Bug 23704

Summary: Safari crashes on getComputedTextLength
Product: WebKit Reporter: Volker Gersabeck <volker.gersabeck>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: mrowe
Priority: P2    
Version: 525.x (Safari 3.2)   
Hardware: Mac   
OS: OS X 10.4   
URL: http://rapidrabb.it/files/safari-crash.xhtml

Description Volker Gersabeck 2009-02-03 01:52:57 PST 
Have a look at the <a href="http://rapidrabb.it/files/safari-crash.xhtml">sample</a>. Pressing the button in Safari 3.2.1 (and probably back to some 3.1 version of Safari) causes the whole browser to crash. See the error report below. 

Note: this sample works fine with the nightly of webkit. => would be nice if the fix gets into the next Safari version.



Date/Time:      2009-02-03 10:50:19.661 +0100
OS Version:     10.4.11 (Build 8S2167)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  WindowServer [77]

Version:        3.2.1 (4525.27.1)
Build Version:  1
Project Name:   WebBrowser
Source Version: 45252701

PID:    19970
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x0000001a

Thread 0 Crashed:
0   com.apple.WebCore        	0x013519e5 WebCore::findInlineTextBoxInTextChunks(WebCore::SVGTextContentElement const*, WTF::Vector<WebCore::SVGTextChunk, (unsigned long)0> const&) + 127
1   com.apple.WebCore        	0x01375925 WebCore::SVGTextContentElement::getComputedTextLength() const + 245
2   com.apple.WebCore        	0x013757bd WebCore::jsSVGTextContentElementPrototypeFunctionGetComputedTextLength(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 71
Comment 1 Mark Rowe (bdash) 2009-02-03 02:09:53 PST 
Per the comment this works fine in recent WebKit builds.  Closing as WORKSFORME.