234e6f5e5f530bdafb969157f1f17b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x94604000 - 0x94604ffc com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x946a3000 - 0x946cafff libcups.2.dylib ??? (???) <6b61eb99e6f5dd2d66cd224e9f82427d> /usr/lib/libcups.2.dylib 0x946cb000 - 0x946cdfff com.apple.CrashReporterSupport 10.5.0 (156) <3088b785b10d03504ed02f3fee5d3aab> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x946ce000 - 0x94713fef com.apple.Metadata 10.5.0 (398) <4fd74fba0062c2e08ec4b1c10b40ff63> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x94714000 - 0x94793ff5 com.apple.SearchKit 1.2.0 (1.2.0) <277b460da86bc222785159fe77e2e2ed> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x94794000 - 0x9479ffe7 libCSync.A.dylib ??? (???) <df82fc093e498a9eb5490761cb292218> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x947a0000 - 0x94a79fe7 com.apple.CoreServices.CarbonCore 783 (783) <8370e664eeb25edc98d5c1f5405b06ae> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x94acd000 - 0x94b07ff7 com.apple.coreui 0.1 (60) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x94bb6000 - 0x94bccfe7 com.apple.CoreVideo 1.5.0 (1.5.0) <8947e88900afa1d2ca78b69bff98b0d7> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x94bcd000 - 0x94c60fff com.apple.ink.framework 101.3 (86) <bf3fa8927b4b8baae92381a976fd2079> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x94c61000 - 0x94c80ffa libJPEG.dylib ??? (???) <0cfb80109d624beb9ceb3c43b6c5ec10> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x94c99000 - 0x94e62fef com.apple.security 5.0 (31122) <0759867b3944f1e54ce3d9078bbdb867> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x94e68000 - 0x95278fef libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x95279000 - 0x952f3ff8 com.apple.print.framework.PrintCore 5.5 (245) <9441d178f4b430cf92b67bf346646693> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x952f4000 - 0x95304ffc com.apple.LangAnalysis 1.6.4 (1.6.4) <cbeb17ab39f28351fe2ab5b82bf465bc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x95305000 - 0x95314fff libsasl2.2.dylib ??? (???) <b9e1ca0b6612e280b6cbea6df0eec5f6> /usr/lib/libsasl2.2.dylib 0x95315000 - 0x953e0fff com.apple.ColorSync 4.5.0 (4.5.0) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x953ee000 - 0x95512fe3 com.apple.audio.toolbox.AudioToolbox 1.5 (1.5) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x95513000 - 0x955c2fff com.apple.DesktopServices 1.4.2 (1.4.2) <ec69c4072b0df6f52ef3f48fadf4c4b8> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x955c3000 - 0x955cffe7 com.apple.opengl 1.5.4 (1.5.4) <98bccaa83ca5e7101e821b4569a6a2ee> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x955d0000 - 0x955d0ffb com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallServer 0x955d1000 - 0x95c68fef com.apple.CoreGraphics 1.351.0 (???) <7a6f399039eed6dbe845c169f7d21a70> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x95c69000 - 0x95d6aff7 com.apple.PubSub 1.0.0 (59) /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub 0x95d6b000 - 0x95dc8ffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib 0x95dc9000 - 0x95e3dfef libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x95e3e000 - 0x95e3eff8 com.apple.ApplicationServices 34 (34) <8f910fa65f01d401ad8d04cc933cf887> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x95e3f000 - 0x95f23ffb com.apple.CoreData 100 (185) <a4e63784275e25e62f57e75e0af0b94d> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x95f24000 - 0x95fadfff com.apple.framework.IOKit 1.5.0 (???) <5d9b85c55183f9732eb9efc38d18ba53> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x95fae000 - 0x95faefff com.apple.Carbon 136 (136) <98a5e3bc0c4fa44bbb09713bb88707fe> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x95faf000 - 0x95fb6fe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib 0x95fb7000 - 0x9605eff7 com.apple.QD 3.11.49 (???) <ca01e72078d30d6b183aa5224344608b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x960ce000 - 0x96184fe3 com.apple.CoreServices.OSServices 209 (209) <89296b20d2db6c180eee073b699e3484> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x9618d000 - 0x962c5ff7 libicucore.A.dylib ??? (???) <afcea652ff2ec36885b2c81c57d06d4c> /usr/lib/libicucore.A.dylib 0x962c6000 - 0x962defff com.apple.openscripting 1.2.6 (???) <b8e553df643f2aec68fa968b3b459b2b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x962df000 - 0x962f5fff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x962f6000 - 0x96314ff3 com.apple.DirectoryService.Framework 3.5 (3.5) <899d8c9ee31b004a6ff73dab88982b1a> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x96315000 - 0x96b0ffef com.apple.AppKit 6.5 (949) <f8d0f6d0bb5ac092f48f42ca684bdb54> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x96b7d000 - 0x96ba1feb libssl.0.9.7.dylib ??? (???) <acee7fc534674498dcac211318aa23e8> /usr/lib/libssl.0.9.7.dylib 0x96ba2000 - 0x96ba7fff com.apple.CommonPanels 1.2.4 (85) <ea0665f57cd267609466ed8b2b20e893> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x96ba8000 - 0x96bb7ffe com.apple.DSObjCWrappers.Framework 1.2 (1.2) <f5b58d1d3a855a63d493ccbec417a1e9> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x96c05000 - 0x96c0efff com.apple.speech.recognition.framework 3.7.24 (3.7.24) <d3180f9edbd9a5e6f283d6156aa3c602> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x96c0f000 - 0x96cd6ff2 com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x96cd7000 - 0x96d69ff3 com.apple.ApplicationServices.ATS 3.0 (???) <fb5f572243dbc370a0ea5efc8e81ae11> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib

Attachments
First attempt (9.81 KB, patch) 2007-12-09 12:51 PST, Rob Buis	zimmermann: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Eric Seidel (no email)

Comment 1 2007-11-30 01:48:35 PST

I'm not sure how a Node can ever have a bad parent pointer... I would expect that the node itself has been destroyed, no?

Rob Buis

Comment 2 2007-12-09 12:51:22 PST

Created attachment 17806 [details] First attempt This should fix it. I am not sure if the SVGResource::removeClient in SVGStyledElement::detach was expected to be called, but apparently when detach is called from ~Node the SVGStyledElement object does not exist so its detach can't be called. Let me know whether the testcase reduction needs more changes... Cheers, Rob.

Nikolas Zimmermann

Comment 3 2007-12-09 16:06:10 PST

Comment on attachment 17806 [details] First attempt Good spot! r=me. Is there a specific reason to not use a for-loop, but the setTimeout solution? Is it a race condition? If not necessary I'd suggest to change that, and maybe use some more descriptive variable/element names ;-)

Rob Buis

Comment 4 2007-12-10 12:05:01 PST

Hi Niko, (In reply to comment #3) > (From update of attachment 17806 [details] [edit]) > Good spot! r=me. > > Is there a specific reason to not use a for-loop, but the setTimeout solution? > Is it a race condition? Apparently, I tried the for loop but it is not enough to trigger the problem. > If not necessary I'd suggest to change that, and maybe use some more > descriptive variable/element names ;-) I enhanced them a bit before landing :) Cheers, Rob.

Rob Buis

Comment 5 2007-12-10 12:05:43 PST

Landed in r28587.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Mac

OS OS X 10.4

Product WebKit

Component SVG

Assignee

Nobody

Reported

2007-11-27 13:19 PST

Modified

2007-12-10 12:05 PST History

CC List

0 users

URL

http://srufaculty.sru.edu/david.dailey/svg/HexGradRot.svg

Keywords NeedsReduction

Depends on

Blocks