Bug 16463

Summary: http://www.croczilla.com/svg/samples/invaders/invaders.svg crashes webkit-gtk
Product: WebKit Reporter: Shreyas Srinivasan <shres>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: alp, webkit
Priority: P2 Keywords: Cairo, Gtk, PlatformOnly
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   

Description Shreyas Srinivasan 2007-12-16 07:32:35 PST 
Stack trace:

Thread 1 (Thread -1259460928 (LWP 16337)):
#0  0xb6b1c9f6 in WebCore::SVGUseElement::associateInstancesWithShadowTreeElements (this=0x826c638, target=0x826d000, targetInstance=0x826cb20)
    at ../../../WebCore/svg/SVGUseElement.cpp:697
#1  0xb6b1dd0f in WebCore::SVGUseElement::buildPendingResource (this=0x826c638) at ../../../WebCore/svg/SVGUseElement.cpp:330
#2  0xb6b1e32d in WebCore::SVGUseElement::insertedIntoDocument (this=0x826c638) at ../../../WebCore/svg/SVGUseElement.cpp:125
#3  0xb668898e in WebCore::ContainerNode::addChild (this=0x8212a50, newChild=@0xbfb7265c) at ../../../WebCore/dom/ContainerNode.cpp:577
#4  0xb66f0d22 in WebCore::XMLTokenizer::startElementNs (this=0x80bf2e8, xmlLocalName=0x80b9126 "use", xmlPrefix=0x0, 
    xmlURI=0x80b9043 "http://www.w3.org/2000/svg", nb_namespaces=0, libxmlNamespaces=0x0, nb_attributes=4, nb_defaulted=0, libxmlAttributes=0x8212898)
    at ../../../WebCore/dom/XMLTokenizer.cpp:781
#5  0xb66f0fbc in startElementNsHandler (closure=0x8208668, localname=0x80b9126 "use", prefix=0x0, uri=0x80b9043 "http://www.w3.org/2000/svg", 
    nb_namespaces=0, namespaces=0x0, nb_attributes=4, nb_defaulted=0, libxmlAttributes=0x8212898) at ../../../WebCore/dom/XMLTokenizer.cpp:1025
#6  0xb5178d6a in ?? () from /usr/lib/libxml2.so.2
#7  0x08208668 in ?? ()
#8  0x080b9126 in ?? ()
#9  0x00000000 in ?? ()
Comment 1 Eric Seidel (no email) 2007-12-16 10:24:59 PST 
Strange, none of that looks like Gtk-specific code.  A reduction would be most helpful.
Comment 2 Eric Seidel (no email) 2007-12-16 10:26:10 PST 
Oh, I should also note that inaders.svg does not crash the Mac build.  I have not tried loading it under libguardmalloc, but I expect it's OK.  bug 15352 is the only bug I've seen in invaders.svg.
Comment 3 Eric Seidel (no email) 2007-12-27 01:39:45 PST 
Perhaps Alp can confirm this.
Comment 4 Robert Blaut 2008-03-16 11:55:06 PDT 
(In reply to comment #3)
> Perhaps Alp can confirm this.
> 

Alp, are you able to reproduce the problem?
Comment 5 Alp Toker 2008-03-16 14:49:37 PDT 
(In reply to comment #4)
> (In reply to comment #3)
> > Perhaps Alp can confirm this.
> > 
> 
> Alp, are you able to reproduce the problem?
> 

I can't reproduce this. Invaders rendering is a bit glitchy but it doesn't crash.

Can anyone still repro it?
Comment 6 Marco Barisione 2008-06-20 04:18:46 PDT 
I'm not able to reproduce it, I suggest to close the bug.
Comment 7 Robert Blaut 2008-06-20 12:48:28 PDT 
Per comment #5 and comment #6 resolved as worksforme.