RESOLVED WORKSFORME109699
ASSERT(m_context->document()->documentElement() != m_context) in SVGLengthContext 
https://bugs.webkit.org/show_bug.cgi?id=109699
Summary ASSERT(m_context->document()->documentElement() != m_context) in SVGLengthCon...
Renata Hodovan
Reported 2013-02-13 08:16:46 PST
During SVG Fuzzing I've got an assertion faulire: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff4d23494 in WebCore::SVGLengthContext::determineViewport (this=0x7fffffffc640, width=@0x7fffffffc4f8: 0, height=@0x7fffffffc4fc: 0) at /home/reni/Data/REPOS/webkit/Source/WebCore/svg/SVGLengthContext.cpp:298 298 ASSERT(m_context->document()->documentElement() != m_context); The test was: <svg xmlns="http://www.w3.org/2000/svg"> <animate attributeName="width" to="0%"></animate> </svg>
Attachments
Add attachment proposed patch, testcase, etc.
Florin Malita
Comment 1 2013-02-14 07:59:48 PST
Thanks Reni. Looks like (percentage?) animation of <svg> attributes hits an invalid code path. SVGLengthContext::determineViewport(): // SVGLengthContext should NEVER be used to resolve width/height values for <svg> elements, // as they require special treatment, due the relationship with the CSS width/height properties. ASSERT(m_context->document()->documentElement() != m_context); I'm not familiar with animations, but I'm guessing that special handling of <svg> targets may just not be implemented? I know Phil's been poking in this area so maybe he has more insight.
Renata Hodovan
Comment 2 2014-09-08 02:36:04 PDT
I cannot reproduce the issue anymore.
Note You need to log in before you can comment on or make changes to this bug.