Bug 6059
| Summary: | Safari hung after failing to render large invalid SVG (in editing code?) | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Eric Seidel (no email) <eric> |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | eric, ian, mitz |
| Priority: | P4 | ||
| Version: | 420+ | ||
| Hardware: | Mac | ||
| OS: | OS X 10.4 | ||
| URL: | http://www.xs4all.nl/~rwlbuis/worldcup.svg | ||
Eric Seidel (no email)
Safari hung after failing to render large invalid SVG (in editing code?)
Sample:
Analysis of sampling pid 28073 every 10.000000 milliseconds
Call graph:
891 Thread_0f1f
891 start
891 _start
891 main
891 NSApplicationMain
891 -[NSApplication run]
891 -[BrowserApplication sendEvent:]
891 -[NSApplication sendEvent:]
891 -[Window sendEvent:]
891 -[NSWindow sendEvent:]
891 forwardMethod
891 forwardMethod
891 forwardMethod
891 forwardMethod
891 forwardMethod
891 forwardMethod
891 forwardMethod
891 forwardMethod
891 -[NSNotificationCenter postNotificationName:object:userInfo:]
891 _CFXNotificationPostNotification
891 __CFXNotificationPost
891 _nsnote_callback
891 -[WebHTMLView mouseMovedNotification:]
891 -[WebHTMLView(WebPrivate) _updateMouseoverWithEvent:]
891 -[WebHTMLView elementAtPoint:]
891 -[WebCoreBridge elementAtPoint:]
891 KHTMLPart::isPointInsideSelection(int, int)
891 khtml::RenderText::positionForCoordinates(int, int)
891 khtml::VisiblePosition::VisiblePosition[in-charge]
(DOM::NodeImpl*, int, khtml::EAffinity)
891 khtml::VisiblePosition::init(DOM::Position const&,
khtml::EAffinity)
891 khtml::inSameLine(khtml::VisiblePosition const&,
khtml::VisiblePosition const&)
891 khtml::startOfLine(khtml::VisiblePosition const&)
891 khtml::VisiblePosition::VisiblePosition[in-charge]
(DOM::NodeImpl*, int, khtml::EAffinity)
891 khtml::VisiblePosition::init(DOM::Position const&,
khtml::EAffinity)
890 khtml::VisiblePosition::nextVisiblePosition
(DOM::Position const&)
509 DOM::Position::next
(DOM::EUsingComposedCharacters) const
425 DOM::NodeImpl::maxDeepOffset() const
423 DOM::ContainerNodeImpl::childNodeCount()
const
385 DOM::NodeImpl::nextSibling() const
385 DOM::NodeImpl::nextSibling() const
38 DOM::ContainerNodeImpl::childNodeCount()
const
1 DOM::ElementImpl::hasTagName
(DOM::QualifiedName const&) const
1 DOM::QualifiedName::matches
(DOM::QualifiedName const&) const
1 DOM::QualifiedName::matches
(DOM::QualifiedName const&) const
1 DOM::NodeImpl::maxDeepOffset() const
62 DOM::ContainerNodeImpl::childNode(unsigned)
59 DOM::NodeImpl::nextSibling() const
59 DOM::NodeImpl::nextSibling() const
3 DOM::ContainerNodeImpl::childNode(unsigned)
19 DOM::NodeImpl::nodeIndex() const
15 DOM::NodeImpl::previousSibling() const
15 DOM::NodeImpl::previousSibling() const
4 DOM::NodeImpl::nodeIndex() const
1 DOM::NodeImpl::nextOffset(int) const
1 khtml::RenderText::nextOffset(int) const
1 icu::RuleBasedBreakIterator::following(int)
1 icu::RuleBasedBreakIterator::handlePrevious
(icu::RBBIStateTable const*)
1 icu::RuleBasedBreakIterator::handlePrevious
(icu::RBBIStateTable const*)
1 DOM::Position::Position[in-charge](DOM::NodeImpl*,
int)
1 DOM::Position::Position[in-charge]
(DOM::NodeImpl*, int)
1 DOM::Position::next
(DOM::EUsingComposedCharacters) const
379 DOM::Position::atEnd() const
379 DOM::NodeImpl::maxDeepOffset() const
378 DOM::ContainerNodeImpl::childNodeCount()
const
340 DOM::NodeImpl::nextSibling() const
340 DOM::NodeImpl::nextSibling() const
38 DOM::ContainerNodeImpl::childNodeCount()
const
1 DOM::NodeImpl::maxDeepOffset() const
1 DOM::NodeImpl::nodeIndex() const
1 DOM::NodeImpl::previousSibling() const
1 DOM::NodeImpl::previousSibling() const
1 khtml::VisiblePosition::nextVisiblePosition
(DOM::Position const&)
1 khtml::VisiblePosition::isCandidate(DOM::Position
const&)
1 DOM::Position::node() const
1 DOM::Position::node() const
891 Thread_1003
891 _pthread_body
891 forkThreadForFunction
891 +[WebFileDatabase _syncLoop:]
891 -[NSRunLoop run]
891 -[NSRunLoop runMode:beforeDate:]
891 CFRunLoopRunSpecific
891 __CFRunLoopRun
891 mach_msg
891 mach_msg_trap
891 mach_msg_trap
891 Thread_1103
891 _pthread_body
891 forkThreadForFunction
891 +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:]
891 CFRunLoopRunSpecific
891 __CFRunLoopRun
891 mach_msg
891 mach_msg_trap
891 mach_msg_trap
891 Thread_1203
891 _pthread_body
891 forkThreadForFunction
891 +[NSURLCache _diskCacheSyncLoop:]
891 CFRunLoopRunSpecific
891 __CFRunLoopRun
891 mach_msg
891 mach_msg_trap
891 mach_msg_trap
891 Thread_1303
891 _pthread_body
891 forkThreadForFunction
891 -[AsyncDB _run:]
891 -[NSConditionLock lockWhenCondition:]
891 pthread_cond_wait
891 semaphore_wait_signal_trap
891 semaphore_wait_signal_trap
891 Thread_1403
891 _pthread_body
891 __CFSocketManager
891 select
891 select
891 Thread_1503
891 _pthread_body
891 forkThreadForFunction
891 -[NSUIHeartBeat _heartBeatThread:]
891 -[NSConditionLock lockWhenCondition:]
891 pthread_cond_wait
891 semaphore_wait_signal_trap
891 semaphore_wait_signal_trap
Total number in stack (recursive counted multiple, when >=5):
8 forwardMethod
6 _pthread_body
5 forkThreadForFunction
Sort by top of stack, same collapsed (when >= 5):
mach_msg_trap 2673
semaphore_wait_signal_trap 1782
select 891
DOM::NodeImpl::nextSibling() const 784
DOM::ContainerNodeImpl::childNodeCount() const 76
DOM::NodeImpl::previousSibling() const 16
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Ladd Van Tol
(In reply to comment #0)
> Safari hung after failing to render large invalid SVG (in editing code?)
Didn't happen here with current source.
Justin Garcia
Perhaps there's something special about the SVG that eric was trying to render. Eric, please attach it.
Justin Garcia
I'm a dork, the URL was attached.
Justin Garcia
I'm not actively looking at this, unassigning.
Rob Buis
My old website is gone, I am (slowly) replacing it by a new one. I tried ToT on an edited worldcup.svg
and it worked fine. Maybe we should close this until we run into the problem again?
Cheers,
Rob.
mitz
This looks similar to bug 10735. The problem there is with wide trees of unrendered content and the fact that scanning for the first rendered position takes O(n^2) in the number of children.
Rob Buis
Talked with MacDome, we agreed to close it.