RESOLVED FIXED 6059
Safari hung after failing to render large invalid SVG (in editing code?) 
https://bugs.webkit.org/show_bug.cgi?id=6059
Summary Safari hung after failing to render large invalid SVG (in editing code?)
Eric Seidel (no email)
Reported 2005-12-12 23:49:34 PST
Safari hung after failing to render large invalid SVG (in editing code?) Sample: Analysis of sampling pid 28073 every 10.000000 milliseconds Call graph: 891 Thread_0f1f 891 start 891 _start 891 main 891 NSApplicationMain 891 -[NSApplication run] 891 -[BrowserApplication sendEvent:] 891 -[NSApplication sendEvent:] 891 -[Window sendEvent:] 891 -[NSWindow sendEvent:] 891 forwardMethod 891 forwardMethod 891 forwardMethod 891 forwardMethod 891 forwardMethod 891 forwardMethod 891 forwardMethod 891 forwardMethod 891 -[NSNotificationCenter postNotificationName:object:userInfo:] 891 _CFXNotificationPostNotification 891 __CFXNotificationPost 891 _nsnote_callback 891 -[WebHTMLView mouseMovedNotification:] 891 -[WebHTMLView(WebPrivate) _updateMouseoverWithEvent:] 891 -[WebHTMLView elementAtPoint:] 891 -[WebCoreBridge elementAtPoint:] 891 KHTMLPart::isPointInsideSelection(int, int) 891 khtml::RenderText::positionForCoordinates(int, int) 891 khtml::VisiblePosition::VisiblePosition[in-charge] (DOM::NodeImpl*, int, khtml::EAffinity) 891 khtml::VisiblePosition::init(DOM::Position const&, khtml::EAffinity) 891 khtml::inSameLine(khtml::VisiblePosition const&, khtml::VisiblePosition const&) 891 khtml::startOfLine(khtml::VisiblePosition const&) 891 khtml::VisiblePosition::VisiblePosition[in-charge] (DOM::NodeImpl*, int, khtml::EAffinity) 891 khtml::VisiblePosition::init(DOM::Position const&, khtml::EAffinity) 890 khtml::VisiblePosition::nextVisiblePosition (DOM::Position const&) 509 DOM::Position::next (DOM::EUsingComposedCharacters) const 425 DOM::NodeImpl::maxDeepOffset() const 423 DOM::ContainerNodeImpl::childNodeCount() const 385 DOM::NodeImpl::nextSibling() const 385 DOM::NodeImpl::nextSibling() const 38 DOM::ContainerNodeImpl::childNodeCount() const 1 DOM::ElementImpl::hasTagName (DOM::QualifiedName const&) const 1 DOM::QualifiedName::matches (DOM::QualifiedName const&) const 1 DOM::QualifiedName::matches (DOM::QualifiedName const&) const 1 DOM::NodeImpl::maxDeepOffset() const 62 DOM::ContainerNodeImpl::childNode(unsigned) 59 DOM::NodeImpl::nextSibling() const 59 DOM::NodeImpl::nextSibling() const 3 DOM::ContainerNodeImpl::childNode(unsigned) 19 DOM::NodeImpl::nodeIndex() const 15 DOM::NodeImpl::previousSibling() const 15 DOM::NodeImpl::previousSibling() const 4 DOM::NodeImpl::nodeIndex() const 1 DOM::NodeImpl::nextOffset(int) const 1 khtml::RenderText::nextOffset(int) const 1 icu::RuleBasedBreakIterator::following(int) 1 icu::RuleBasedBreakIterator::handlePrevious (icu::RBBIStateTable const*) 1 icu::RuleBasedBreakIterator::handlePrevious (icu::RBBIStateTable const*) 1 DOM::Position::Position[in-charge](DOM::NodeImpl*, int) 1 DOM::Position::Position[in-charge] (DOM::NodeImpl*, int) 1 DOM::Position::next (DOM::EUsingComposedCharacters) const 379 DOM::Position::atEnd() const 379 DOM::NodeImpl::maxDeepOffset() const 378 DOM::ContainerNodeImpl::childNodeCount() const 340 DOM::NodeImpl::nextSibling() const 340 DOM::NodeImpl::nextSibling() const 38 DOM::ContainerNodeImpl::childNodeCount() const 1 DOM::NodeImpl::maxDeepOffset() const 1 DOM::NodeImpl::nodeIndex() const 1 DOM::NodeImpl::previousSibling() const 1 DOM::NodeImpl::previousSibling() const 1 khtml::VisiblePosition::nextVisiblePosition (DOM::Position const&) 1 khtml::VisiblePosition::isCandidate(DOM::Position const&) 1 DOM::Position::node() const 1 DOM::Position::node() const 891 Thread_1003 891 _pthread_body 891 forkThreadForFunction 891 +[WebFileDatabase _syncLoop:] 891 -[NSRunLoop run] 891 -[NSRunLoop runMode:beforeDate:] 891 CFRunLoopRunSpecific 891 __CFRunLoopRun 891 mach_msg 891 mach_msg_trap 891 mach_msg_trap 891 Thread_1103 891 _pthread_body 891 forkThreadForFunction 891 +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] 891 CFRunLoopRunSpecific 891 __CFRunLoopRun 891 mach_msg 891 mach_msg_trap 891 mach_msg_trap 891 Thread_1203 891 _pthread_body 891 forkThreadForFunction 891 +[NSURLCache _diskCacheSyncLoop:] 891 CFRunLoopRunSpecific 891 __CFRunLoopRun 891 mach_msg 891 mach_msg_trap 891 mach_msg_trap 891 Thread_1303 891 _pthread_body 891 forkThreadForFunction 891 -[AsyncDB _run:] 891 -[NSConditionLock lockWhenCondition:] 891 pthread_cond_wait 891 semaphore_wait_signal_trap 891 semaphore_wait_signal_trap 891 Thread_1403 891 _pthread_body 891 __CFSocketManager 891 select 891 select 891 Thread_1503 891 _pthread_body 891 forkThreadForFunction 891 -[NSUIHeartBeat _heartBeatThread:] 891 -[NSConditionLock lockWhenCondition:] 891 pthread_cond_wait 891 semaphore_wait_signal_trap 891 semaphore_wait_signal_trap Total number in stack (recursive counted multiple, when >=5): 8 forwardMethod 6 _pthread_body 5 forkThreadForFunction Sort by top of stack, same collapsed (when >= 5): mach_msg_trap 2673 semaphore_wait_signal_trap 1782 select 891 DOM::NodeImpl::nextSibling() const 784 DOM::ContainerNodeImpl::childNodeCount() const 76 DOM::NodeImpl::previousSibling() const 16
Attachments
Add attachment proposed patch, testcase, etc.
Ladd Van Tol
Comment 1 2005-12-17 14:13:57 PST
(In reply to comment #0) > Safari hung after failing to render large invalid SVG (in editing code?) Didn't happen here with current source.
Justin Garcia
Comment 2 2005-12-17 15:52:05 PST
Perhaps there's something special about the SVG that eric was trying to render. Eric, please attach it.
Justin Garcia
Comment 3 2005-12-17 15:53:07 PST
I'm a dork, the URL was attached.
Justin Garcia
Comment 4 2006-03-07 02:10:24 PST
I'm not actively looking at this, unassigning.
Rob Buis
Comment 5 2006-12-08 08:47:27 PST
My old website is gone, I am (slowly) replacing it by a new one. I tried ToT on an edited worldcup.svg and it worked fine. Maybe we should close this until we run into the problem again? Cheers, Rob.
mitz
Comment 6 2006-12-08 13:00:29 PST
This looks similar to bug 10735. The problem there is with wide trees of unrendered content and the fact that scanning for the first rendered position takes O(n^2) in the number of children.
Rob Buis
Comment 7 2006-12-09 00:50:53 PST
Talked with MacDome, we agreed to close it.
Note You need to log in before you can comment on or make changes to this bug.