Bug 25092

Summary: Crash in SVGUseElement::associateInstancesWithShadowTreeElements
Product: WebKit Reporter: Eric Seidel (no email) <eric>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Bug Depends on:    
Bug Blocks: 22856, 23586    
Attachments:
Description Flags
stack trace of crash
none
stack trace of crash
none
test case (crashes Safari)
none
Fix ASSERT seen in shadow tree testing darin: review+

Description Eric Seidel (no email) 2009-04-08 06:40:46 PDT 
Crash in SVGUseElement::associateInstancesWithShadowTreeElements

Discovered this while trying to make a test case for bug 23586.  See attached test case.

The crash is under:
0   com.apple.WebCore             	0x034e62e1 WebCore::Node::nextSibling() const + 9
1   com.apple.WebCore             	0x03cecd91 WebCore::SVGUseElement::associateInstancesWithShadowTreeElements(WebCore::Node*, WebCore::SVGElementInstance*) + 891 (SVGUseElement.cpp:825)
2   com.apple.WebCore             	0x03cf0480 WebCore::SVGUseElement::buildPendingResource() + 1500 (SVGUseElement.cpp:398)
3   com.apple.WebCore             	0x03cec5d9 WebCore::SVGUseElement::insertedIntoDocument() + 37 (SVGUseElement.cpp:115)
Comment 1 Eric Seidel (no email) 2009-04-08 06:41:17 PDT 
Created attachment 29332 [details]
stack trace of crash
Comment 2 Eric Seidel (no email) 2009-04-08 06:42:26 PDT 
Created attachment 29333 [details]
stack trace of crash
Comment 3 Eric Seidel (no email) 2009-04-08 06:44:01 PDT 
Created attachment 29334 [details]
test case (crashes Safari)
Comment 4 Eric Seidel (no email) 2009-06-04 19:28:59 PDT 
Created attachment 30980 [details]
Fix ASSERT seen in shadow tree testing

 5 files changed, 49 insertions(+), 1 deletions(-)
Comment 5 Brent Fulgham 2009-06-09 12:35:01 PDT 
Landed in @r44540.