100491 2012-10-26 03:33:27 -0700 Crash on loading SVG filter resource on HTML element 2012-10-26 08:57:26 -0700 1 1 1 Unclassified WebKit CSS 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 krit fmalita dino eric fmalita pdr schenney webkit.review.bot oldest_to_newest 751793 0 170873 krit 2012-10-26 03:33:27 -0700 Created attachment 170873 SVG Filter example Did not investigate further. Just noticed that Chromium and nightly are constantly crashing. This is the backlog: ASSERTION FAILED: filter->renderer()->isSVGResourceContainer() /Users/dschulze/Downloads/git-webkit/Source/WebCore/rendering/RenderLayerFilterInfo.cpp(144) : void WebCore::RenderLayerFilterInfo::updateReferenceFilterClients(const WebCore::FilterOperations &) 1 0x107553da6 WebCore::RenderLayerFilterInfo::updateReferenceFilterClients(WebCore::FilterOperations const&) 2 0x10752be7e WebCore::RenderLayer::updateOrRemoveFilterEffect() 3 0x10752dc39 WebCore::RenderLayer::styleChanged(WebCore::StyleDifference, WebCore::RenderStyle const*) 4 0x1074a5360 WebCore::RenderBoxModelObject::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) 5 0x107484036 WebCore::RenderBox::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) 6 0x10740cf23 WebCore::RenderBlock::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) 7 0x1075945e1 WebCore::RenderObject::setStyle(WTF::PassRefPtr<WebCore::RenderStyle>) 8 0x107593cea WebCore::RenderObject::setAnimatableStyle(WTF::PassRefPtr<WebCore::RenderStyle>) 9 0x10734d768 WebCore::NodeRendererFactory::createRenderer() 10 0x10734da2e WebCore::NodeRendererFactory::createRendererIfNeeded() 11 0x107335c45 WebCore::Node::createRendererIfNeeded() 12 0x106827d60 WebCore::Element::attach() 13 0x106a1e5ac WebCore::executeTask(WebCore::HTMLConstructionSiteTask&) 14 0x106a1e436 WebCore::HTMLConstructionSite::executeQueuedTasks() 15 0x106af8a59 WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken(WebCore::AtomicHTMLToken*) 16 0x106af884a WebCore::HTMLTreeBuilder::constructTreeFromToken(WebCore::HTMLToken&) 17 0x106a3c75a WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) 18 0x106a3c1f0 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) 19 0x106a3d0bf WebCore::HTMLDocumentParser::append(WebCore::SegmentedString const&) 20 0x1065e4a54 WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter*) 21 0x10669385c WebCore::DocumentWriter::end() 22 0x106671abf WebCore::DocumentLoader::finishedLoading() 23 0x107295d9d WebCore::MainResourceLoader::didFinishLoading(double) 24 0x1076d5005 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) 25 0x1076d1c1a -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] 26 0x7fff83b08f58 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 27 0x7fff83b08e9c -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] 28 0x7fff83b08d98 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] 29 0x7fff8482cf01 ___delegate_didFinishLoading_block_invoke_0 30 0x7fff8481f3ca ___withDelegateAsync_block_invoke_0 31 0x7fff848af56a __block_global_1 751984 1 170913 fmalita 2012-10-26 06:47:49 -0700 Created attachment 170913 Reduced repro 751988 2 fmalita 2012-10-26 06:51:42 -0700 Asserting seems the wrong thing to do there: users can reference arbitrary elements (see the second attachment) and we should just ignore non-filters. 751991 3 krit 2012-10-26 06:52:54 -0700 Sure, but chromium crashes for me. So it is not just the assertion but a real bug. 752008 4 170917 fmalita 2012-10-26 07:09:14 -0700 Created attachment 170917 Patch 752010 5 fmalita 2012-10-26 07:11:08 -0700 (In reply to comment #3) > Sure, but chromium crashes for me. So it is not just the assertion but a real bug. Right, it crashes one line below when trying to treat some arbitrary element as a RenderSVGResourceContainer. 752072 6 170917 krit 2012-10-26 08:27:08 -0700 Comment on attachment 170917 Patch Now I see my mistake, forgot the <svg> element ;) LGTM. r=me. 752074 7 fmalita 2012-10-26 08:31:02 -0700 Thanks Dirk. (In reply to comment #6) > (From update of attachment 170917 [details]) > Now I see my mistake, forgot the <svg> element ;) Good thing you did - you found this bug :) 752099 8 170917 webkit.review.bot 2012-10-26 08:57:22 -0700 Comment on attachment 170917 Patch Clearing flags on attachment: 170917 Committed r132665: <http://trac.webkit.org/changeset/132665> 752100 9 webkit.review.bot 2012-10-26 08:57:26 -0700 All reviewed patches have been landed. Closing bug. 170873 2012-10-26 03:33:27 -0700 2012-10-26 03:33:27 -0700 SVG Filter example filter-reference.html text/html 353 krit PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGJvZHk+CjxmaWx0ZXIgaWQ9ImZpbHRl ciI+Cgk8ZmVHYXVzc2lhbkJsdXIgc3RkRGV2aWF0aW9uPSIyIj4KCQk8YW5pbWF0ZSBhdHRyaWJ1 dGVOYW1lPSJzdGREZXZpYXRpb24iIGR1cj0iNXMiIHZhbHVlcz0iMTs1MDswOzMwOzAiIGZpbGw9 ImZyZWV6ZSIgb25sb2FkPSJhbGVydCgndGVzdCEnKSIvPgoJPC9mZUdhdXNzaWFuQmx1cj4KPC9m aWx0ZXI+CjxkaXYgc3R5bGU9IndpZHRoOiAyMDBweDsgaGVpZ2h0OiAyMDBweDsgYmFja2dyb3Vu ZC1jb2xvcjogZ3JlZW47IC13ZWJraXQtZmlsdGVyOiB1cmwoI2ZpbHRlcikiPjwvZGl2Pgo8L2Jv ZHk+CjwvaHRtbD4= 170913 2012-10-26 06:47:49 -0700 2012-10-26 06:47:49 -0700 Reduced repro filter-reference2.html text/html 194 fmalita PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGJvZHk+CjxkaXYgaWQ9ImZha2VfZmls dGVyIj48L2Rpdj4KPGRpdiBzdHlsZT0id2lkdGg6IDIwMHB4OyBoZWlnaHQ6IDIwMHB4OyBiYWNr Z3JvdW5kLWNvbG9yOiBncmVlbjsgLXdlYmtpdC1maWx0ZXI6IHVybCgjZmFrZV9maWx0ZXIpOyI+ PC9kaXY+CjwvYm9keT4KPC9odG1sPgo= 170917 2012-10-26 07:09:14 -0700 2012-10-26 08:57:22 -0700 Patch bug-100491-20121026100746.patch text/plain 3722 fmalita U3VidmVyc2lvbiBSZXZpc2lvbjogMTMyNjMzCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMjI1ZGMyN2YzYjg5ODIz ODI5ODRkNDJjYmYwZTA2YjRiMTI3YWFhMi4uNTU5Mzk4MWQ0MDRlMTY3YzNlYjJjNDM0MGYxMzU0 OTkxMDViMDExNiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE3IEBACisyMDEyLTEwLTI2ICBGbG9y aW4gTWFsaXRhICA8Zm1hbGl0YUBjaHJvbWl1bS5vcmc+CisKKyAgICAgICAgQ3Jhc2ggb24gbG9h ZGluZyBTVkcgZmlsdGVyIHJlc291cmNlIG9uIEhUTUwgZWxlbWVudAorICAgICAgICBodHRwczov L2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTAwNDkxCisKKyAgICAgICAgUmV2aWV3 ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgU2tpcCBub24tZmlsdGVyIGVsZW1lbnRz IHJlZmVyZW5jZWQgdmlhIC13ZWJraXQtZmlsdGVyLgorCisgICAgICAgIFRlc3Q6IHN2Zy9maWx0 ZXJzL2ZpbHRlci1yZWZlcmVuY2UtY3Jhc2guaHRtbAorCisgICAgICAgICogcmVuZGVyaW5nL1Jl bmRlckxheWVyRmlsdGVySW5mby5jcHA6CisgICAgICAgIChXZWJDb3JlOjpSZW5kZXJMYXllckZp bHRlckluZm86OnVwZGF0ZVJlZmVyZW5jZUZpbHRlckNsaWVudHMpOgorCiAyMDEyLTEwLTI2ICBL ZW5uZXRoIFJvaGRlIENocmlzdGlhbnNlbiAgPGtlbm5ldGhAd2Via2l0Lm9yZz4KIAogICAgICAg ICBQcmludGluZyBzaG91bGQgdXNlIHVzZSBoaWdoIHJlc29sdXRpb24gaW1hZ2VzIHdoZW4gYXZh aWxhYmxlCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyTGF5ZXJG aWx0ZXJJbmZvLmNwcCBiL1NvdXJjZS9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJMYXllckZpbHRl ckluZm8uY3BwCmluZGV4IDg2YjkyZGY2NzlhM2NhMmVkZWRmMzQ5MjMwOGQ1NWQ2YjY0MjA1OWMu LjE5MGRlNjFiZTVjMWMxNGEzZTU2YzRhYTliMWRkYTBmNmQ5M2U0NDAgMTAwNjQ0Ci0tLSBhL1Nv dXJjZS9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJMYXllckZpbHRlckluZm8uY3BwCisrKyBiL1Nv dXJjZS9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJMYXllckZpbHRlckluZm8uY3BwCkBAIC0xNDEs OSArMTQxLDggQEAgdm9pZCBSZW5kZXJMYXllckZpbHRlckluZm86OnVwZGF0ZVJlZmVyZW5jZUZp bHRlckNsaWVudHMoY29uc3QgRmlsdGVyT3BlcmF0aW9ucyYKICAgICAgICAgICAgIC8vIFJlZmVy ZW5jZSBpcyBpbnRlcm5hbDsgYWRkIGxheWVyIGFzIGEgY2xpZW50IHNvIHdlIGNhbiB0cmlnZ2Vy CiAgICAgICAgICAgICAvLyBmaWx0ZXIgcmVwYWludCBvbiBTVkcgYXR0cmlidXRlIGNoYW5nZS4K ICAgICAgICAgICAgIEVsZW1lbnQqIGZpbHRlciA9IG1fbGF5ZXItPnJlbmRlcmVyKCktPm5vZGUo KS0+ZG9jdW1lbnQoKS0+Z2V0RWxlbWVudEJ5SWQocmVmZXJlbmNlRmlsdGVyT3BlcmF0aW9uLT5m cmFnbWVudCgpKTsKLSAgICAgICAgICAgIGlmICghZmlsdGVyIHx8ICFmaWx0ZXItPnJlbmRlcmVy KCkpCisgICAgICAgICAgICBpZiAoIWZpbHRlciB8fCAhZmlsdGVyLT5yZW5kZXJlcigpIHx8ICFm aWx0ZXItPnJlbmRlcmVyKCktPmlzU1ZHUmVzb3VyY2VGaWx0ZXIoKSkKICAgICAgICAgICAgICAg ICBjb250aW51ZTsKLSAgICAgICAgICAgIEFTU0VSVChmaWx0ZXItPnJlbmRlcmVyKCktPmlzU1ZH UmVzb3VyY2VDb250YWluZXIoKSk7CiAgICAgICAgICAgICBmaWx0ZXItPnJlbmRlcmVyKCktPnRv UmVuZGVyU1ZHUmVzb3VyY2VDb250YWluZXIoKS0+YWRkQ2xpZW50UmVuZGVyTGF5ZXIobV9sYXll cik7CiAgICAgICAgICAgICBtX2ludGVybmFsU1ZHUmVmZXJlbmNlcy5hcHBlbmQoZmlsdGVyKTsK ICAgICAgICAgfQpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nIGIvTGF5b3V0VGVz dHMvQ2hhbmdlTG9nCmluZGV4IDBkNWVmYzYxYWJkZGZlNjIxMjU0NzMxNDYzMGU5MzQ3MzgwMzQy NTMuLjI0MjQxZjgxOTIzMjQxZWQxMGU2YWMxMTRlNjI3MmFhZTczNTMwNjkgMTAwNjQ0Ci0tLSBh L0xheW91dFRlc3RzL0NoYW5nZUxvZworKysgYi9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKQEAgLTEs MyArMSwxMyBAQAorMjAxMi0xMC0yNiAgRmxvcmluIE1hbGl0YSAgPGZtYWxpdGFAY2hyb21pdW0u b3JnPgorCisgICAgICAgIENyYXNoIG9uIGxvYWRpbmcgU1ZHIGZpbHRlciByZXNvdXJjZSBvbiBI VE1MIGVsZW1lbnQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dp P2lkPTEwMDQ5MQorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAg ICAgICogc3ZnL2ZpbHRlcnMvZmlsdGVyLXJlZmVyZW5jZS1jcmFzaC1leHBlY3RlZC50eHQ6IEFk ZGVkLgorICAgICAgICAqIHN2Zy9maWx0ZXJzL2ZpbHRlci1yZWZlcmVuY2UtY3Jhc2guaHRtbDog QWRkZWQuCisKIDIwMTItMTAtMjYgIEtlbm5ldGggUm9oZGUgQ2hyaXN0aWFuc2VuICA8a2VubmV0 aEB3ZWJraXQub3JnPgogCiAgICAgICAgIFByaW50aW5nIHNob3VsZCB1c2UgdXNlIGhpZ2ggcmVz b2x1dGlvbiBpbWFnZXMgd2hlbiBhdmFpbGFibGUKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL3N2 Zy9maWx0ZXJzL2ZpbHRlci1yZWZlcmVuY2UtY3Jhc2gtZXhwZWN0ZWQudHh0IGIvTGF5b3V0VGVz dHMvc3ZnL2ZpbHRlcnMvZmlsdGVyLXJlZmVyZW5jZS1jcmFzaC1leHBlY3RlZC50eHQKbmV3IGZp bGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMC4uODg2YTk2YjgxZmNkNDU5YTkzZDQ4ODBhNTJkMGMwNmQyMjQzMTQ0ZQotLS0gL2Rldi9u dWxsCisrKyBiL0xheW91dFRlc3RzL3N2Zy9maWx0ZXJzL2ZpbHRlci1yZWZlcmVuY2UtY3Jhc2gt ZXhwZWN0ZWQudHh0CkBAIC0wLDAgKzEsMiBAQAorUEFTUzogZGlkIG5vdCBjcmFzaC4KKwpkaWZm IC0tZ2l0IGEvTGF5b3V0VGVzdHMvc3ZnL2ZpbHRlcnMvZmlsdGVyLXJlZmVyZW5jZS1jcmFzaC5o dG1sIGIvTGF5b3V0VGVzdHMvc3ZnL2ZpbHRlcnMvZmlsdGVyLXJlZmVyZW5jZS1jcmFzaC5odG1s Cm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAuLjhkNjU3MWRiOTRlOGY3MzUzMWVmYzFkMzVjY2NjZTY0N2MyOWQ3M2YKLS0t IC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9zdmcvZmlsdGVycy9maWx0ZXItcmVmZXJlbmNl LWNyYXNoLmh0bWwKQEAgLTAsMCArMSwxMyBAQAorPCFET0NUWVBFIGh0bWw+Cis8aHRtbCBsYW5n PSJlbiI+CisgIDwhLS0gVGVzdCBmb3IgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTEwMDQ5MSAtLT4KKyAgPGJvZHk+CisgICAgPGRpdiBpZD0iZmFrZV9maWx0ZXIiPlBB U1M6IGRpZCBub3QgY3Jhc2guPC9kaXY+CisgICAgPGRpdiBzdHlsZT0id2lkdGg6IDEwMHB4OyBo ZWlnaHQ6IDEwMHB4OyBiYWNrZ3JvdW5kLWNvbG9yOiBncmVlbjsgLXdlYmtpdC1maWx0ZXI6IHVy bCgjZmFrZV9maWx0ZXIpOyI+PC9kaXY+CisKKyAgPHNjcmlwdD4KKyAgICBpZih3aW5kb3cudGVz dFJ1bm5lcikKKyAgICAgIHRlc3RSdW5uZXIuZHVtcEFzVGV4dCgpOworICA8L3NjcmlwdD4KKyAg PC9ib2R5PgorPC9odG1sPgo=