Bug 17058

Summary: Acid3 crashes (ASSERT) after double-attach
Product: WebKit Reporter: Eric Seidel (no email) <eric>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: mitz, zimmermann
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
URL: http://www.hixie.ch/tests/evil/acid/003/
Bug Depends on:    
Bug Blocks: 17064    
Attachments:
Description Flags
reduced test case
none
slightly more reduced test
none
Remove SVGTextPathElement::buildPendingResource to fix crash zimmermann: review+

Eric Seidel (no email)
Reported 2008-01-28 23:51:32 PST
See /usr/include/servers/bootstrap_defs.h for the error codes. ERROR: unable to initialize with font (null) at not known (/Stuff/Projects/WebKit/WebCore/platform/graphics/mac/SimpleFontDataMac.mm:147 void WebCore::SimpleFontData::platformInit()) ERROR: Corrupt font detected, using (null) in place of (null) located at "not known". (/Stuff/Projects/WebKit/WebCore/platform/graphics/mac/SimpleFontDataMac.mm:154 void WebCore::SimpleFontData::platformInit()) ERROR: failed to set up font, using system font ?kx? (/Stuff/Projects/WebKit/WebCore/platform/graphics/mac/SimpleFontDataMac.mm:161 void WebCore::SimpleFontData::platformInit()) ASSERTION FAILED: !attached() (/Stuff/Projects/WebKit/WebCore/dom/Node.cpp:803 virtual void WebCore::Node::attach()) Process: Safari [23760] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 3.0.4 (5523.10.6) Build Info: WebBrowser-55231006~1 Code Type: X86 (Native) Parent Process: perl [23757] Date/Time: 2008-01-28 23:50:09.831 -0800 OS Version: Mac OS X 10.5.1 (9B18) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x01d98333 WebCore::Node::attach() + 75 (Node.cpp:803) 1 com.apple.WebCore 0x01f70f7c WebCore::Text::attach() + 28 (Text.cpp:166) 2 com.apple.WebCore 0x01ab8af7 WebCore::ContainerNode::attach() + 63 (ContainerNode.cpp:629) 3 com.apple.WebCore 0x01b724a6 WebCore::Element::attach() + 28 (Element.cpp:682) 4 com.apple.WebCore 0x01ab8af7 WebCore::ContainerNode::attach() + 63 (ContainerNode.cpp:629) 5 com.apple.WebCore 0x01b724a6 WebCore::Element::attach() + 28 (Element.cpp:682) 6 com.apple.WebCore 0x01ab9eff WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node>, int&) + 933 (ContainerNode.cpp:547) 7 com.apple.WebCore 0x01d02dd2 WebCore::JSNode::appendChild(KJS::ExecState*, KJS::List const&) + 96 (JSNodeCustom.cpp:102) 8 com.apple.WebCore 0x01d01110 WebCore::jsNodePrototypeFunctionAppendChild(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 96 (JSNode.cpp:455) 9 com.apple.JavaScriptCore 0x0041f018 KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 34 (function.cpp:883) 10 com.apple.JavaScriptCore 0x0043bbcc KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222 (object.cpp:96) 11 com.apple.JavaScriptCore 0x004964b4 KJS::FunctionCallDotNode::inlineEvaluate(KJS::ExecState*) + 776 (nodes.cpp:1225) 12 com.apple.JavaScriptCore 0x00457a8c KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 30 (nodes.cpp:1231) 13 com.apple.JavaScriptCore 0x00449e07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 43 (nodes.cpp:3719) 14 com.apple.JavaScriptCore 0x0042accd KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&, KJS::ExecState*) + 85 (nodes.cpp:3672) 15 com.apple.JavaScriptCore 0x0042ad5a KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3698) 16 com.apple.JavaScriptCore 0x0044741e KJS::FunctionBodyNode::execute(KJS::ExecState*) + 34 (nodes.cpp:4617) 17 com.apple.JavaScriptCore 0x00436398 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 116 (function.cpp:76) 18 com.apple.JavaScriptCore 0x0043bbcc KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222 (object.cpp:96) 19 com.apple.JavaScriptCore 0x00457f54 KJS::FunctionCallBracketNode::evaluate(KJS::ExecState*) + 984 (nodes.cpp:1176) 20 com.apple.JavaScriptCore 0x0044a8fc KJS::AssignLocalVarNode::evaluate(KJS::ExecState*) + 144 (nodes.cpp:3274) 21 com.apple.JavaScriptCore 0x00449da5 KJS::VarStatementNode::execute(KJS::ExecState*) + 43 (nodes.cpp:3736) 22 com.apple.JavaScriptCore 0x0042accd KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&, KJS::ExecState*) + 85 (nodes.cpp:3672) 23 com.apple.JavaScriptCore 0x0042ad5a KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3698) 24 com.apple.JavaScriptCore 0x00447623 KJS::TryNode::execute(KJS::ExecState*) + 43 (nodes.cpp:4289) 25 com.apple.JavaScriptCore 0x0042accd KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&, KJS::ExecState*) + 85 (nodes.cpp:3672) 26 com.apple.JavaScriptCore 0x0042ad5a KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3698) 27 com.apple.JavaScriptCore 0x00449cbd KJS::IfElseNode::execute(KJS::ExecState*) + 113 (nodes.cpp:3773) 28 com.apple.JavaScriptCore 0x0042accd KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&, KJS::ExecState*) + 85 (nodes.cpp:3672) 29 com.apple.JavaScriptCore 0x0042ad5a KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3698) 30 com.apple.JavaScriptCore 0x0044741e KJS::FunctionBodyNode::execute(KJS::ExecState*) + 34 (nodes.cpp:4617) 31 com.apple.JavaScriptCore 0x00436398 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 116 (function.cpp:76) 32 com.apple.JavaScriptCore 0x0043bbcc KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222 (object.cpp:96) 33 com.apple.WebCore 0x01f4ff55 WebCore::ScheduledAction::execute(KJS::Window*) + 467 (ScheduledAction.cpp:76) 34 com.apple.WebCore 0x01ff10ec KJS::Window::timerFired(KJS::DOMWindowTimer*) + 424 (kjs_window.cpp:1355) 35 com.apple.WebCore 0x01ff1160 KJS::DOMWindowTimer::fired() + 48 (kjs_window.cpp:1392) 36 com.apple.WebCore 0x01f88734 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, 0ul> const&) + 198 (Timer.cpp:339) 37 com.apple.WebCore 0x01f887dc WebCore::TimerBase::sharedTimerFired() + 110 (Timer.cpp:359) 38 com.apple.WebCore 0x01f62030 WebCore::timerFired(__CFRunLoopTimer*, void*) + 78 (SharedTimerMac.cpp:85) 39 com.apple.CoreFoundation 0x935c1b7e CFRunLoopRunSpecific + 4494 40 com.apple.CoreFoundation 0x935c1d38 CFRunLoopRunInMode + 88 41 com.apple.HIToolbox 0x900348a4 RunCurrentEventLoopInMode + 283 42 com.apple.HIToolbox 0x900346bd ReceiveNextEventCommon + 374 43 com.apple.HIToolbox 0x90034531 BlockUntilNextEventMatchingListInMode + 106 44 com.apple.AppKit 0x952ced5b _DPSNextEvent + 657 45 com.apple.AppKit 0x952ce6a0 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 46 com.apple.Safari 0x00009d4e 0x1000 + 36174 47 com.apple.AppKit 0x952c76d1 -[NSApplication run] + 795 48 com.apple.AppKit 0x952949ba NSApplicationMain + 574 49 com.apple.Safari 0x00002876 0x1000 + 6262 Thread 1: 0 libSystem.B.dylib 0x922a9ace __semwait_signal + 10 1 libSystem.B.dylib 0x922d3ced pthread_cond_wait$UNIX2003 + 73 2 com.apple.WebCore 0x01f852bf WebCore::ThreadCondition::wait(WebCore::Mutex&) + 39 (ThreadingPthreads.cpp:184) 3 com.apple.WebCore 0x01c5417b WebCore::IconDatabase::syncThreadMainLoop() + 641 (IconDatabase.cpp:1313) 4 com.apple.WebCore 0x01c55996 WebCore::IconDatabase::iconDatabaseSyncThread() + 1198 (IconDatabase.cpp:1015) 5 com.apple.WebCore 0x01c559c5 WebCore::IconDatabase::iconDatabaseSyncThreadStart(void*) + 23 (IconDatabase.cpp:919) 6 libSystem.B.dylib 0x922d3075 _pthread_start + 321 7 libSystem.B.dylib 0x922d2f32 thread_start + 34 Thread 2: 0 libSystem.B.dylib 0x922f1f5a select$DARWIN_EXTSN + 10 1 libSystem.B.dylib 0x922d3075 _pthread_start + 321 2 libSystem.B.dylib 0x922d2f32 thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x922a28e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x922aa0dc mach_msg + 72 2 com.apple.CoreFoundation 0x935c10fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x935c1d38 CFRunLoopRunInMode + 88 4 com.apple.CFNetwork 0x938487ba CFURLCacheWorkerThread(void*) + 396 5 libSystem.B.dylib 0x922d3075 _pthread_start + 321 6 libSystem.B.dylib 0x922d2f32 thread_start + 34 Thread 4: 0 libSystem.B.dylib 0x922a28e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x922aa0dc mach_msg + 72 2 com.apple.CoreFoundation 0x935c10fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x935c1d38 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x94e27560 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 320 5 com.apple.Foundation 0x94dc404d -[NSThread main] + 45 6 com.apple.Foundation 0x94dc3bf4 __NSThread__main__ + 308 7 libSystem.B.dylib 0x922d3075 _pthread_start + 321 8 libSystem.B.dylib 0x922d2f32 thread_start + 34 Thread 5: 0 libSystem.B.dylib 0x922a28e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x922aa0dc mach_msg + 72 2 com.apple.CoreFoundation 0x935c10fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x935c1d38 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x94df85b5 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 213 5 com.apple.Foundation 0x94e046d4 -[NSRunLoop(NSRunLoop) run] + 84 6 com.apple.Safari 0x0004edd0 0x1000 + 318928 7 com.apple.Foundation 0x94dc404d -[NSThread main] + 45 8 com.apple.Foundation 0x94dc3bf4 __NSThread__main__ + 308 9 libSystem.B.dylib 0x922d3075 _pthread_start + 321 10 libSystem.B.dylib 0x922d2f32 thread_start + 34 Thread 0 crashed with X86 Thread State (32-bit): eax: 0xbbadbeef ebx: 0x01d982f4 ecx: 0x00000000 edx: 0x00000000 edi: 0x01ab9b5a esi: 0x19e3b400 ebp: 0xbfffd958 esp: 0xbfffd920 ss: 0x0000001f efl: 0x00010286 eip: 0x01d98333 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0xbbadbeef Binary Images: 0x1000 - 0x12efef com.apple.Safari 3.0.4 (5523.10.6) <53d219fd878088543fd2e1af460bed18> /Applications/Safari.app/Contents/MacOS/Safari 0x176000 - 0x276fe3 com.apple.WebKit 525.7+ (525.7+) <bce01ac153df95931e1e297ebe71943b> /Stuff/Projects/build/Debug/WebKit.framework/Versions/A/WebKit 0x400000 - 0x40eff8 SyndicationUI ??? (???) <8adc35e1eb5001dead3c18ee25f2e8db> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0x41d000 - 0x4e9fe7 com.apple.JavaScriptCore 525.7+ (525.7+) <6efb2b305cbdc7c65e48c136adf87ff6> /Stuff/Projects/build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x6af000 - 0x6b1fff +net.culater.SIMBL 0.8.2 (8) /Library/InputManagers/SIMBL/SIMBL.bundle/Contents/MacOS/SIMBL 0x1a04000 - 0x22ccff2 com.apple.WebCore 525.7+ (525.7+) <cb3bdc82e311855139a77de358b59b62> /Stuff/Projects/build/Debug/WebCore.framework/Versions/A/WebCore 0x3408000 - 0x34eeff7 com.apple.RawCamera.bundle 2.0 (2.0) /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x37c4000 - 0x37c9fff com.apple.DictionaryServiceComponent 1.1 (1.1) <8edc1180f52db18e9ddfb4e95debe61b> /System/Library/Components/DictionaryService.component/Contents/MacOS/DictionaryService 0x37db000 - 0x37e0ff3 libCGXCoreImage.A.dylib ??? (???) <978986709159e5fe9e094df5efddac1d> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib 0x18f8d000 - 0x18f8dffe com.apple.JavaPluginCocoa 12.0.0 (12.0.0) <02a9f23a8bfc902c32ac0adfb66d6816> /Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/MacOS/JavaPluginCocoa 0x196e2000 - 0x1974ffff +com.DivXInc.DivXDecoder 6.6.0 (6.6.0) /Library/QuickTime/DivX Decoder.component/Contents/MacOS/DivX Decoder 0x19829000 - 0x1982aff3 ATSHI.dylib ??? (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/ATSHI.dylib 0x198db000 - 0x198e2ffd com.apple.JavaVM 12.0.0 (12.0.0) <44b9536fe4d7c7fcb3506adb695a180f> /System/Library/Frameworks/JavaVM.framework/Versions/A/JavaVM 0x8fe00000 - 0x8fe2d883 dyld 95.3 (???) <81592e798780564b5d46b988f7ee1a6a> /usr/lib/dyld 0x90003000 - 0x90004fef libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib 0x90005000 - 0x9030bfff com.apple.HIToolbox 1.5.0 (???) <1b872a7151ee3f80c9c736a3e46d00d9> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x9035a000 - 0x9035efff libGIF.dylib ??? (???) <d4234e6f5e5f530bdafb969157f1f17b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x9035f000 - 0x9035fffd com.apple.Accelerate 1.4 (Accelerate 1.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x90392000 - 0x903d1fef libTIFF.dylib ??? (???) <6d0f80e9d4d81f3f64c876aca005bd53> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x90660000 - 0x90676fff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x90677000 - 0x906b1ff7 com.apple.coreui 0.1 (60) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x906b2000 - 0x906b3ffc libffi.dylib ??? (???) <a3b573eb950ca583290f7b2b4c486d09> /usr/lib/libffi.dylib 0x906b4000 - 0x906b4ffd com.apple.Accelerate.vecLib 3.4 (vecLib 3.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x906b5000 - 0x9070fff7 com.apple.CoreText 2.0.0 (???) <7fa39cd5bc847615ec02e7c7a37c0508> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90727000 - 0x90729fff com.apple.securityhi 3.0 (30817) <2b2854123fed609d1820d2779e2e0963> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x9072a000 - 0x90734feb com.apple.audio.SoundManager 3.9.2 (3.9.2) <0f2ba6e891d3761212cf5a5e6134d683> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x90735000 - 0x90737fff com.apple.CrashReporterSupport 10.5.0 (156) <3088b785b10d03504ed02f3fee5d3aab> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x90898000 - 0x90ca8fef libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x90ca9000 - 0x90d50fff com.apple.QD 3.11.50 (???) <e2f71720ae1dad06a8883ac80775b21a> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x90d51000 - 0x90d87fef libtidy.A.dylib ??? (???) <e4d3e7399fb83d7f145f9b4ec8196242> /usr/lib/libtidy.A.dylib 0x90d88000 - 0x90dacfeb libssl.0.9.7.dylib ??? (???) <acee7fc534674498dcac211318aa23e8> /usr/lib/libssl.0.9.7.dylib 0x90dfa000 - 0x90e4aff7 com.apple.HIServices 1.6.0 (???) <d74aa73e4cfd30a08fb169198a8d2539> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x90e4b000 - 0x90e69ff3 com.apple.DirectoryService.Framework 3.5 (3.5) <899d8c9ee31b004a6ff73dab88982b1a> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x90f43000 - 0x90fb7fef libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x90fb8000 - 0x910dcfe3 com.apple.audio.toolbox.AudioToolbox 1.5 (1.5) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x910dd000 - 0x910e4fff com.apple.agl 3.0.9 (AGL-3.0.9) <7dac4a7cb0de2f6d08ae71c1249379e3> /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x910e5000 - 0x910e5ffd com.apple.vecLib 3.4 (vecLib 3.4) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x9112d000 - 0x92076fea com.apple.QuickTimeComponents.component 7.4 (92) /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTimeComponents 0x92077000 - 0x9207efe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib 0x9207f000 - 0x920a6fff libcups.2.dylib ??? (???) <5521498e8902ddd0b15cfaa7db384e29> /usr/lib/libcups.2.dylib 0x920a7000 - 0x920ecfef com.apple.Metadata 10.5.0 (398) <4fd74fba0062c2e08ec4b1c10b40ff63> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x920ed000 - 0x9217fff3 com.apple.ApplicationServices.ATS 3.0 (???) <fb5f572243dbc370a0ea5efc8e81ae11> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x92180000 - 0x9218bfe7 libCSync.A.dylib ??? (???) <df82fc093e498a9eb5490761cb292218> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x922a2000 - 0x923fcfe3 libSystem.B.dylib ??? (???) <8ecc83dc0399be3946f7a46e88cf4bbb> /usr/lib/libSystem.B.dylib 0x923fd000 - 0x92484ff7 libsqlite3.0.dylib ??? (???) <273efcb717e89c21207c851d7d33fda4> /usr/lib/libsqlite3.0.dylib 0x92485000 - 0x92537ffb libcrypto.0.9.7.dylib ??? (???) <330b0e48e67faffc8c22dfc069ca7a47> /usr/lib/libcrypto.0.9.7.dylib 0x92538000 - 0x9253fffe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib 0x92540000 - 0x92547ff7 libCGATS.A.dylib ??? (???) <9b29a5500efe01cc3adea67bbc42568e> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x92548000 - 0x92906fea libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x92907000 - 0x92944ff7 libGLImage.dylib ??? (???) <202d73e6a4688fc06ff11b71910c2ce7> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x92bae000 - 0x92e87fe7 com.apple.CoreServices.CarbonCore 783 (783) <8370e664eeb25edc98d5c1f5405b06ae> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x92e88000 - 0x92eacfff libxslt.1.dylib ??? (???) <4933ddc7f6618743197aadc85b33b5ab> /usr/lib/libxslt.1.dylib 0x92ead000 - 0x92eb6fff com.apple.speech.recognition.framework 3.7.24 (3.7.24) <d3180f9edbd9a5e6f283d6156aa3c602> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92eb7000 - 0x9354efef com.apple.CoreGraphics 1.351.0 (???) <7a6f399039eed6dbe845c169f7d21a70> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x9354f000 - 0x93681fe7 com.apple.CoreFoundation 6.5 (476) <8bfebc0dbad6fc33bea0fa00a1b9ec37> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x93682000 - 0x93692fff com.apple.speech.synthesis.framework 3.6.59 (3.6.59) <4ffef145fad3d4d787e0c33eab26b336> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x93693000 - 0x9369bfff com.apple.DiskArbitration 2.2 (2.2) <1551b2af557fdf6f368f93e093933852> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x9369c000 - 0x9372ffff com.apple.ink.framework 101.3 (86) <bf3fa8927b4b8baae92381a976fd2079> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x93730000 - 0x937f7ff2 com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x9383d000 - 0x938b4fe3 com.apple.CFNetwork 220 (221) <972a41911805859205b057a6f5b91e8d> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x9395f000 - 0x93973ff3 com.apple.ImageCapture 4.0 (5.0.0) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x93974000 - 0x93977fff com.apple.help 1.1 (36) <b507b08e484cb89033e9cf23062d77de> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x93978000 - 0x93978ff8 com.apple.Cocoa 6.5 (???) <e064f94d969ce25cb7de3cfb980c3249> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x93979000 - 0x9397bff5 libRadiance.dylib ??? (???) <20eadb285da83df96c795c2c5fa20590> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x9397c000 - 0x93a60ffb com.apple.CoreData 100 (185) <a4e63784275e25e62f57e75e0af0b94d> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x93a61000 - 0x93ae0ff5 com.apple.SearchKit 1.2.0 (1.2.0) <277b460da86bc222785159fe77e2e2ed> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x93ae1000 - 0x93b5bff8 com.apple.print.framework.PrintCore 5.5 (245) <9441d178f4b430cf92b67bf346646693> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x93b5c000 - 0x93bd8feb com.apple.audio.CoreAudio 3.1.0 (3.1) <70bb7c657061631491029a61babe0b26> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x93bd9000 - 0x93bd9ff8 com.apple.ApplicationServices 34 (34) <8f910fa65f01d401ad8d04cc933cf887> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x93bda000 - 0x93c04fef libauto.dylib ??? (???) <d468bc4a8a69343f1748c293db1b57fb> /usr/lib/libauto.dylib 0x93c05000 - 0x93dcefef com.apple.security 5.0.1 (32736) <8c9eda0fcc1d8a571543025ac900715f> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x93dcf000 - 0x93dcfffb com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallServer 0x93dd0000 - 0x93e29fff libGLU.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x93e55000 - 0x93e63ffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x93f2c000 - 0x93fb8ff7 com.apple.LaunchServices 286 (286) <72b15e7a01e42d510f0339e90113d5d6> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x93fb9000 - 0x94098fff libobjc.A.dylib ??? (???) <5eda47fec2d0e7853b3506aa1fd2dafa> /usr/lib/libobjc.A.dylib 0x945b0000 - 0x945f1fe7 libRIP.A.dylib ??? (???) <bdc6d70bf4ed3dace321b4ff76a353b3> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x945f2000 - 0x94770fff com.apple.AddressBook.framework 4.1 (687) <3f005092d08e963eabe8f7f66c09cc1e> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x94771000 - 0x94777fff com.apple.print.framework.Print 218 (220) <c35172175abbe554ddadd9b6401351fa> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x94778000 - 0x94778ffc com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x94779000 - 0x947d5ff7 com.apple.htmlrendering 68 (1.1.3) <fe87a9dede38db00e6c8949942c6bd4f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x94846000 - 0x94bdcff7 com.apple.QuartzCore 1.5.1 (1.5.1) <deb61cbeb3f734a1b2f4669f6268b9de> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x94c4a000 - 0x94c68fff libresolv.9.dylib ??? (???) <54e6a08c2f108bdf5916fb483d51961b> /usr/lib/libresolv.9.dylib 0x94c69000 - 0x94d19fff edu.mit.Kerberos 6.0.11 (6.0.11) <33c25789baedcd70a7e24881775dd9ad> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x94d1a000 - 0x94d49fe3 com.apple.AE 402 (402) <994ba8e884aefe7bf1fc5987df099e7b> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x94d4a000 - 0x94d5affc com.apple.LangAnalysis 1.6.4 (1.6.4) <cbeb17ab39f28351fe2ab5b82bf465bc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x94d8c000 - 0x94db9feb libvDSP.dylib ??? (???) <a26683d121ee0f96df9a9d0bfca36049> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x94dba000 - 0x95033fe7 com.apple.Foundation 6.5.1 (677.1) <85ac18c7cd454378db6122bea0c00965> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x95034000 - 0x95135fff com.apple.PubSub 1.0.1 (59) /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub 0x95148000 - 0x9528dff7 com.apple.ImageIO.framework 2.0.0 (2.0.0) <154d4d8cda2bd99518cbabc9f2d69833> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x9528e000 - 0x95a88fef com.apple.AppKit 6.5 (949) <f8d0f6d0bb5ac092f48f42ca684bdb54> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x95a89000 - 0x95a94ff9 com.apple.helpdata 1.0 (14) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData 0x95a95000 - 0x95aa4ffe com.apple.DSObjCWrappers.Framework 1.2 (1.2) <f5b58d1d3a855a63d493ccbec417a1e9> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x95b9a000 - 0x95b9ffff com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup 0x95c10000 - 0x95cc6fe3 com.apple.CoreServices.OSServices 210.2 (210.2) <4ed69f07fc0f211ab32d1ee96e281fc2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x95cc7000 - 0x95d24ffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib 0x95d25000 - 0x95d3bfe7 com.apple.CoreVideo 1.5.0 (1.5.0) <7e010557527a0e6d49147c297d16850a> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x95d3c000 - 0x95ddafef com.apple.QuickTimeImporters.component 7.4 (92) /System/Library/QuickTime/QuickTimeImporters.component/Contents/MacOS/QuickTimeImporters 0x95ddb000 - 0x95de8fe7 com.apple.opengl 1.5.5 (1.5.5) <aa08b52d2a84b44dc6ee5d544a53fe8a> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x95dea000 - 0x95e2cfef com.apple.NavigationServices 3.5.1 (161) <cc6bd78eabf1e2e7166914e9f12f5850> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x95fe9000 - 0x96098fff com.apple.DesktopServices 1.4.3 (1.4.3) <66d5ed56111c43d234e235d365d02469> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x960db000 - 0x960e0fff com.apple.CommonPanels 1.2.4 (85) <ea0665f57cd267609466ed8b2b20e893> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x960f9000 - 0x96121ff7 com.apple.shortcut 1 (1.0) <057783867138902b52bc0941fedb74d1> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut 0x96127000 - 0x9613ffff com.apple.openscripting 1.2.6 (???) <b8e553df643f2aec68fa968b3b459b2b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x96140000 - 0x9615bffb libPng.dylib ??? (???) <b6abcac36ec7654ff3e1cfa786b0117b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x96170000 - 0x961bafe1 com.apple.securityinterface 3.0 (32532) <f521dae416ce7a3bdd594b0d4e2fb517> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x961bb000 - 0x961bbfff com.apple.Carbon 136 (136) <98a5e3bc0c4fa44bbb09713bb88707fe> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x961bc000 - 0x961bcffa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x96279000 - 0x96303fff com.apple.framework.IOKit 1.5.1 (???) <5176a7383151a19c962334009fef2c6d> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x96304000 - 0x96336fff com.apple.LDAPFramework 1.4.3 (106) <3a5c9df6032143cd6bc2658a9d328d8e> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x96337000 - 0x96343ff5 libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x96344000 - 0x9647cff7 libicucore.A.dylib ??? (???) <afcea652ff2ec36885b2c81c57d06d4c> /usr/lib/libicucore.A.dylib 0x9647d000 - 0x96548fff com.apple.ColorSync 4.5.0 (4.5.0) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x96549000 - 0x9685dfe2 com.apple.QuickTime 7.4.0 (92) <0d674546d12c65dc5c33dca4c81c315b> /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x9685f000 - 0x96898ffe com.apple.securityfoundation 3.0 (32768) <1e9885d63ced51f81bc1f39af624637d> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x96899000 - 0x968b8ffa libJPEG.dylib ??? (???) <0cfb80109d624beb9ceb3c43b6c5ec10> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x968b9000 - 0x968effff com.apple.SystemConfiguration 1.9.0 (1.9.0) <7919d9588c3b0d556646e555b7193f1f> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x968f0000 - 0x96dbcffe libGLProgrammability.dylib ??? (???) <e8bc0af671427cf2b6279a035805a086> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x96dbd000 - 0x96dccfff libsasl2.2.dylib ??? (???) <b9e1ca0b6612e280b6cbea6df0eec5f6> /usr/lib/libsasl2.2.dylib 0x96dcd000 - 0x96eaeff7 libxml2.2.dylib ??? (???) <450ec38b57fb46013847cce851001a2f> /usr/lib/libxml2.2.dylib 0x96eaf000 - 0x96f14ffb com.apple.ISSupport 1.6 (34) /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport 0xba900000 - 0xba916fff libJapaneseConverter.dylib ??? (???) <7b0248c392848338f5d6ed093313eeef> /System/Library/CoreServices/Encodings/libJapaneseConverter.dylib 0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib
Attachments
reduced test case (2.10 KB, image/svg+xml)
2008-01-29 11:55 PST, Eric Seidel (no email) 		no flags
Details
slightly more reduced test (524 bytes, image/svg+xml)
2008-01-29 12:03 PST, Eric Seidel (no email) 		no flags
Details
Remove SVGTextPathElement::buildPendingResource to fix crash (3.60 KB, patch)
2008-01-29 14:11 PST, Eric Seidel (no email) 		zimmermann: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Eric Seidel (no email)
Comment 1 2008-01-29 00:41:18 PST
This only crashes when I load Acid3 from Hixie's website. Suggesting that this crash is dependent on some sub-resource.
Eric Seidel (no email)
Comment 2 2008-01-29 11:55:39 PST
Created attachment 18766 [details] reduced test case Ha! I totally stumbled upon this reduction by accident.
Eric Seidel (no email)
Comment 3 2008-01-29 12:03:16 PST
Created attachment 18767 [details] slightly more reduced test
Eric Seidel (no email)
Comment 4 2008-01-29 12:29:58 PST
I think this is the culprit: void SVGTextPathElement::buildPendingResource() { // FIXME: Real logic here! if (attached()) detach(); ASSERT(!attached()); attach(); } I'm not quite sure how we get a document inserted event, followed by another appendChild, since the document insertion and final append child should be the same line of code.
Eric Seidel (no email)
Comment 5 2008-01-29 12:41:33 PST
The double attach callstacks: $19 = (class WebCore::Text * const) 0x1aa15f50 #0 WebCore::Text::attach (this=0x1aa15f50) at /Stuff/Projects/WebKit/WebCore/dom/Text.cpp:164 #1 0x01ab9713 in WebCore::ContainerNode::attach (this=0x1aa16910) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:630 #2 0x01b731a2 in WebCore::Element::attach (this=0x1aa16910) at /Stuff/Projects/WebKit/WebCore/dom/Element.cpp:681 #3 0x01f3c0f8 in WebCore::SVGTextPathElement::buildPendingResource (this=0x1aa16910) at /Stuff/Projects/WebKit/WebCore/svg/SVGTextPathElement.cpp:113 #4 0x01f3d60d in WebCore::SVGTextPathElement::insertedIntoDocument (this=0x1aa16910) at /Stuff/Projects/WebKit/WebCore/svg/SVGTextPathElement.cpp:103 #5 0x01ab8836 in WebCore::ContainerNode::insertedIntoDocument (this=0x1aa13f00) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:649 #6 0x01b70836 in WebCore::Element::insertedIntoDocument (this=0x1aa13f00) at /Stuff/Projects/WebKit/WebCore/dom/Element.cpp:652 #7 0x01ead7cb in WebCore::SVGElement::insertedIntoDocument (this=0x1aa13f00) at /Stuff/Projects/WebKit/WebCore/svg/SVGElement.cpp:193 #8 0x01aba3ac in dispatchChildInsertionEvents (child=0x1aa13f00, ec=@0xbfffda64) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:914 #9 0x01abaaa3 in WebCore::ContainerNode::appendChild (this=0x18a3e730, newChild=@0xbfffda68, ec=@0xbfffda64) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:541 #10 0x01d03c9a in WebCore::JSNode::appendChild (this=0x1a9a0ec0, exec=0xbfffdcf4, args=@0xbfffdb50) at /Stuff/Projects/WebKit/WebCore/bindings/js/JSNodeCustom.cpp:102 #11 0x01d01fd8 in WebCore::jsNodePrototypeFunctionAppendChild (exec=0xbfffdcf4, thisObj=0x1a9a0ec0, args=@0xbfffdb50) at /Stuff/Projects/build/Debug/DerivedSources/WebCore/JSNode.cpp:455 #12 0x0041f018 in KJS::PrototypeFunction::callAsFunction (this=0x1a9a0de0, exec=0xbfffdcf4, thisObj=0x1a9a0ec0, args=@0xbfffdb50) at function.cpp:882 #13 0x0043bbcc in KJS::JSObject::call (this=0x1a9a0de0, exec=0xbfffdcf4, thisObj=0x1a9a0ec0, args=@0xbfffdb50) at object.cpp:96 #14 0x004964b4 in KJS::FunctionCallDotNode::inlineEvaluate (this=0x1aa12090, exec=0xbfffdcf4) at nodes.cpp:1225 #15 0x00457a8c in KJS::FunctionCallDotNode::evaluate (this=0x1aa12090, exec=0xbfffdcf4) at nodes.cpp:1230 #16 0x00449e07 in KJS::ExprStatementNode::execute (this=0x1aa120b0, exec=0xbfffdcf4) at nodes.cpp:3719 #17 0x0042accd in statementListExecute (statements=@0x1aa15de0, exec=0xbfffdcf4) at nodes.cpp:3672 #18 0x0042ad5a in KJS::BlockNode::execute (this=0x1aa15dd0, exec=0xbfffdcf4) at nodes.cpp:3697 #19 0x004475f6 in KJS::ProgramNode::execute (this=0x1aa15dd0, exec=0xbfffdcf4) at nodes.cpp:4604 #20 0x00464d58 in KJS::Interpreter::evaluate (exec=0x3a06320, sourceURL=@0xbfffde2c, startingLineNumber=2, code=0x3a0b800, codeLength=415, thisV=0x1a9a0000) at interpreter.cpp:123 #21 0x01fef603 in WebCore::KJSProxy::evaluate (this=0x1a1dca40, filename=@0xbfffdeec, baseLine=2, str=@0xbfffdedc) at /Stuff/Projects/WebKit/WebCore/bindings/js/kjs_proxy.cpp:87 #22 0x01bc4222 in WebCore::FrameLoader::executeScript (this=0x38b1000, url=@0xbfffdeec, baseLine=2, script=@0xbfffdedc) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:790 #23 0x01fb6e7b in WebCore::XMLTokenizer::endElementNs (this=0x18a3c050) at /Stuff/Projects/WebKit/WebCore/dom/XMLTokenizer.cpp:847 #24 0x01fb6f10 in endElementNsHandler (closure=0x18a4c900, localname=0x38c386c "script", prefix=0x0, uri=0x38c3847 "http://www.w3.org/2000/svg") at /Stuff/Projects/WebKit/WebCore/dom/XMLTokenizer.cpp:1032 #25 0x96dfb226 in xmlParseAttributeType () #26 0x96dd87ed in xmlParseChunk () #27 0x01fb3bef in WebCore::XMLTokenizer::write (this=0x18a3c050, s=@0xbfffe144) at /Stuff/Projects/WebKit/WebCore/dom/XMLTokenizer.cpp:623 #28 0x01bb873e in WebCore::FrameLoader::write (this=0x38b1000, str=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., len=524, flush=false) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:1028 #29 0x01bb8872 in WebCore::FrameLoader::addData (this=0x38b1000, bytes=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:1776 #30 0x01f9db88 in -[WebCoreFrameBridge addData:] (self=0x14c0a8e0, _cmd=0x227f923, data=0x14cad150) at /Stuff/Projects/WebKit/WebCore/page/mac/WebCoreFrameBridge.mm:295 #31 0x01fa2b4e in -[WebCoreFrameBridge receivedData:textEncodingName:] (self=0x14c0a8e0, _cmd=0x25568c, data=0x14cad150, textEncodingName=0x0) at /Stuff/Projects/WebKit/WebCore/page/mac/WebCoreFrameBridge.mm:1239 #32 0x001be2b6 in -[WebHTMLRepresentation receivedData:withDataSource:] (self=0x18a31b60, _cmd=0x25579a, data=0x14cad150, dataSource=0x18ade190) at /Stuff/Projects/WebKit/WebKit/mac/WebView/WebHTMLRepresentation.mm:173 #33 0x0019b342 in -[WebDataSource(WebInternal) _receivedData:] (self=0x18ade190, _cmd=0x23ae9d, data=0x14cad150) at /Stuff/Projects/WebKit/WebKit/mac/WebView/WebDataSource.mm:214 #34 0x001b1806 in WebFrameLoaderClient::committedLoad (this=0x14c19360, loader=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm:700 #35 0x01bb399f in WebCore::FrameLoader::committedLoad (this=0x38b1000, loader=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:3260 #36 0x01b57ce3 in WebCore::DocumentLoader::commitLoad (this=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/DocumentLoader.cpp:353 #37 0x01b57f02 in WebCore::DocumentLoader::receivedData (this=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/DocumentLoader.cpp:365 #38 0x01bb30a7 in WebCore::FrameLoader::receivedData (this=0x38b1000, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:2223 #39 0x01d8700a in WebCore::MainResourceLoader::addData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, allAtOnce=false) at /Stuff/Projects/WebKit/WebCore/loader/MainResourceLoader.cpp:138 #40 0x01e7e9a1 in WebCore::ResourceLoader::didReceiveData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, lengthReceived=524, allAtOnce=false) at /Stuff/Projects/WebKit/WebCore/loader/ResourceLoader.cpp:236 #41 0x01d87342 in WebCore::MainResourceLoader::didReceiveData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, lengthReceived=524, allAtOnce=false) at /Stuff/Projects/WebKit/WebCore/loader/MainResourceLoader.cpp:299 #42 0x01e7e578 in WebCore::ResourceLoader::didReceiveData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, lengthReceived=524) at /Stuff/Projects/WebKit/WebCore/loader/ResourceLoader.cpp:367 #43 0x01e7bdbd in -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] (self=0x18af43d0, _cmd=0x9407832c, con=0x18af4630, data=0x3996c00, lengthReceived=524) at /Stuff/Projects/WebKit/WebCore/platform/network/mac/ResourceHandleMac.mm:434 #44 0x94e28e57 in -[NSURLConnection(NSURLConnectionReallyInternal) sendDidReceiveData:originalLength:] () #45 0x94e28dbe in _NSURLConnectionDidReceiveData () #46 0x93850153 in sendDidReceiveDataCallback () #47 0x9384d807 in _CFURLConnectionSendCallbacks () #48 0x9384d1db in muxerSourcePerform () #49 0x935c164e in CFRunLoopRunSpecific () #50 0x935c1d38 in CFRunLoopRunInMode () #51 0x900348a4 in RunCurrentEventLoopInMode () #52 0x900345f6 in ReceiveNextEventCommon () #53 0x90034531 in BlockUntilNextEventMatchingListInMode () #54 0x952ced5b in _DPSNextEvent () #55 0x952ce6a0 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #56 0x00009d4e in ?? () #57 0x952c76d1 in -[NSApplication run] () #58 0x952949ba in NSApplicationMain () #59 0x00002876 in ?? () (gdb) continue $20 = (class WebCore::Text * const) 0x1aa15f50 #0 WebCore::Text::attach (this=0x1aa15f50) at /Stuff/Projects/WebKit/WebCore/dom/Text.cpp:164 #1 0x01ab9713 in WebCore::ContainerNode::attach (this=0x1aa16910) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:630 #2 0x01b731a2 in WebCore::Element::attach (this=0x1aa16910) at /Stuff/Projects/WebKit/WebCore/dom/Element.cpp:681 #3 0x01ab9713 in WebCore::ContainerNode::attach (this=0x1aa13f00) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:630 #4 0x01b731a2 in WebCore::Element::attach (this=0x1aa13f00) at /Stuff/Projects/WebKit/WebCore/dom/Element.cpp:681 #5 0x01abab1b in WebCore::ContainerNode::appendChild (this=0x18a3e730, newChild=@0xbfffda68, ec=@0xbfffda64) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:545 #6 0x01d03c9a in WebCore::JSNode::appendChild (this=0x1a9a0ec0, exec=0xbfffdcf4, args=@0xbfffdb50) at /Stuff/Projects/WebKit/WebCore/bindings/js/JSNodeCustom.cpp:102 #7 0x01d01fd8 in WebCore::jsNodePrototypeFunctionAppendChild (exec=0xbfffdcf4, thisObj=0x1a9a0ec0, args=@0xbfffdb50) at /Stuff/Projects/build/Debug/DerivedSources/WebCore/JSNode.cpp:455 #8 0x0041f018 in KJS::PrototypeFunction::callAsFunction (this=0x1a9a0de0, exec=0xbfffdcf4, thisObj=0x1a9a0ec0, args=@0xbfffdb50) at function.cpp:882 #9 0x0043bbcc in KJS::JSObject::call (this=0x1a9a0de0, exec=0xbfffdcf4, thisObj=0x1a9a0ec0, args=@0xbfffdb50) at object.cpp:96 #10 0x004964b4 in KJS::FunctionCallDotNode::inlineEvaluate (this=0x1aa12090, exec=0xbfffdcf4) at nodes.cpp:1225 #11 0x00457a8c in KJS::FunctionCallDotNode::evaluate (this=0x1aa12090, exec=0xbfffdcf4) at nodes.cpp:1230 #12 0x00449e07 in KJS::ExprStatementNode::execute (this=0x1aa120b0, exec=0xbfffdcf4) at nodes.cpp:3719 #13 0x0042accd in statementListExecute (statements=@0x1aa15de0, exec=0xbfffdcf4) at nodes.cpp:3672 #14 0x0042ad5a in KJS::BlockNode::execute (this=0x1aa15dd0, exec=0xbfffdcf4) at nodes.cpp:3697 #15 0x004475f6 in KJS::ProgramNode::execute (this=0x1aa15dd0, exec=0xbfffdcf4) at nodes.cpp:4604 #16 0x00464d58 in KJS::Interpreter::evaluate (exec=0x3a06320, sourceURL=@0xbfffde2c, startingLineNumber=2, code=0x3a0b800, codeLength=415, thisV=0x1a9a0000) at interpreter.cpp:123 #17 0x01fef603 in WebCore::KJSProxy::evaluate (this=0x1a1dca40, filename=@0xbfffdeec, baseLine=2, str=@0xbfffdedc) at /Stuff/Projects/WebKit/WebCore/bindings/js/kjs_proxy.cpp:87 #18 0x01bc4222 in WebCore::FrameLoader::executeScript (this=0x38b1000, url=@0xbfffdeec, baseLine=2, script=@0xbfffdedc) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:790 #19 0x01fb6e7b in WebCore::XMLTokenizer::endElementNs (this=0x18a3c050) at /Stuff/Projects/WebKit/WebCore/dom/XMLTokenizer.cpp:847 #20 0x01fb6f10 in endElementNsHandler (closure=0x18a4c900, localname=0x38c386c "script", prefix=0x0, uri=0x38c3847 "http://www.w3.org/2000/svg") at /Stuff/Projects/WebKit/WebCore/dom/XMLTokenizer.cpp:1032 #21 0x96dfb226 in xmlParseAttributeType () #22 0x96dd87ed in xmlParseChunk () #23 0x01fb3bef in WebCore::XMLTokenizer::write (this=0x18a3c050, s=@0xbfffe144) at /Stuff/Projects/WebKit/WebCore/dom/XMLTokenizer.cpp:623 #24 0x01bb873e in WebCore::FrameLoader::write (this=0x38b1000, str=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., len=524, flush=false) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:1028 #25 0x01bb8872 in WebCore::FrameLoader::addData (this=0x38b1000, bytes=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:1776 #26 0x01f9db88 in -[WebCoreFrameBridge addData:] (self=0x14c0a8e0, _cmd=0x227f923, data=0x14cad150) at /Stuff/Projects/WebKit/WebCore/page/mac/WebCoreFrameBridge.mm:295 #27 0x01fa2b4e in -[WebCoreFrameBridge receivedData:textEncodingName:] (self=0x14c0a8e0, _cmd=0x25568c, data=0x14cad150, textEncodingName=0x0) at /Stuff/Projects/WebKit/WebCore/page/mac/WebCoreFrameBridge.mm:1239 #28 0x001be2b6 in -[WebHTMLRepresentation receivedData:withDataSource:] (self=0x18a31b60, _cmd=0x25579a, data=0x14cad150, dataSource=0x18ade190) at /Stuff/Projects/WebKit/WebKit/mac/WebView/WebHTMLRepresentation.mm:173 #29 0x0019b342 in -[WebDataSource(WebInternal) _receivedData:] (self=0x18ade190, _cmd=0x23ae9d, data=0x14cad150) at /Stuff/Projects/WebKit/WebKit/mac/WebView/WebDataSource.mm:214 #30 0x001b1806 in WebFrameLoaderClient::committedLoad (this=0x14c19360, loader=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm:700 #31 0x01bb399f in WebCore::FrameLoader::committedLoad (this=0x38b1000, loader=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:3260 #32 0x01b57ce3 in WebCore::DocumentLoader::commitLoad (this=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/DocumentLoader.cpp:353 #33 0x01b57f02 in WebCore::DocumentLoader::receivedData (this=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/DocumentLoader.cpp:365 #34 0x01bb30a7 in WebCore::FrameLoader::receivedData (this=0x38b1000, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:2223 #35 0x01d8700a in WebCore::MainResourceLoader::addData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, allAtOnce=false) at /Stuff/Projects/WebKit/WebCore/loader/MainResourceLoader.cpp:138 #36 0x01e7e9a1 in WebCore::ResourceLoader::didReceiveData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, lengthReceived=524, allAtOnce=false) at /Stuff/Projects/WebKit/WebCore/loader/ResourceLoader.cpp:236 #37 0x01d87342 in WebCore::MainResourceLoader::didReceiveData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, lengthReceived=524, allAtOnce=false) at /Stuff/Projects/WebKit/WebCore/loader/MainResourceLoader.cpp:299 #38 0x01e7e578 in WebCore::ResourceLoader::didReceiveData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, lengthReceived=524) at /Stuff/Projects/WebKit/WebCore/loader/ResourceLoader.cpp:367 #39 0x01e7bdbd in -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] (self=0x18af43d0, _cmd=0x9407832c, con=0x18af4630, data=0x3996c00, lengthReceived=524) at /Stuff/Projects/WebKit/WebCore/platform/network/mac/ResourceHandleMac.mm:434 #40 0x94e28e57 in -[NSURLConnection(NSURLConnectionReallyInternal) sendDidReceiveData:originalLength:] () #41 0x94e28dbe in _NSURLConnectionDidReceiveData () #42 0x93850153 in sendDidReceiveDataCallback () #43 0x9384d807 in _CFURLConnectionSendCallbacks () #44 0x9384d1db in muxerSourcePerform () #45 0x935c164e in CFRunLoopRunSpecific () #46 0x935c1d38 in CFRunLoopRunInMode () #47 0x900348a4 in RunCurrentEventLoopInMode () #48 0x900345f6 in ReceiveNextEventCommon () #49 0x90034531 in BlockUntilNextEventMatchingListInMode () #50 0x952ced5b in _DPSNextEvent () #51 0x952ce6a0 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #52 0x00009d4e in ?? () #53 0x952c76d1 in -[NSApplication run] () #54 0x952949ba in NSApplicationMain () #55 0x00002876 in ?? () "
Eric Seidel (no email)
Comment 6 2008-01-29 14:11:10 PST
Created attachment 18774 [details] Remove SVGTextPathElement::buildPendingResource to fix crash LayoutTests/ChangeLog | 10 ++++++++++ .../svg/custom/textPath-assert-expected.txt | 1 + LayoutTests/svg/custom/textPath-assert.svg | 17 +++++++++++++++++ WebCore/ChangeLog | 16 ++++++++++++++++ WebCore/svg/SVGTextPathElement.cpp | 12 ------------ WebCore/svg/SVGTextPathElement.h | 1 - 6 files changed, 44 insertions(+), 13 deletions(-)
Eric Seidel (no email)
Comment 7 2008-01-29 14:25:13 PST
Landed r29850.
Note You need to log in before you can comment on or make changes to this bug.