Bug 81992

Summary: SVG crash in getCTM on hidden text
Product: WebKit Reporter: Stephen Chenney <schenney>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: schenney, zimmermann
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Test case none

Stephen Chenney
Reported 2012-03-22 16:51:37 PDT
Created attachment 133385 [details] Test case Chromium http://code.google.com/p/chromium/issues/detail?id=117139 In the attached test case, click on "Hide text" then "getCTM". Chrome crashes with this reported stack trace: Thread 0 *CRASHED* ( EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE @ 0x00000004 ) 0x1dd34b13 [Google Chrome Framework - ../../JavaScriptCore/wtf/RefPtr.h:60] WebCore::SVGTextElement::animatedLocalTransform 0x1dd34e0c [Google Chrome Framework + 0x01c99e0c] non-virtual thunk to WebCore::SVGTextElement::animatedLocalTransform() const 0x1dd35521 [Google Chrome Framework - ../svg/SVGTransformable.h:49] WebCore::SVGTextElement::localCoordinateSpaceTransform 0x1dcfb4bf [Google Chrome Framework - SVGLocatable.cpp:92] WebCore::SVGLocatable::computeCTM 0x1dd34a36 [Google Chrome Framework - SVGTextElement.cpp:104] WebCore::SVGTextElement::getCTM 0x1db980d5 [Google Chrome Framework - V8SVGTextElement.cpp:85] WebCore::SVGTextElementInternal::getCTMCallback 0x1cd95b91 [Google Chrome Framework - builtins.cc:1136] v8::internal::Builtin_HandleApiCall 0x4020a335 0x40230b88 0x402308f6 0x40230ad1 0x40221b58 0x40213189 0x1cdb57c2 [Google Chrome Framework + 0x00d1a7c2] v8::internal::Invoke(bool, v8::internal::Handle<v8::internal::JSFunction>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, bool*) 0x1cdb5403 [Google Chrome Framework - execution.cc:170] v8::internal::Execution::Call 0x1cd760b0 [Google Chrome Framework - api.cc:3608] v8::Function::Call 0x1d6be756 [Google Chrome Framework - V8Proxy.cpp:437] WebCore::V8Proxy::instrumentedCallFunction 0x1d6be42b [Google Chrome Framework - V8Proxy.cpp:407] WebCore::V8Proxy::callFunction 0x1d6b9e92 [Google Chrome Framework - V8LazyEventListener.cpp:71] WebCore::V8LazyEventListener::callListenerFunction 0x1d6b22b2 [Google Chrome Framework - V8AbstractEventListener.cpp:159] WebCore::V8AbstractEventListener::invokeEventHandler 0x1d6b2125 [Google Chrome Framework - V8AbstractEventListener.cpp:104] WebCore::V8AbstractEventListener::handleEvent 0x1d417347 [Google Chrome Framework - EventTarget.cpp:231] WebCore::EventTarget::fireEventListeners 0x1d4171a5 [Google Chrome Framework - EventTarget.cpp:198] WebCore::EventTarget::fireEventListeners 0x1d4247d8 [Google Chrome Framework - Node.cpp:2787] WebCore::Node::handleLocalEvents 0x1d412631 [Google Chrome Framework - EventDispatcher.cpp:298] WebCore::EventDispatcher::dispatchEvent 0x1d41b50c [Google Chrome Framework - MouseEvent.cpp:207] WebCore::MouseEventDispatchMediator::dispatchEvent 0x1d411c7f [Google Chrome Framework - EventDispatcher.cpp:55] WebCore::EventDispatcher::dispatchEvent 0x1d42506c [Google Chrome Framework - Node.cpp:2852] WebCore::Node::dispatchMouseEvent 0x1d91b7ab [Google Chrome Framework - EventHandler.cpp:2207] WebCore::EventHandler::dispatchMouseEvent 0x1d91caad [Google Chrome Framework - EventHandler.cpp:1857] WebCore::EventHandler::handleMouseReleaseEvent
Attachments
Test case (671 bytes, text/html)
2012-03-22 16:51 PDT, Stephen Chenney 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Stephen Chenney
Comment 1 2012-03-28 13:40:45 PDT
*** This bug has been marked as a duplicate of bug 82375 ***
Note You need to log in before you can comment on or make changes to this bug.