Bug 112078 - SVG text path referencing parent text infinite loops
Summary: SVG text path referencing parent text infinite loops
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: SVG (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Stephen Chenney
URL:
Keywords:
: 104634 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-03-11 16:15 PDT by Stephen Chenney
Modified: 2015-04-27 15:06 PDT (History)
7 users (show)

See Also:


Attachments
Layout test (281 bytes, image/svg+xml)
2013-03-11 16:15 PDT, Stephen Chenney
no flags Details
Patch (4.21 KB, patch)
2013-03-11 17:55 PDT, Stephen Chenney
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Stephen Chenney 2013-03-11 16:15:17 PDT
See attached repro, which apparently infinitely loops then crashes in DRT.

Chromium https://code.google.com/p/chromium/issues/detail?id=181447

#8  0x0000000001165c5f in WTF::HashMap<WebCore::SVGElement*, WTF::OwnPtr<WTF::HashSet<WebCore::SVGElement*, WTF::PtrHash<WebCore::SVGElement*>, WTF::HashTraits<WebCore::SVGElement*> > >, WTF::PtrHash<WebCore::SVGElement*>, WTF::HashTraits<WebCore::SVGElement*>, WTF::HashTraits<WTF::OwnPtr<WTF::HashSet<WebCore::SVGElement*, WTF::PtrHash<WebCore::SVGElement*>, WTF::HashTraits<WebCore::SVGElement*> > > > >::find (this=
    0x10f36f18cc30, key=@0x7fffff7ff258: 0x10f36f23a8e0) at ../../third_party/WebKit/Source/WTF/wtf/HashMap.h:299
#9  0x00000000011640a8 in WebCore::SVGDocumentExtensions::setOfElementsReferencingTarget (this=0x10f36f18cb60, referencedElement=
    0x10f36f23a8e0) at ../../third_party/WebKit/Source/WebCore/svg/SVGDocumentExtensions.cpp:300
#10 0x00000000011fc22a in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f006578, needsLayout=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:183
#11 0x00000000011fbff8 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:202
#12 0x00000000011fc2d4 in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f341038, needsLayout=false)
---Type <return> to continue, or q <return> to quit---
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:189
#13 0x00000000011fc024 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:207
#14 0x00000000011fc2d4 in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f341038, needsLayout=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:189
#15 0x00000000011fc024 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:207
#16 0x00000000011fc2d4 in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f341038, needsLayout=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:189
#17 0x00000000011fc024 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:207
#18 0x00000000011fc2d4 in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f341038, needsLayout=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:189
#19 0x00000000011fc024 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:207
#20 0x00000000011fc2d4 in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f341038, needsLayout=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:189
#21 0x00000000011fc024 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:207
#22 0x00000000011fc2d4 in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f341038, needsLayout=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:189
#23 0x00000000011fc024 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:207
Comment 1 Stephen Chenney 2013-03-11 16:15:45 PDT
Created attachment 192589 [details]
Layout test
Comment 2 Stephen Chenney 2013-03-11 17:55:42 PDT
Created attachment 192609 [details]
Patch
Comment 3 Stephen Chenney 2013-03-11 17:56:59 PDT
I also checked the case of a textpath with a path parent that it was referencing, but the crash did not happen.
Comment 4 Philip Rogers 2013-03-21 13:49:45 PDT
Comment on attachment 192609 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=192609&action=review

R=me

> LayoutTests/svg/text/textpath-referencing-text-crash-expected.txt:6
>    + LF

Something is up here, these lines don't usually appear.
Comment 5 Stephen Chenney 2013-03-21 13:53:53 PDT
Comment on attachment 192609 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=192609&action=review

>> LayoutTests/svg/text/textpath-referencing-text-crash-expected.txt:6
>>    + LF
> 
> Something is up here, these lines don't usually appear.

It's Chromium's svn properties file, I think, and safe to leave here.
Comment 6 WebKit Review Bot 2013-03-21 13:59:59 PDT
Comment on attachment 192609 [details]
Patch

Clearing flags on attachment: 192609

Committed r146515: <http://trac.webkit.org/changeset/146515>
Comment 7 WebKit Review Bot 2013-03-21 14:00:03 PDT
All reviewed patches have been landed.  Closing bug.
Comment 8 Said Abou-Hallawa 2015-04-27 15:06:11 PDT
*** Bug 104634 has been marked as a duplicate of this bug. ***