RESOLVED FIXED 112078
SVG text path referencing parent text infinite loops 
https://bugs.webkit.org/show_bug.cgi?id=112078
Summary SVG text path referencing parent text infinite loops
Stephen Chenney
Reported 2013-03-11 16:15:17 PDT
See attached repro, which apparently infinitely loops then crashes in DRT. Chromium https://code.google.com/p/chromium/issues/detail?id=181447 #8 0x0000000001165c5f in WTF::HashMap<WebCore::SVGElement*, WTF::OwnPtr<WTF::HashSet<WebCore::SVGElement*, WTF::PtrHash<WebCore::SVGElement*>, WTF::HashTraits<WebCore::SVGElement*> > >, WTF::PtrHash<WebCore::SVGElement*>, WTF::HashTraits<WebCore::SVGElement*>, WTF::HashTraits<WTF::OwnPtr<WTF::HashSet<WebCore::SVGElement*, WTF::PtrHash<WebCore::SVGElement*>, WTF::HashTraits<WebCore::SVGElement*> > > > >::find (this= 0x10f36f18cc30, key=@0x7fffff7ff258: 0x10f36f23a8e0) at ../../third_party/WebKit/Source/WTF/wtf/HashMap.h:299 #9 0x00000000011640a8 in WebCore::SVGDocumentExtensions::setOfElementsReferencingTarget (this=0x10f36f18cb60, referencedElement= 0x10f36f23a8e0) at ../../third_party/WebKit/Source/WebCore/svg/SVGDocumentExtensions.cpp:300 #10 0x00000000011fc22a in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f006578, needsLayout=false) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:183 #11 0x00000000011fbff8 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:202 #12 0x00000000011fc2d4 in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f341038, needsLayout=false) ---Type <return> to continue, or q <return> to quit--- at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:189 #13 0x00000000011fc024 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:207 #14 0x00000000011fc2d4 in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f341038, needsLayout=false) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:189 #15 0x00000000011fc024 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:207 #16 0x00000000011fc2d4 in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f341038, needsLayout=false) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:189 #17 0x00000000011fc024 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:207 #18 0x00000000011fc2d4 in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f341038, needsLayout=false) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:189 #19 0x00000000011fc024 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:207 #20 0x00000000011fc2d4 in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f341038, needsLayout=false) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:189 #21 0x00000000011fc024 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:207 #22 0x00000000011fc2d4 in WebCore::removeFromCacheAndInvalidateDependencies (object=0x10f36f341038, needsLayout=false) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:189 #23 0x00000000011fc024 in WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation (object=0x10f36f006578, needsLayout=false) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGResource.cpp:207
Attachments
Layout test (281 bytes, image/svg+xml)
2013-03-11 16:15 PDT, Stephen Chenney 		no flags
Details
Patch (4.21 KB, patch)
2013-03-11 17:55 PDT, Stephen Chenney 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Stephen Chenney
Comment 1 2013-03-11 16:15:45 PDT
Created attachment 192589 [details] Layout test
Stephen Chenney
Comment 2 2013-03-11 17:55:42 PDT
Created attachment 192609 [details] Patch
Stephen Chenney
Comment 3 2013-03-11 17:56:59 PDT
I also checked the case of a textpath with a path parent that it was referencing, but the crash did not happen.
Philip Rogers
Comment 4 2013-03-21 13:49:45 PDT
Comment on attachment 192609 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=192609&action=review R=me > LayoutTests/svg/text/textpath-referencing-text-crash-expected.txt:6 > + LF Something is up here, these lines don't usually appear.
Stephen Chenney
Comment 5 2013-03-21 13:53:53 PDT
Comment on attachment 192609 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=192609&action=review >> LayoutTests/svg/text/textpath-referencing-text-crash-expected.txt:6 >> + LF > > Something is up here, these lines don't usually appear. It's Chromium's svn properties file, I think, and safe to leave here.
WebKit Review Bot
Comment 6 2013-03-21 13:59:59 PDT
Comment on attachment 192609 [details] Patch Clearing flags on attachment: 192609 Committed r146515: <http://trac.webkit.org/changeset/146515>
WebKit Review Bot
Comment 7 2013-03-21 14:00:03 PDT
All reviewed patches have been landed. Closing bug.
Said Abou-Hallawa
Comment 8 2015-04-27 15:06:11 PDT
*** Bug 104634 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.