Bug 182185

Summary: REGRESSiON (r226492): Crash under Element::absoluteEventBounds() on a SVGPathElement which has not been laid out yet
Product: WebKit Reporter: Simon Fraser (smfr) <simon.fraser>
Component: New BugsAssignee: Simon Fraser (smfr) <simon.fraser>
Status: RESOLVED FIXED    
Severity: Normal CC: simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch zalan: review+

Description Simon Fraser (smfr) 2018-01-26 14:03:49 PST 
REGRESSiON (r226492): Crash under Element::absoluteEventBounds() on a SVGPathElement which has not been laid out yet
Comment 1 Simon Fraser (smfr) 2018-01-26 14:06:14 PST 
Created attachment 332414 [details]
Patch
Comment 2 Simon Fraser (smfr) 2018-01-26 14:06:46 PST 
rdar://problem/36836262
Comment 3 Simon Fraser (smfr) 2018-01-26 14:07:28 PST 
Created attachment 332415 [details]
Patch
Comment 4 zalan 2018-01-26 14:13:04 PST 
Comment on attachment 332415 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=332415&action=review

> Source/WebCore/svg/SVGPathElement.cpp:424
> +    if (!renderer || !renderer->hasPath())
> +        return { };

Please add a FIXME here that it's an invalid state.
Comment 5 Simon Fraser (smfr) 2018-01-26 14:37:49 PST Comment hidden (obsolete)
Comment 6 Simon Fraser (smfr) 2018-01-26 14:38:40 PST 
https://trac.webkit.org/r227697