Bug 119748

Summary: ASSERTION FAILED: resultAnimationElement->m_animatedType in WebCore::SVGAnimateElement::calculateAnimatedValue
Product: WebKit Reporter: Renata Hodovan <rhodovan.u-szeged>
Component: SVGAssignee: Rob Buis <rwlbuis>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, d-r, fmalita, pdr, rwlbuis, schenney, zimmermann
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test case
none
Patch
none
Patch krit: review+

Description Renata Hodovan 2013-08-13 08:04:27 PDT 
The failing test:

<svg xmlns="http://www.w3.org/2000/svg">
    <animatetransform attributename="transform" attributetype="CSS" values="0" ></animatetransform>
</svg>


Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff56f5744 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342
342	    *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff56f5744 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342
#1  0x00007ffff4c56b5a in WebCore::SVGAnimateElement::calculateAnimatedValue (this=0x8d99d0, percentage=1, repeatCount=0, resultElement=0x8d99d0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGAnimateElement.cpp:120
#2  0x00007ffff4c5e678 in WebCore::SVGAnimationElement::updateAnimation (this=0x8d99d0, percent=0, repeatCount=0, resultElement=0x8d99d0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGAnimationElement.cpp:632
#3  0x00007ffff4c09c19 in WebCore::SVGSMILElement::progress (this=0x8d99d0, elapsed=..., resultElement=0x8d99d0, seekToTime=false)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/animation/SVGSMILElement.cpp:1113
#4  0x00007ffff4bffdd1 in WebCore::SMILTimeContainer::updateAnimations (this=0x8b5050, elapsed=..., seekToTime=false)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/animation/SMILTimeContainer.cpp:293
#5  0x00007ffff4bff2cb in WebCore::SMILTimeContainer::begin (this=0x8b5050)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/animation/SMILTimeContainer.cpp:139
#6  0x00007ffff4c24c01 in WebCore::SVGDocumentExtensions::startAnimations (this=0x8b70f0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGDocumentExtensions.cpp:102
#7  0x00007ffff41b2ec6 in WebCore::Document::implicitClose (this=0x89e3a0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2453
#8  0x00007ffff45b311d in WebCore::FrameLoader::checkCallImplicitClose (this=0x7d5998)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:844
#9  0x00007ffff45b2e8e in WebCore::FrameLoader::checkCompleted (this=0x7d5998) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:787
#10 0x00007ffff45b2bc3 in WebCore::FrameLoader::finishedParsing (this=0x7d5998) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:720
#11 0x00007ffff41b9e37 in WebCore::Document::finishedParsing (this=0x89e3a0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4404
#12 0x00007ffff440b2a1 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7d3068)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:348
#13 0x00007ffff443f9c3 in WebCore::HTMLTreeBuilder::finished (this=0x7d3050)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2926
#14 0x00007ffff44129a0 in WebCore::HTMLDocumentParser::end (this=0x794b70)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:763
#15 0x00007ffff4412a8b in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x794b70)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:774
#16 0x00007ffff44115fa in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x794b70)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:211
#17 0x00007ffff4412ad0 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x794b70)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:786
#18 0x00007ffff4412b89 in WebCore::HTMLDocumentParser::finish (this=0x794b70)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:835
#19 0x00007ffff45aaa23 in WebCore::DocumentWriter::end (this=0x6942f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:248
#20 0x00007ffff459d562 in WebCore::DocumentLoader::finishedLoading (this=0x694250, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:402
#21 0x00007ffff459d2d0 in WebCore::DocumentLoader::notifyFinished (this=0x694250, resource=0x7b0020)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344
#22 0x00007ffff45845c6 in WebCore::CachedResource::checkNotify (this=0x7b0020)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369
#23 0x00007ffff458469c in WebCore::CachedResource::finishLoading (this=0x7b0020)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385
#24 0x00007ffff4580dee in WebCore::CachedRawResource::finishLoading (this=0x7b0020, data=0x7cc480)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94
#25 0x00007ffff45e73e3 in WebCore::SubresourceLoader::didFinishLoading (this=0x775d20, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:282
#26 0x00007ffff45ddccd in WebCore::ResourceLoader::didFinishLoading (this=0x775d20, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:488
#27 0x00007ffff4a87683 in WebCore::QNetworkReplyHandler::finish (this=0x7bcfd0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516
#28 0x00007ffff4a863a2 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x7bd008)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250
#29 0x00007ffff4a8609f in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x7bd008, 
---Type <return> to continue, or q <return> to quit---
    method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4a874c8 <WebCore::QNetworkReplyHandler::finish()>)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216
#30 0x00007ffff4a86fec in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x7cbce0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409
#31 0x00007ffff4a8997e in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x7cbce0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffcf80)
    at .moc/release-shared/moc_QNetworkReplyHandler.cpp:176
#32 0x00007ffff22115cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#33 0x00007ffff221284e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#34 0x00007ffff3058dbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#35 0x00007ffff305c075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#36 0x00007ffff21ecdbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#37 0x00007ffff21eea76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#38 0x00007ffff2234333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#39 0x00007fffee3790a6 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3058
#40 g_main_context_dispatch (context=context@entry=0x6632f0) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3634
#41 0x00007fffee3793f8 in g_main_context_iterate (context=context@entry=0x6632f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3705
#42 0x00007fffee37949c in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3766
#43 0x00007ffff22344bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#44 0x00007ffff21ebd3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#45 0x00007ffff21ef120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#46 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49
#47 0x0000000000423680 in main (argc=2, argv=0x7fffffffdc58) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318
Comment 1 Renata Hodovan 2013-08-13 08:05:47 PDT 
Created attachment 208632 [details]
Test case
Comment 2 Rob Buis 2013-08-13 15:18:35 PDT 
Created attachment 208683 [details]
Patch
Comment 3 Rob Buis 2013-08-14 08:07:09 PDT 
Created attachment 208726 [details]
Patch
Comment 4 Dirk Schulze 2013-08-14 08:09:32 PDT 
Comment on attachment 208726 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=208726&action=review

r=me

> Source/WebCore/svg/SVGAnimateTransformElement.cpp:53
> +    if (attributeType() == AttributeTypeCSS)
> +        return false;

We discussed it on IRC before and came to the conclusion that this is the better solution for now. We may do not even want to support CSS Transforms in animateTransform in the future.
Comment 5 Rob Buis 2013-08-14 08:43:17 PDT 
Committed r154049: <http://trac.webkit.org/changeset/154049>