Bug 10402

Summary:

REPRO: SVG crashes inside gradient code

Product:

WebKit

Reporter:

Eric Seidel (no email) <eric>

Component:

SVG

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

Keywords:

SVGHitList

Priority:

Version:

420+

Hardware:

Mac

OS:

OS X 10.4

URL:

http://srufaculty.sru.edu/david.dailey/svg/flicker.svg

Attachments:

Description	Flags
First attempt	eric: review-
Improved patch+testcase	eric: review+

Eric Seidel (no email)

Reported 2006-08-14 23:40:51 PDT

SVG crashes inside gradient code Click on "distort" and then on "cx". Safari crashes every time. Date/Time: 2006-08-15 01:38:40.538 -0500 OS Version: 10.4.7 (Build 8J2135) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: zsh [10626] Version: 2.0.4 (419.3) Build Version: 2 Project Name: WebBrowser Source Version: 4190300 PID: 2053 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000070 Thread 0 Crashed: 0 com.apple.WebCore 0x01869905 WebCore::KRenderingPaintServerGradient::setGradientSpreadMethod(WebCore::KCGradientSpreadMethod const&) + 9 (KRenderingPaintServerGradient.cpp:113) 1 com.apple.WebCore 0x018b6d27 WebCore::SVGRadialGradientElement::buildGradient(WebCore::KRenderingPaintServerGradient*) const + 1861 (SVGRadialGradientElement.cpp:196) 2 com.apple.WebCore 0x018a28b2 WebCore::SVGGradientElement::notifyAttributeChange() const + 110 (SVGGradientElement.cpp:112) 3 com.apple.WebCore 0x018a48c0 WebCore::SVGLength::updateValue(bool) + 844 (SVGLength.cpp:231) 4 com.apple.WebCore 0x018a4ef7 WebCore::SVGLength::setValueAsString(WebCore::String const&) + 1027 (SVGLength.cpp:149) 5 com.apple.WebCore 0x018b63f1 WebCore::SVGRadialGradientElement::parseMappedAttribute(WebCore::MappedAttribute*) + 125 (SVGRadialGradientElement.cpp:102) 6 com.apple.WebCore 0x01a62d41 WebCore::StyledElement::attributeChanged(WebCore::Attribute*, bool) + 489 (StyledElement.cpp:180) 7 com.apple.WebCore 0x018b900a WebCore::SVGStyledElement::attributeChanged(WebCore::Attribute*, bool) + 38 (SVGStyledElement.cpp:111) 8 com.apple.WebCore 0x01a6b778 WebCore::Element::setAttribute(WebCore::QualifiedName const&, WebCore::StringImpl*, int&) + 464 (Element.cpp:386) 9 com.apple.WebCore 0x01a6b862 WebCore::Element::setAttributeNS(WebCore::String const&, WebCore::String const&, WebCore::String const&, int&) + 226 (Element.cpp:790) 10 com.apple.WebCore 0x01a5c10f WebCore::JSElementProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 2197 (JSElement.cpp:337) 11 com.apple.JavaScriptCore 0x010353b0 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:96) 12 com.apple.JavaScriptCore 0x0102b23b KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 843 (nodes.cpp:772) 13 com.apple.JavaScriptCore 0x01028458 KJS::ExprStatementNode::execute(KJS::ExecState*) + 148 (nodes.cpp:1672) 14 com.apple.JavaScriptCore 0x01026186 KJS::SourceElementsNode::execute(KJS::ExecState*) + 566 (nodes.cpp:2455) 15 com.apple.JavaScriptCore 0x01024988 KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1648) 16 com.apple.JavaScriptCore 0x0102834c KJS::IfNode::execute(KJS::ExecState*) + 420 (nodes.cpp:1691) 17 com.apple.JavaScriptCore 0x01026050 KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2449) 18 com.apple.JavaScriptCore 0x01024988 KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1648) 19 com.apple.JavaScriptCore 0x01027570 KJS::ForNode::execute(KJS::ExecState*) + 876 (nodes.cpp:1819) 20 com.apple.JavaScriptCore 0x01026186 KJS::SourceElementsNode::execute(KJS::ExecState*) + 566 (nodes.cpp:2455) 21 com.apple.JavaScriptCore 0x01024988 KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1648) 22 com.apple.JavaScriptCore 0x01016f3a KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 50 (function.cpp:342) 23 com.apple.JavaScriptCore 0x010168b0 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 552 (function.cpp:107) 24 com.apple.JavaScriptCore 0x010353b0 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:96) 25 com.apple.JavaScriptCore 0x0102b9bc KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 716 (nodes.cpp:679) 26 com.apple.JavaScriptCore 0x01028458 KJS::ExprStatementNode::execute(KJS::ExecState*) + 148 (nodes.cpp:1672) 27 com.apple.JavaScriptCore 0x01026050 KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2449) 28 com.apple.JavaScriptCore 0x01024988 KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1648) 29 com.apple.JavaScriptCore 0x0101debc KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) + 956 (interpreter.cpp:476) 30 com.apple.WebCore 0x01a8b193 WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String const&, WebCore::Node*) + 319 (kjs_proxy.cpp:68) 31 com.apple.WebCore 0x018e1e25 WebCore::Frame::executeScript(WebCore::Node*, WebCore::DeprecatedString const&, bool) + 209 (Frame.cpp:392) 32 com.apple.WebCore 0x01a8ea2d KJS::ScheduledAction::execute(KJS::Window*) + 835 (kjs_window.cpp:1835) 33 com.apple.WebCore 0x01a94b1c KJS::Window::timerFired(KJS::DOMWindowTimer*) + 148 (kjs_window.cpp:1940) 34 com.apple.WebCore 0x01a94b5b KJS::DOMWindowTimer::fired() + 27 (kjs_window.cpp:2498) 35 com.apple.WebCore 0x01a2e3d2 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, (unsigned long)0> const&) + 196 (Timer.cpp:322) 36 com.apple.WebCore 0x01a2e46f WebCore::TimerBase::sharedTimerFired() + 109 (Timer.cpp:355) 37 com.apple.WebCore 0x01a2db26 WebCore::timerFired(__CFRunLoopTimer*, void*) + 22 (SharedTimerMac.cpp:47) 38 com.apple.CoreFoundation 0x90823bc9 CFRunLoopRunSpecific + 3341 39 com.apple.CoreFoundation 0x90822eb5 CFRunLoopRunInMode + 61 40 com.apple.HIToolbox 0x92f02b90 RunCurrentEventLoopInMode + 285 41 com.apple.HIToolbox 0x92f02297 ReceiveNextEventCommon + 385 42 com.apple.HIToolbox 0x92f020ee BlockUntilNextEventMatchingListInMode + 81 43 com.apple.AppKit 0x933a3771 _DPSNextEvent + 576 44 com.apple.AppKit 0x933a335e -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 137 45 com.apple.Safari 0x00006f96 0x1000 + 24470 46 com.apple.AppKit 0x9339d0e3 -[NSApplication run] + 512 47 com.apple.AppKit 0x93391037 NSApplicationMain + 573 48 com.apple.Safari 0x0005f7de 0x1000 + 387038 49 com.apple.Safari 0x0005f6f9 0x1000 + 386809 Thread 1: 0 libSystem.B.dylib 0x9000a5c7 mach_msg_trap + 7 1 com.unsanity.ape 0xc0001db2 __ape_agent + 307 2 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 2: 0 libSystem.B.dylib 0x9001aafc select + 12 1 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 3: 0 libSystem.B.dylib 0x9000a5c7 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082369a CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x90822eb5 CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x9275eb4a -[NSRunLoop runMode:beforeDate:] + 182 4 com.apple.Foundation 0x9275ea46 -[NSRunLoop run] + 75 5 com.apple.WebKit 0x0037fb71 +[WebFileDatabase _syncLoop:] + 314 (WebFileDatabase.m:294) 6 com.apple.Foundation 0x927291b0 forkThreadForFunction + 123 7 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 4: 0 libSystem.B.dylib 0x9000a5c7 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082369a CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x90822eb5 CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x9275e861 +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 259 4 com.apple.Foundation 0x927291b0 forkThreadForFunction + 123 5 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 5: 0 libSystem.B.dylib 0x9000a5c7 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082369a CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x90822eb5 CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x9278595a +[NSURLCache _diskCacheSyncLoop:] + 206 4 com.apple.Foundation 0x927291b0 forkThreadForFunction + 123 5 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 6: 0 libSystem.B.dylib 0x900251a7 semaphore_wait_signal_trap + 7 1 com.apple.Foundation 0x9277f008 -[NSConditionLock lockWhenCondition:] + 39 2 com.apple.Syndication 0x9a64b052 -[AsyncDB _run:] + 181 3 com.apple.Foundation 0x927291b0 forkThreadForFunction + 123 4 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 7: 0 libSystem.B.dylib 0x9000a5c7 mach_msg_trap + 7 1 com.apple.opengl 0x932f99f0 glcDebugListener + 338 2 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 0 crashed with i386 Thread State: eax: 0x00000000 ebx: 0x018b65f2 ecx:0x01b95325 edx: 0x00000000 edi: 0x00000002 esi: 0x00000000 ebp:0xbfffdb38 esp: 0xbfffdb30 ss: 0x0000002f efl: 0x00010286 eip:0x01869905 cs: 0x00000027 ds: 0x0000002f es: 0x0000002f fs:0x00000000 gs: 0x00000037 Binary Images Description: 0x1000 - 0xdefff com.apple.Safari 2.0.4 (419.3) /Applications/Safari.app/Contents/MacOS/Safari 0x132000 - 0x132fff com.apple.SpotLightCM 1.0 (121.36) /System/Library/Contextual Menu Items/SpotlightCM.plugin/Contents/MacOS/SpotlightCM 0x305000 - 0x3ebfff com.apple.WebKit 420+ /Users/eseidel/Projects/build/Debug/WebKit.framework/Versions/A/WebKit 0x1008000 - 0x10abfff com.apple.JavaScriptCore 420+ /Users/eseidel/Projects/build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x180b000 - 0x1c7bfff com.apple.WebCore 420+ /Users/eseidel/Projects/build/Debug/WebCore.framework/Versions/A/WebCore 0x2a51d000 - 0x2a51ffff com.apple.AutomatorCMM 1.0.1 (68) /System/Library/Contextual Menu Items/AutomatorCMM.plugin/Contents/MacOS/AutomatorCMM 0x2a5c1000 - 0x2a5c3fff com.lemkesoft.GraphicConverterCMI 1.5 /Stuff/Users/eric/Library/Contextual Menu Items/GraphicConverterCMI.plugin/Contents/MacOS/GraphicConverterCMI 0x2a5ce000 - 0x2a5d2fff com.apple.FolderActionsMenu 1.3.1 /System/Library/Contextual Menu Items/FolderActionsMenu.plugin/Contents/MacOS/FolderActionsMenu 0x2a7b0000 - 0x2a7ccfff GLDriver /System/Library/Frameworks/OpenGL.framework/Versions/A/Resources/GLDriver.bundle/GLDriver 0x2a7d3000 - 0x2a7f4fff GLRendererFloat /System/Library/Frameworks/OpenGL.framework/Versions/A/Resources/GLRendererFloat.bundle/GLRendererFloat 0x2aa92000 - 0x2abd3fff GLEngine /System/Library/Frameworks/OpenGL.framework/Resources/GLEngine.bundle/GLEngine 0x2abfb000 - 0x2adc7fff com.apple.ATIRadeonX1000GLDriver 1.4.32 (4.3.2) /System/Library/Extensions/ATIRadeonX1000GLDriver.bundle/Contents/MacOS/ATIRadeonX1000GLDriver 0x8fe00000 - 0x8fe4bfff dyld 45.1 /usr/lib/dyld 0x90000000 - 0x9016efff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x901be000 - 0x901c0fff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib 0x901c2000 - 0x901fefff com.apple.CoreText 1.1.1 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90225000 - 0x902fafff ATS /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x9031a000 - 0x9076afff com.apple.CoreGraphics 1.258.33 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x90801000 - 0x908c9fff com.apple.CoreFoundation 6.4.6 (368.27) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x90907000 - 0x90907fff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x90909000 - 0x909fcfff libicucore.A.dylib /usr/lib/libicucore.A.dylib 0x90a4c000 - 0x90acbfff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90af4000 - 0x90b57fff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib 0x90bc6000 - 0x90bcdfff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib 0x90bd2000 - 0x90c42fff com.apple.framework.IOKit 1.4.4 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x90c57000 - 0x90c69fff libauto.dylib /usr/lib/libauto.dylib 0x90c6f000 - 0x90f14fff com.apple.CoreServices.CarbonCore 682.12 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x90f57000 - 0x90fbffff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x90ff7000 - 0x91035fff com.apple.CFNetwork 129.16 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x91047000 - 0x91057fff com.apple.WebServices 1.1.3 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore 0x91062000 - 0x910e0fff com.apple.SearchKit 1.0.5 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x91115000 - 0x91133fff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x9113f000 - 0x9114dfff libz.1.dylib /usr/lib/libz.1.dylib 0x91150000 - 0x91306fff com.apple.security 4.4.1 (27569) /System/Library/Frameworks/Security.framework/Versions/A/Security 0x913f5000 - 0x913fdfff com.apple.DiskArbitration 2.1 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x91404000 - 0x9142afff com.apple.SystemConfiguration 1.8.6 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x9143c000 - 0x91443fff libbsm.dylib /usr/lib/libbsm.dylib 0x91447000 - 0x914c0fff com.apple.audio.CoreAudio 3.0.4 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x9150e000 - 0x9150efff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x91510000 - 0x9153bfff com.apple.AE 314 (313) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x9154e000 - 0x91622fff com.apple.ColorSync 4.4.6 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x9165b000 - 0x916d8fff com.apple.print.framework.PrintCore 4.6 (177.13) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x91705000 - 0x917affff com.apple.QD 3.10.20 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x917d5000 - 0x91820fff com.apple.HIServices 1.5.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x9183f000 - 0x91855fff com.apple.LangAnalysis 1.6.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x91861000 - 0x9187bfff com.apple.FindByContent 1.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent 0x91885000 - 0x918c2fff com.apple.LaunchServices 180 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x918d6000 - 0x918e1fff com.apple.speech.synthesis.framework 3.4 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x918e8000 - 0x91920fff com.apple.ImageIO.framework 1.4.7 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x91932000 - 0x919e4fff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib 0x91a2a000 - 0x91a40fff libcups.2.dylib /usr/lib/libcups.2.dylib 0x91a45000 - 0x91a61fff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x91a66000 - 0x91ac4fff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x91ad4000 - 0x91ad8fff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91ada000 - 0x91b35fff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib 0x91b39000 - 0x91b76fff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91b7c000 - 0x91b96fff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91b9b000 - 0x91b9dfff libRadiance.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x91b9f000 - 0x91b9ffff com.apple.Accelerate 1.2.2 (Accelerate 1.2.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x91ba1000 - 0x91c2bfff com.apple.vImage 2.4 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91c32000 - 0x91c32fff com.apple.Accelerate.vecLib 3.2.2 (vecLib 3.2.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x91c34000 - 0x91c79fff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x91c81000 - 0x91ca6fff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x91cad000 - 0x92230fff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x9226d000 - 0x9261ffff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x9264c000 - 0x926d0fff com.apple.DesktopServices 1.3.4 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x9270c000 - 0x9293efff com.apple.Foundation 6.4.6 (567.27) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92a4a000 - 0x92b28fff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x92b45000 - 0x92c32fff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x92c42000 - 0x92c59fff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x92c64000 - 0x92cbbfff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x92ccf000 - 0x92ccffff com.apple.Carbon 10.4 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x92cd1000 - 0x92ce1fff com.apple.ImageCapture 3.0.4 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x92cef000 - 0x92cf7fff com.apple.speech.recognition.framework 3.5 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92cfd000 - 0x92d02fff com.apple.securityhi 2.0.1 (24742) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x92d08000 - 0x92d99fff com.apple.ink.framework 101.2.1 (71) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x92dad000 - 0x92db0fff com.apple.help 1.0.3 (32.1) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x92db3000 - 0x92dd0fff com.apple.openscripting 1.2.5 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x92de0000 - 0x92de6fff com.apple.print.framework.Print 5.2 (192.4) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x92dec000 - 0x92e4ffff com.apple.htmlrendering 66.1 (1.1.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x92e73000 - 0x92eb4fff com.apple.NavigationServices 3.4.4 (3.4.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x92edb000 - 0x92ee8fff com.apple.audio.SoundManager 3.9.1 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x92eef000 - 0x92ef4fff com.apple.CommonPanels 1.2.3 (73) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x92ef9000 - 0x931ebfff com.apple.HIToolbox 1.4.8 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x932f0000 - 0x932fbfff com.apple.opengl 1.4.10 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x93300000 - 0x9331bfff com.apple.DirectoryService.Framework 3.1 /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x9338a000 - 0x9338afff com.apple.Cocoa 6.4 (???) /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x9338c000 - 0x93a45fff com.apple.AppKit 6.4.7 (824.41) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x93dc6000 - 0x93e40fff com.apple.CoreData 90 /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x93e79000 - 0x93f3afff com.apple.audio.toolbox.AudioToolbox 1.4.3 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x93f7a000 - 0x93f7afff com.apple.audio.units.AudioUnit 1.4.2 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x93f7c000 - 0x9412afff com.apple.QuartzCore 1.4.8 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x94178000 - 0x941b9fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib 0x941c1000 - 0x941fbfff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x94289000 - 0x942c7fff com.apple.vmutils 4.0.2 (93.1) /System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils 0x9430b000 - 0x9431bfff com.apple.securityfoundation 2.2.1 (28150) /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x94328000 - 0x94365fff com.apple.securityinterface 2.2.1 (27695) /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x94381000 - 0x94390fff libCGATS.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x94397000 - 0x943a2fff libCSync.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x943a7000 - 0x943cbfff libPDFRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libPDFRIP.A.dylib 0x943ee000 - 0x94408fff libRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x94826000 - 0x9496ffff com.apple.AddressBook.framework 4.0.4 (485.1) /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x949fb000 - 0x94a0afff com.apple.DSObjCWrappers.Framework 1.1 /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x94a11000 - 0x94a3afff com.apple.LDAPFramework 1.4.1 (69.0.1) /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x94a40000 - 0x94a4ffff libsasl2.2.dylib /usr/lib/libsasl2.2.dylib 0x94a53000 - 0x94a77fff libssl.0.9.7.dylib /usr/lib/libssl.0.9.7.dylib 0x94a83000 - 0x94aa0fff libresolv.9.dylib /usr/lib/libresolv.9.dylib 0x9582e000 - 0x95851fff libxslt.1.dylib /usr/lib/libxslt.1.dylib 0x97075000 - 0x97130fff libGLProgrammability.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x9714a000 - 0x9714bfff libGLSystem.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLSystem.dylib 0x9714d000 - 0x97152fff com.apple.agl 2.5.9 (AGL-2.5.9) /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x9a648000 - 0x9a67ffff com.apple.Syndication 1.0.6 (54) /System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication 0x9a69b000 - 0x9a6adfff com.apple.SyndicationUI 1.0.6 (54) /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0xc0000000 - 0xc000efff com.unsanity.ape 2.0 /Library/Frameworks/ApplicationEnhancer.framework/Versions/A/ApplicationEnhancer

Attachments
First attempt (1.64 KB, patch) 2006-08-21 09:04 PDT, Rob Buis	eric: review-	Details Formatted Diff Diff
Improved patch+testcase (9.92 KB, patch) 2006-08-22 11:10 PDT, Rob Buis	eric: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Eric Seidel (no email)

Comment 1 2006-08-14 23:46:32 PDT

This SVG also crashes (on load): http://srufaculty.sru.edu/david.dailey/svg/mask.svg

Rob Buis

Comment 2 2006-08-21 09:04:31 PDT

Created attachment 10144 [details] First attempt This fixes the crash. Please let me know if a testcase is needed, and if so how it should roughly work. Cheers, Rob

Eric Seidel (no email)

Comment 3 2006-08-21 09:26:56 PDT

Comment on attachment 10144 [details] First attempt I don't really understand what's going on here without a test case. Particularly the change here confuses me: - buildGradient(m_resource); + buildGradient(const_cast<SVGGradientElement*>(this)->canvasResource()); I wonder if this is a result of us not supporting forward references yet?

Eric Seidel (no email)

Comment 4 2006-08-21 16:12:12 PDT

Comment on attachment 10144 [details] First attempt I'm marking this r- until we have a better explanation from rob as to why this fix works/why it's needed, etc. A simpler test case would be best.

Rob Buis

Comment 5 2006-08-22 11:10:21 PDT

Created attachment 10166 [details] Improved patch+testcase The testcase should make the problem clearer. The problem occurs when the gradient is referenced but never really painted, such as when it is referenced by something in <defs> like in the testcase. The old code actually expects the resource to be always built and so will crash on the testcase. The new code will execute the code fine and display a green rect. Cheers, Rob.

Eric Seidel (no email)

Comment 6 2006-08-22 11:27:23 PDT

Comment on attachment 10166 [details] Improved patch+testcase Makes sense. r=me.

Rob Buis

Comment 7 2006-08-23 09:52:39 PDT

Comment on attachment 10166 [details] Improved patch+testcase Landed in r15968.

Note You need to log in before you can comment on or make changes to this bug.