Bug 119748

Summary:

ASSERTION FAILED: resultAnimationElement->m_animatedType in WebCore::SVGAnimateElement::calculateAnimatedValue

Product:

WebKit

Reporter:

Renata Hodovan <rhodovan.u-szeged>

Component:

SVG

Assignee:

Rob Buis <rwlbuis>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, d-r, fmalita, pdr, rwlbuis, schenney, zimmermann

Priority:

Version:

528+ (Nightly build)

Hardware:

OS:

Linux

Bug Depends on:

Bug Blocks:

116980

Attachments:

Description	Flags
Test case	none
Patch	none
Patch	krit: review+

Renata Hodovan

Reported 2013-08-13 08:04:27 PDT

The failing test: <svg xmlns="http://www.w3.org/2000/svg"> <animatetransform attributename="transform" attributetype="CSS" values="0" ></animatetransform> </svg> Backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff56f5744 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 342 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff56f5744 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 #1 0x00007ffff4c56b5a in WebCore::SVGAnimateElement::calculateAnimatedValue (this=0x8d99d0, percentage=1, repeatCount=0, resultElement=0x8d99d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGAnimateElement.cpp:120 #2 0x00007ffff4c5e678 in WebCore::SVGAnimationElement::updateAnimation (this=0x8d99d0, percent=0, repeatCount=0, resultElement=0x8d99d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGAnimationElement.cpp:632 #3 0x00007ffff4c09c19 in WebCore::SVGSMILElement::progress (this=0x8d99d0, elapsed=..., resultElement=0x8d99d0, seekToTime=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/animation/SVGSMILElement.cpp:1113 #4 0x00007ffff4bffdd1 in WebCore::SMILTimeContainer::updateAnimations (this=0x8b5050, elapsed=..., seekToTime=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/animation/SMILTimeContainer.cpp:293 #5 0x00007ffff4bff2cb in WebCore::SMILTimeContainer::begin (this=0x8b5050) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/animation/SMILTimeContainer.cpp:139 #6 0x00007ffff4c24c01 in WebCore::SVGDocumentExtensions::startAnimations (this=0x8b70f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGDocumentExtensions.cpp:102 #7 0x00007ffff41b2ec6 in WebCore::Document::implicitClose (this=0x89e3a0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2453 #8 0x00007ffff45b311d in WebCore::FrameLoader::checkCallImplicitClose (this=0x7d5998) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:844 #9 0x00007ffff45b2e8e in WebCore::FrameLoader::checkCompleted (this=0x7d5998) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:787 #10 0x00007ffff45b2bc3 in WebCore::FrameLoader::finishedParsing (this=0x7d5998) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:720 #11 0x00007ffff41b9e37 in WebCore::Document::finishedParsing (this=0x89e3a0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4404 #12 0x00007ffff440b2a1 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7d3068) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:348 #13 0x00007ffff443f9c3 in WebCore::HTMLTreeBuilder::finished (this=0x7d3050) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2926 #14 0x00007ffff44129a0 in WebCore::HTMLDocumentParser::end (this=0x794b70) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:763 #15 0x00007ffff4412a8b in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x794b70) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:774 #16 0x00007ffff44115fa in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x794b70) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:211 #17 0x00007ffff4412ad0 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x794b70) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:786 #18 0x00007ffff4412b89 in WebCore::HTMLDocumentParser::finish (this=0x794b70) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:835 #19 0x00007ffff45aaa23 in WebCore::DocumentWriter::end (this=0x6942f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:248 #20 0x00007ffff459d562 in WebCore::DocumentLoader::finishedLoading (this=0x694250, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:402 #21 0x00007ffff459d2d0 in WebCore::DocumentLoader::notifyFinished (this=0x694250, resource=0x7b0020) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344 #22 0x00007ffff45845c6 in WebCore::CachedResource::checkNotify (this=0x7b0020) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369 #23 0x00007ffff458469c in WebCore::CachedResource::finishLoading (this=0x7b0020) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385 #24 0x00007ffff4580dee in WebCore::CachedRawResource::finishLoading (this=0x7b0020, data=0x7cc480) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94 #25 0x00007ffff45e73e3 in WebCore::SubresourceLoader::didFinishLoading (this=0x775d20, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:282 #26 0x00007ffff45ddccd in WebCore::ResourceLoader::didFinishLoading (this=0x775d20, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:488 #27 0x00007ffff4a87683 in WebCore::QNetworkReplyHandler::finish (this=0x7bcfd0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516 #28 0x00007ffff4a863a2 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x7bd008) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250 #29 0x00007ffff4a8609f in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x7bd008, ---Type <return> to continue, or q <return> to quit--- method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4a874c8 <WebCore::QNetworkReplyHandler::finish()>) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216 #30 0x00007ffff4a86fec in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x7cbce0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409 #31 0x00007ffff4a8997e in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x7cbce0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffcf80) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:176 #32 0x00007ffff22115cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #33 0x00007ffff221284e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #34 0x00007ffff3058dbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #35 0x00007ffff305c075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #36 0x00007ffff21ecdbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #37 0x00007ffff21eea76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #38 0x00007ffff2234333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #39 0x00007fffee3790a6 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3058 #40 g_main_context_dispatch (context=context@entry=0x6632f0) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3634 #41 0x00007fffee3793f8 in g_main_context_iterate (context=context@entry=0x6632f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3705 #42 0x00007fffee37949c in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3766 #43 0x00007ffff22344bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #44 0x00007ffff21ebd3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #45 0x00007ffff21ef120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #46 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49 #47 0x0000000000423680 in main (argc=2, argv=0x7fffffffdc58) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318

Attachments
Test case (148 bytes, text/html) 2013-08-13 08:05 PDT, Renata Hodovan	no flags	Details
Patch (7.45 KB, patch) 2013-08-13 15:18 PDT, Rob Buis	no flags	Details Formatted Diff Diff
Patch (11.22 KB, patch) 2013-08-14 08:07 PDT, Rob Buis	krit: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Renata Hodovan

Comment 1 2013-08-13 08:05:47 PDT

Created attachment 208632 [details] Test case

Rob Buis

Comment 2 2013-08-13 15:18:35 PDT

Created attachment 208683 [details] Patch

Rob Buis

Comment 3 2013-08-14 08:07:09 PDT

Created attachment 208726 [details] Patch

Dirk Schulze

Comment 4 2013-08-14 08:09:32 PDT

Comment on attachment 208726 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=208726&action=review r=me > Source/WebCore/svg/SVGAnimateTransformElement.cpp:53 > + if (attributeType() == AttributeTypeCSS) > + return false; We discussed it on IRC before and came to the conclusion that this is the better solution for now. We may do not even want to support CSS Transforms in animateTransform in the future.

Rob Buis

Comment 5 2013-08-14 08:43:17 PDT

Committed r154049: <http://trac.webkit.org/changeset/154049>

Note You need to log in before you can comment on or make changes to this bug.