Bug 98059
| Summary: | Assertion hit in SVGSMILElement.cpp:1118 ASSERT(time.isFinite()); | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Dominic Mazzoni <dmazzoni> |
| Component: | SVG | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | rhodovan.u-szeged, zimmermann |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Dominic Mazzoni
The following file triggers an assertion when run under ASAN. It's easy to reproduce as a layout test, just compile with asan and then run DumpRenderTree and pass it a file containing the svg below.
The problem goes away if I add a duration to the set, e.g. dur="1s" - but I don't think there should be an assertion failure just because the duration is missing.
<svg xmlns:xlink="http://www.w3.org/1999/xlink">
<text id="a">Text</text>
<use xlink:href="#a">
<set id="b" attributeName="xlink:href" begin="0s; b.end"/>
</use>
</svg>
ASAN:SIGSEGV
=================================================================
==21425== ERROR: AddressSanitizer crashed on unknown address 0x0000bbadbeef (pc 0x7f9c4159abb7 sp 0x7fff8151b300 bp 0x7fff8151b810 T0)
AddressSanitizer can not provide additional info.
#0 0x7f9c4159abb6 in WebCore::SVGSMILElement::createInstanceTimesFromSyncbase(WebCore::SVGSMILElement*, WebCore::SVGSMILElement::NewOrExistingInterval) out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.cpp:1118
#1 0x7f9c4158fd7d in WebCore::SVGSMILElement::addTimeDependent(WebCore::SVGSMILElement*) out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.cpp:1131
#2 0x7f9c4158da13 in WebCore::SVGSMILElement::connectConditions() out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.cpp:510
#3 0x7f9c41598ada in WebCore::SVGSMILElement::progress(WebCore::SMILTime, WebCore::SVGSMILElement*, bool) out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.cpp:1023
#4 0x7f9c415631df in WebCore::SMILTimeContainer::updateAnimations(WebCore::SMILTime, bool) out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SMILTimeContainer.cpp:252
#5 0x7f9c41562231 in WebCore::SMILTimeContainer::begin() out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SMILTimeContainer.cpp:100
#6 0x7f9c40f75a87 in WebCore::SVGDocumentExtensions::startAnimations() out/Debug/../../third_party/WebKit/Source/WebCore/svg/SVGDocumentExtensions.cpp:105
#7 0x7f9c3ef43f30 in WebCore::Document::implicitClose() out/Debug/../../third_party/WebKit/Source/WebCore/dom/Document.cpp:2570
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Renata Hodovan
*** This bug has been marked as a duplicate of bug 108184 ***