Bug 93453

Summary: SVG+animation+viewBox+relative-size via <html:img> = FractionalLayoutUnit error log.
Product: WebKit Reporter: Kazuhiro Inaba <kinaba>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: koivisto, krit, sabouhallawa, zimmermann
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Loading from an HTML <img src="foo.svg" width="256" height="20"/> reproduces the issue. none

Description Kazuhiro Inaba 2012-08-08 02:01:08 PDT 
Created attachment 157154 [details]
Loading from an HTML <img src="foo.svg" width="256" height="20"/> reproduces the issue.

Reduction of an issue reported at http://crbug.com/129465.
I have seen it on debug build of Chromium and DumpRenderTree (on Linux).

If an SVG image
* with viewBox attribute,
* without width/height attributes,
* and with <animate> element
is loaded via html <img> element, it triggers the following diagnosing message:

ERROR: !(isInBounds(value))
../../third_party/WebKit/Source/WebCore/platform/FractionalLayoutUnit.h(79) : WebCore::FractionalLayoutUnit::FractionalLayoutUnit(float)

I don't see any visible trouble in SVG rendering result, but in the originally reported case,
this message is infinitely generated and floods my console.
Substituting the line with an assertion, I got the following stack trace in DumpRenderTree,
and the "out-of-bound" value was -NaN.

        base::debug::StackTrace::StackTrace() [0x7f8bd9c2dffe]
        base::(anonymous namespace)::StackDumpSignalHandler() [0x7f8bd9ca0e74]
        0x7f8bd1e0caf0
        WebCore::FractionalLayoutUnit::FractionalLayoutUnit() [0x7f8bd5a413fe]
        WebCore::FractionalLayoutUnit::FractionalLayoutUnit() [0x7f8bd5a3e13f]
        WebCore::FractionalLayoutPoint::FractionalLayoutPoint() [0x7f8bd5a60bea]
        WebCore::FractionalLayoutPoint::FractionalLayoutPoint() [0x7f8bd5a60bad]
        WebCore::roundedLayoutPoint() [0x7f8bd5a5cecc]
        WebCore::RenderBox::mapLocalToContainer() [0x7f8bd5b0407e]
        WebCore::RenderSVGRoot::mapLocalToContainer() [0x7f8bd608f369]
        WebCore::SVGRenderSupport::mapLocalToContainer() [0x7f8bd60a6306]
        WebCore::RenderSVGModelObject::mapLocalToContainer() [0x7f8bd606546b]
        WebCore::RenderObject::localToContainerQuad() [0x7f8bd5c0347b]
        WebCore::RenderSVGModelObject::outlineBoundsForRepaint() [0x7f8bd60655b2]
        WebCore::LayoutRepainter::LayoutRepainter() [0x7f8bd5a83040]
        WebCore::RenderSVGShape::layout() [0x7f8bd6092ef0]
        WebCore::SVGRenderSupport::layoutChildren() [0x7f8bd60a6d17]
        WebCore::RenderSVGRoot::layout() [0x7f8bd608e2e2]
        WebCore::FrameView::layout() [0x7f8bd6ba2e15]
        WebCore::FrameView::visibleContentsResized() [0x7f8bd6ba7fd6]
        WebCore::ScrollView::updateScrollbars() [0x7f8bd62a869d]
        WebCore::ScrollView::setFrameRect() [0x7f8bd62ac4f4]
        WebCore::FrameView::setFrameRect() [0x7f8bd6ba02ef]
        WebCore::Widget::resize() [0x7f8bd51b748e]
        WebCore::SVGImage::dataChanged() [0x7f8bd623840b]
        WebCore::Image::setData() [0x7f8bd6351af5]
        WebCore::CachedImage::data() [0x7f8bd6b16ec7]
        WebCore::SubresourceLoader::didFinishLoading() [0x7f8bd6af96e9]
        WebCore::ResourceLoader::didFinishLoading() [0x7f8bd6af4605]
        WebCore::ResourceHandleInternal::didFinishLoading() [0x7f8bd6413652]
        webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest() [0x7f8bd9f58253]
        (anonymous namespace)::RequestProxy::NotifyCompletedRequest() [0x5d9285]
        base::internal::RunnableAdapter<>::Run() [0x5d96d4]
        base::internal::InvokeHelper<>::MakeItSo() [0x5d960b]
        base::internal::Invoker<>::Run() [0x5d959a]
        base::Callback<>::Run() [0x7f8bd9c2429e]
        MessageLoop::RunTask() [0x7f8bd9c6e104]
        MessageLoop::DeferOrRunPendingTask() [0x7f8bd9c6e41b]
        MessageLoop::DoWork() [0x7f8bd9c6e5f5]
        base::MessagePumpGlib::RunWithDispatcher() [0x7f8bd9c05b52]
        base::MessagePumpGlib::Run() [0x7f8bd9c06069]
        MessageLoop::RunInternal() [0x7f8bd9c6dbe6]
        MessageLoop::RunHandler() [0x7f8bd9c6da95]
        base::RunLoop::Run() [0x7f8bd9ca7e52]
        MessageLoop::Run() [0x7f8bd9c6d331]
        webkit_support::RunMessageLoop() [0x542741]
        TestShell::waitTestFinished() [0x49836f]
        TestShell::runFileTest() [0x48feaa]
        runTest() [0x45ad1c]
        main [0x45aa35]

If I directly load the SVG file, or load it via <iframe> or <embed> element, there was no problem.
Adding absolute size info to SVG or dropping viewBox attribute also dissolved the message flood.

As far as I looked, SVGImage::frameView() has size (0,0) in this case and it is causing 0/0 = NaN
in SVGPreserveAspectRatio::getCTM.
Comment 1 Kazuhiro Inaba 2012-08-08 02:13:32 PDT 
Oops, I'm very sorry, the stacktrace I pasted in the previous comment was wrong (that was the one from my local tweaks...)
Here is the real trace. Hope it helps.

        base::debug::StackTrace::StackTrace() [0x7f189ddc5ffe]
        base::(anonymous namespace)::StackDumpSignalHandler() [0x7f189de38e74]
        0x7f1895fa4af0
        WebCore::FractionalLayoutUnit::FractionalLayoutUnit() [0x7f1899bd93fe]
        WebCore::FractionalLayoutUnit::FractionalLayoutUnit() [0x7f1899bd613f]
        WebCore::FractionalLayoutPoint::FractionalLayoutPoint() [0x7f1899bf8bea]
        WebCore::FractionalLayoutPoint::FractionalLayoutPoint() [0x7f1899bf8bad]
        WebCore::roundedLayoutPoint() [0x7f1899bf4ecc]
        WebCore::RenderBox::mapLocalToContainer() [0x7f1899c9c07e]
        WebCore::RenderSVGRoot::mapLocalToContainer() [0x7f189a2272b9]
        WebCore::SVGRenderSupport::mapLocalToContainer() [0x7f189a23e256]
        WebCore::RenderSVGModelObject::mapLocalToContainer() [0x7f189a1fd3bb]
        WebCore::RenderObject::localToContainerQuad() [0x7f1899d9b3cb]
        WebCore::RenderSVGModelObject::outlineBoundsForRepaint() [0x7f189a1fd502]
        WebCore::LayoutRepainter::LayoutRepainter() [0x7f1899c1b040]
        WebCore::RenderSVGShape::layout() [0x7f189a22ae40]
        WebCore::SVGRenderSupport::layoutChildren() [0x7f189a23ec67]
        WebCore::RenderSVGRoot::layout() [0x7f189a226232]
        WebCore::FrameView::layout() [0x7f189ad3ac05]
        WebCore::FrameView::layoutTimerFired() [0x7f189ad36c70]
        WebCore::Timer<>::fired() [0x7f189ad4c723]
        WebCore::ThreadTimers::sharedTimerFiredInternal() [0x7f189a455122]
        WebCore::ThreadTimers::sharedTimerFired() [0x7f189a454f29]
        webkit_glue::WebKitPlatformSupportImpl::DoTimeout() [0x7f189e0e2aed]
        base::internal::RunnableAdapter<>::Run() [0x7f189e0e36c2]
        base::internal::InvokeHelper<>::MakeItSo() [0x7f189e0e362c]
        base::internal::Invoker<>::Run() [0x7f189e0e35da]
        base::Callback<>::Run() [0x7f189ddbc29e]
        base::Timer::RunScheduledTask() [0x7f189de8de62]
        base::BaseTimerTaskInternal::Run() [0x7f189de8dfbc]
        base::internal::RunnableAdapter<>::Run() [0x7f189de8e482]
        base::internal::InvokeHelper<>::MakeItSo() [0x7f189de8e3ec]
        base::internal::Invoker<>::Run() [0x7f189de8e395]
        base::Callback<>::Run() [0x7f189ddbc29e]
        MessageLoop::RunTask() [0x7f189de06104]
        MessageLoop::DeferOrRunPendingTask() [0x7f189de0641b]
        MessageLoop::DoWork() [0x7f189de065f5]
        base::MessagePumpGlib::HandleDispatch() [0x7f189dd9df4c]
        (anonymous namespace)::WorkSourceDispatch() [0x7f189dd9d741]
        0x7f18952d88c2
        0x7f18952dc748
        0x7f18952dc8fc
        base::MessagePumpGlib::RunWithDispatcher() [0x7f189dd9db10]
        base::MessagePumpGlib::Run() [0x7f189dd9e069]
        MessageLoop::RunInternal() [0x7f189de05be6]
        MessageLoop::RunHandler() [0x7f189de05a95]
        base::RunLoop::Run() [0x7f189de3fe52]
        MessageLoop::Run() [0x7f189de05331]
        webkit_support::RunMessageLoop() [0x542741]
        TestShell::waitTestFinished() [0x49836f]
        TestShell::runFileTest() [0x48feaa]
        runTest() [0x45ad1c]
        main [0x45aa35]
        0x7f1895f8fc4d
        0x458679
Comment 2 Said Abou-Hallawa 2017-02-08 11:23:25 PST 
The FractionalLayoutUnit class was removed from WebKit and the test case opens without any crash.