Bug 12434

Summary: Removing SVG animation element during animation crashes WebKit
Product: WebKit Reporter: Eric Seidel (no email) <eric>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bdakin, jeffschiller, krit, rwlbuis, simon.fraser
Priority: P1 Keywords: InRadar
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
URL: http://www.w3.org/Graphics/SVG/Test/20061213/htmlEmbedHarness/full-animate-elem-40-t.html
Bug Depends on:    
Bug Blocks: 41761    
Attachments:
Description Flags
test case (crashes safari) none

Eric Seidel (no email)
Reported 2007-01-27 03:21:50 PST
This is similar to the bug: http://bugs.webkit.org/show_bug.cgi?id=12065 which covers removing the animation *target* during animation. This bug refers to removing the actual animation element. See the attached test case.
Attachments
test case (crashes safari) (511 bytes, image/svg+xml)
2007-01-27 03:26 PST, Eric Seidel (no email) 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Eric Seidel (no email)
Comment 1 2007-01-27 03:26:13 PST
Created attachment 12703 [details] test case (crashes safari)
Eric Seidel (no email)
Comment 2 2007-01-27 03:32:08 PST
Part of the problem is that animation notification lists are held off of the time scheduler, which is held off of the containing <svg> element. this is done because (according to the spec) each <svg> document fragment can have an independent animation timeline. (Which sorta makes sense, given the desire to build an animation editor within SVG.) So if you remove an animation element (even if it's kept alive) it will have trouble finding its <svg> element to remove itself from the notify list. The best fix is to re-work the animation notify system, as discussed in: http://bugs.webkit.org/show_bug.cgi?id=12432 But short of that, an easier fix, is to implement willRemove() and insertedIntoDocument() and add/remove the animation from the notify list on the parent <svg>. In order to support independent timelines for <svg> document fragments (as mentioned in http://bugs.webkit.org/show_bug.cgi?id=12073), we'll need to actually be careful to update the animation element if moving between <svg> document fragments (that may also affect the target of the animation, among other things, and certainly would stop the animation when removing it from one fragment before inserting it into the other).
Eric Seidel (no email)
Comment 3 2007-01-27 03:51:59 PST
I believe this bug is the cause of the crash here: http://www.w3.org/Graphics/SVG/Test/20061213/htmlEmbedHarness/full-animate-elem-40-t.html
Maciej Stachowiak
Comment 4 2007-01-29 03:53:02 PST
<rdar://problem/4960664>
Maciej Stachowiak
Comment 5 2007-02-07 01:09:03 PST
<rdar://problem/4960506>
Maciej Stachowiak
Comment 6 2007-02-26 11:46:03 PST
No longer a P1, since animation is disabled for now.
Eric Seidel (no email)
Comment 7 2007-10-18 00:31:17 PDT
Animation has been re-enabled on trunk (as part of SVG_EXPERIMENTAL_FEATURES) thus this should be bumped back to P1 according to the bug guidelines (and mjs).
Eric Seidel (no email)
Comment 8 2007-12-27 01:42:56 PST
Animation is turned off again in trunk (a good thing). This can be pushed down to a P3.
Eric Seidel (no email)
Comment 9 2008-03-26 17:09:56 PDT
Animation is back on. This goes back to p1.
Simon Fraser (smfr)
Comment 10 2009-02-12 21:35:26 PST
Related to bug 12065?
Rob Buis
Comment 11 2011-05-06 07:05:16 PDT
I can't reproduce this using a recent checkout. Cheers, Rob.
Dirk Schulze
Comment 12 2011-05-06 09:42:57 PDT
This was fixed several month ago. Forgot to close the bug.
Note You need to log in before you can comment on or make changes to this bug.