Bug 93453

Summary: SVG+animation+viewBox+relative-size via <html:img> = FractionalLayoutUnit error log.
Product: WebKit Reporter: Kazuhiro Inaba <kinaba>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: koivisto, krit, sabouhallawa, zimmermann
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Loading from an HTML <img src="foo.svg" width="256" height="20"/> reproduces the issue. none

Kazuhiro Inaba
Reported 2012-08-08 02:01:08 PDT
Created attachment 157154 [details] Loading from an HTML <img src="foo.svg" width="256" height="20"/> reproduces the issue. Reduction of an issue reported at http://crbug.com/129465. I have seen it on debug build of Chromium and DumpRenderTree (on Linux). If an SVG image * with viewBox attribute, * without width/height attributes, * and with <animate> element is loaded via html <img> element, it triggers the following diagnosing message: ERROR: !(isInBounds(value)) ../../third_party/WebKit/Source/WebCore/platform/FractionalLayoutUnit.h(79) : WebCore::FractionalLayoutUnit::FractionalLayoutUnit(float) I don't see any visible trouble in SVG rendering result, but in the originally reported case, this message is infinitely generated and floods my console. Substituting the line with an assertion, I got the following stack trace in DumpRenderTree, and the "out-of-bound" value was -NaN. base::debug::StackTrace::StackTrace() [0x7f8bd9c2dffe] base::(anonymous namespace)::StackDumpSignalHandler() [0x7f8bd9ca0e74] 0x7f8bd1e0caf0 WebCore::FractionalLayoutUnit::FractionalLayoutUnit() [0x7f8bd5a413fe] WebCore::FractionalLayoutUnit::FractionalLayoutUnit() [0x7f8bd5a3e13f] WebCore::FractionalLayoutPoint::FractionalLayoutPoint() [0x7f8bd5a60bea] WebCore::FractionalLayoutPoint::FractionalLayoutPoint() [0x7f8bd5a60bad] WebCore::roundedLayoutPoint() [0x7f8bd5a5cecc] WebCore::RenderBox::mapLocalToContainer() [0x7f8bd5b0407e] WebCore::RenderSVGRoot::mapLocalToContainer() [0x7f8bd608f369] WebCore::SVGRenderSupport::mapLocalToContainer() [0x7f8bd60a6306] WebCore::RenderSVGModelObject::mapLocalToContainer() [0x7f8bd606546b] WebCore::RenderObject::localToContainerQuad() [0x7f8bd5c0347b] WebCore::RenderSVGModelObject::outlineBoundsForRepaint() [0x7f8bd60655b2] WebCore::LayoutRepainter::LayoutRepainter() [0x7f8bd5a83040] WebCore::RenderSVGShape::layout() [0x7f8bd6092ef0] WebCore::SVGRenderSupport::layoutChildren() [0x7f8bd60a6d17] WebCore::RenderSVGRoot::layout() [0x7f8bd608e2e2] WebCore::FrameView::layout() [0x7f8bd6ba2e15] WebCore::FrameView::visibleContentsResized() [0x7f8bd6ba7fd6] WebCore::ScrollView::updateScrollbars() [0x7f8bd62a869d] WebCore::ScrollView::setFrameRect() [0x7f8bd62ac4f4] WebCore::FrameView::setFrameRect() [0x7f8bd6ba02ef] WebCore::Widget::resize() [0x7f8bd51b748e] WebCore::SVGImage::dataChanged() [0x7f8bd623840b] WebCore::Image::setData() [0x7f8bd6351af5] WebCore::CachedImage::data() [0x7f8bd6b16ec7] WebCore::SubresourceLoader::didFinishLoading() [0x7f8bd6af96e9] WebCore::ResourceLoader::didFinishLoading() [0x7f8bd6af4605] WebCore::ResourceHandleInternal::didFinishLoading() [0x7f8bd6413652] webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest() [0x7f8bd9f58253] (anonymous namespace)::RequestProxy::NotifyCompletedRequest() [0x5d9285] base::internal::RunnableAdapter<>::Run() [0x5d96d4] base::internal::InvokeHelper<>::MakeItSo() [0x5d960b] base::internal::Invoker<>::Run() [0x5d959a] base::Callback<>::Run() [0x7f8bd9c2429e] MessageLoop::RunTask() [0x7f8bd9c6e104] MessageLoop::DeferOrRunPendingTask() [0x7f8bd9c6e41b] MessageLoop::DoWork() [0x7f8bd9c6e5f5] base::MessagePumpGlib::RunWithDispatcher() [0x7f8bd9c05b52] base::MessagePumpGlib::Run() [0x7f8bd9c06069] MessageLoop::RunInternal() [0x7f8bd9c6dbe6] MessageLoop::RunHandler() [0x7f8bd9c6da95] base::RunLoop::Run() [0x7f8bd9ca7e52] MessageLoop::Run() [0x7f8bd9c6d331] webkit_support::RunMessageLoop() [0x542741] TestShell::waitTestFinished() [0x49836f] TestShell::runFileTest() [0x48feaa] runTest() [0x45ad1c] main [0x45aa35] If I directly load the SVG file, or load it via <iframe> or <embed> element, there was no problem. Adding absolute size info to SVG or dropping viewBox attribute also dissolved the message flood. As far as I looked, SVGImage::frameView() has size (0,0) in this case and it is causing 0/0 = NaN in SVGPreserveAspectRatio::getCTM.
Attachments
Loading from an HTML <img src="foo.svg" width="256" height="20"/> reproduces the issue. (288 bytes, image/svg+xml)
2012-08-08 02:01 PDT, Kazuhiro Inaba 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Kazuhiro Inaba
Comment 1 2012-08-08 02:13:32 PDT
Oops, I'm very sorry, the stacktrace I pasted in the previous comment was wrong (that was the one from my local tweaks...) Here is the real trace. Hope it helps. base::debug::StackTrace::StackTrace() [0x7f189ddc5ffe] base::(anonymous namespace)::StackDumpSignalHandler() [0x7f189de38e74] 0x7f1895fa4af0 WebCore::FractionalLayoutUnit::FractionalLayoutUnit() [0x7f1899bd93fe] WebCore::FractionalLayoutUnit::FractionalLayoutUnit() [0x7f1899bd613f] WebCore::FractionalLayoutPoint::FractionalLayoutPoint() [0x7f1899bf8bea] WebCore::FractionalLayoutPoint::FractionalLayoutPoint() [0x7f1899bf8bad] WebCore::roundedLayoutPoint() [0x7f1899bf4ecc] WebCore::RenderBox::mapLocalToContainer() [0x7f1899c9c07e] WebCore::RenderSVGRoot::mapLocalToContainer() [0x7f189a2272b9] WebCore::SVGRenderSupport::mapLocalToContainer() [0x7f189a23e256] WebCore::RenderSVGModelObject::mapLocalToContainer() [0x7f189a1fd3bb] WebCore::RenderObject::localToContainerQuad() [0x7f1899d9b3cb] WebCore::RenderSVGModelObject::outlineBoundsForRepaint() [0x7f189a1fd502] WebCore::LayoutRepainter::LayoutRepainter() [0x7f1899c1b040] WebCore::RenderSVGShape::layout() [0x7f189a22ae40] WebCore::SVGRenderSupport::layoutChildren() [0x7f189a23ec67] WebCore::RenderSVGRoot::layout() [0x7f189a226232] WebCore::FrameView::layout() [0x7f189ad3ac05] WebCore::FrameView::layoutTimerFired() [0x7f189ad36c70] WebCore::Timer<>::fired() [0x7f189ad4c723] WebCore::ThreadTimers::sharedTimerFiredInternal() [0x7f189a455122] WebCore::ThreadTimers::sharedTimerFired() [0x7f189a454f29] webkit_glue::WebKitPlatformSupportImpl::DoTimeout() [0x7f189e0e2aed] base::internal::RunnableAdapter<>::Run() [0x7f189e0e36c2] base::internal::InvokeHelper<>::MakeItSo() [0x7f189e0e362c] base::internal::Invoker<>::Run() [0x7f189e0e35da] base::Callback<>::Run() [0x7f189ddbc29e] base::Timer::RunScheduledTask() [0x7f189de8de62] base::BaseTimerTaskInternal::Run() [0x7f189de8dfbc] base::internal::RunnableAdapter<>::Run() [0x7f189de8e482] base::internal::InvokeHelper<>::MakeItSo() [0x7f189de8e3ec] base::internal::Invoker<>::Run() [0x7f189de8e395] base::Callback<>::Run() [0x7f189ddbc29e] MessageLoop::RunTask() [0x7f189de06104] MessageLoop::DeferOrRunPendingTask() [0x7f189de0641b] MessageLoop::DoWork() [0x7f189de065f5] base::MessagePumpGlib::HandleDispatch() [0x7f189dd9df4c] (anonymous namespace)::WorkSourceDispatch() [0x7f189dd9d741] 0x7f18952d88c2 0x7f18952dc748 0x7f18952dc8fc base::MessagePumpGlib::RunWithDispatcher() [0x7f189dd9db10] base::MessagePumpGlib::Run() [0x7f189dd9e069] MessageLoop::RunInternal() [0x7f189de05be6] MessageLoop::RunHandler() [0x7f189de05a95] base::RunLoop::Run() [0x7f189de3fe52] MessageLoop::Run() [0x7f189de05331] webkit_support::RunMessageLoop() [0x542741] TestShell::waitTestFinished() [0x49836f] TestShell::runFileTest() [0x48feaa] runTest() [0x45ad1c] main [0x45aa35] 0x7f1895f8fc4d 0x458679
Said Abou-Hallawa
Comment 2 2017-02-08 11:23:25 PST
The FractionalLayoutUnit class was removed from WebKit and the test case opens without any crash.
Note You need to log in before you can comment on or make changes to this bug.