12015 2006-12-28 11:44:37 -0800 svg/W3C-SVG-1.1/painting-marker-03-f.svg crashes 2006-12-28 15:41:46 -0800 1 1 1 Unclassified WebKit SVG 420+ Mac OS X 10.4 RESOLVED FIXED P1 Normal --- 1 ap webkit-unassigned oldest_to_newest 39226 0 ap 2006-12-28 11:44:37 -0800 Open this test in the browser, or run-webkit-tests --pixel svg/W3C-SVG-1.1/painting-marker-03-f.svg to reproduce the crash. I'm running a debug build of TOT. Thread 0 Crashed: 0 com.apple.WebCore 0x014b0cd0 WebCore::drawStartAndMidMarkers(void*, WebCore::PathElement const*) + 104 (RenderPath.cpp:388) 1 com.apple.WebCore 0x014d54ec WebCore::CGPathApplierToPathApplier(void*, CGPathElement const*) + 464 (PathCG.cpp:229) 2 com.apple.CoreGraphics 0x90435c70 CGPathApply + 548 3 com.apple.WebCore 0x014d5554 WebCore::Path::apply(void*, void (*)(void*, WebCore::PathElement const*)) const + 84 (PathCG.cpp:237) 4 com.apple.WebCore 0x014b1034 WebCore::RenderPath::drawMarkersIfNeeded(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::Path const&) const + 628 (RenderPath.cpp:424) 5 com.apple.WebCore 0x014b1664 WebCore::RenderPath::paint(WebCore::RenderObject::PaintInfo&, int, int) + 1528 (RenderPath.cpp:206) 39197 1 eric 2006-12-28 12:22:05 -0800 I am unable to reproduce the crash in my local build. I'll try with --guard and see if that causes a crash. 39198 2 eric 2006-12-28 12:23:27 -0800 run-webkit-tests --guard --pixel svg/W3C-SVG-1.1/painting-marker-03-f.svg also does not crash for me. 39187 3 eric 2006-12-28 12:24:48 -0800 I'm not able to reproduce this with 18457. 39188 4 ap 2006-12-28 12:39:09 -0800 The problem is in CGPathApplierToPathApplier(), points[2] is out of bounds. 39189 5 12085 eric 2006-12-28 12:43:43 -0800 Created attachment 12085 Fix as described by ap I never saw it crash for me, but this should fix things. Strange that ap was getting a crash and I was not. 39163 6 ddkilzer 2006-12-28 15:41:46 -0800 Landed in r18458 by eseidel. 12085 2006-12-28 12:43:43 -0800 2006-12-28 12:51:45 -0800 Fix as described by ap small.patch text/plain 1203 eric SW5kZXg6IENoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBDaGFuZ2VMb2cJKHJldmlzaW9uIDE4NDU3 KQorKysgQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTUgQEAKKzIwMDYtMTIt MjggIEVyaWMgU2VpZGVsICA8ZXJpY0B3ZWJraXQub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5 IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEZpeCBmb3IgbWVtb3J5IHNtYXNoZXIgd2hlbiBk cmF3aW5nIG1hcmtlcnMuCisgICAgICAgIGh0dHA6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTEyMDE1CisgICAgICAgIAorICAgICAgICBObyB0ZXN0IGNhc2UgcG9zc2libGUgKGNy YXNoZXMgZm9yIHNvbWUgZm9sa3MgYnV0IG5vdCBvdGhlcnMsIG5vdCBldmVuIHVuZGVyIC0tZ3Vh cmQpCisKKyAgICAgICAgKiBwbGF0Zm9ybS9ncmFwaGljcy9jZy9QYXRoQ0cuY3BwOgorICAgICAg ICAoV2ViQ29yZTo6Q0dQYXRoQXBwbGllclRvUGF0aEFwcGxpZXIpOiBhcnJheSB3YXMgdG9vIHNt YWxsCisKIDIwMDYtMTItMjggIE1pdHogUGV0dGVsICA8bWl0ekB3ZWJraXQub3JnPgogCiAgICAg ICAgIFJldmlld2VkIGJ5IERhcmluLgpJbmRleDogcGxhdGZvcm0vZ3JhcGhpY3MvY2cvUGF0aENH LmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09Ci0tLSBwbGF0Zm9ybS9ncmFwaGljcy9jZy9QYXRoQ0cuY3BwCShyZXZp c2lvbiAxODQ1NykKKysrIHBsYXRmb3JtL2dyYXBoaWNzL2NnL1BhdGhDRy5jcHAJKHdvcmtpbmcg Y29weSkKQEAgLTIwMyw3ICsyMDMsNyBAQCBzdHJ1Y3QgUGF0aEFwcGxpZXJJbmZvIHsKIHZvaWQg Q0dQYXRoQXBwbGllclRvUGF0aEFwcGxpZXIodm9pZCAqaW5mbywgY29uc3QgQ0dQYXRoRWxlbWVu dCAqZWxlbWVudCkKIHsKICAgICBQYXRoQXBwbGllckluZm8qIHBpbmZvID0gKFBhdGhBcHBsaWVy SW5mbyopaW5mbzsKLSAgICBGbG9hdFBvaW50IHBvaW50c1syXTsKKyAgICBGbG9hdFBvaW50IHBv aW50c1szXTsKICAgICBQYXRoRWxlbWVudCBwZWxlbWVudDsKICAgICBwZWxlbWVudC50eXBlID0g KFBhdGhFbGVtZW50VHlwZSllbGVtZW50LT50eXBlOwogICAgIHBlbGVtZW50LnBvaW50cyA9IHBv aW50czsK