During SVG fuzzing I've got the following ASSERT_NOT_REACHED assertion faulire: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff59d0f6a in WebCore::SVGAnimatedType::valueAsString (this=0xa69ff0) at /home/reni/repos/webkit2/Source/WebCore/svg/SVGAnimatedType.cpp:268 268 ASSERT_NOT_REACHED(); Test: <svg xmlns="http://www.w3.org/2000/svg"> <circle> <animateTransform attributeName="transform" attributeType="CSS"></animateTransform> </circle> </svg> The problem is that the type of the SVGAnimatedType object is AnimatedTransformList what doesn't need valueAsString() support theoretically.