Bug 113217 - ASSERT(m_type == toSVGTransform.type())
Summary: ASSERT(m_type == toSVGTransform.type())
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: SVG (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Rob Buis
URL:
Keywords:
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2013-03-25 10:18 PDT by Renata Hodovan
Modified: 2013-08-09 06:26 PDT (History)
7 users (show)

See Also:

Attachments
Patch (5.37 KB, patch)
2013-08-08 15:33 PDT, Rob Buis 		darin: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2013-03-25 10:18:14 PDT 
Assertion fauilre happens in WebCore::SVGTransformDistance::SVGTransformDistance with the following test:

<svg xmlns="http://www.w3.org/2000/svg">
	<g transform="translate(5,0)">
		<animateTransform attributeName="transform" additive="sum" type="scale" to="2"></animateTransform> 
	</g>
</svg>


BACKTRACE:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4ceb7e1 in WebCore::SVGTransformDistance::SVGTransformDistance (this=0x7fffffffcc30, fromSVGTransform=..., toSVGTransform=...)
    at /home/reni/WebKit-git/Source/WebCore/svg/SVGTransformDistance.cpp:56
56	    ASSERT(m_type == toSVGTransform.type());
(gdb) bt 15
#0  0x00007ffff4ceb7e1 in WebCore::SVGTransformDistance::SVGTransformDistance (this=0x7fffffffcc30, fromSVGTransform=..., toSVGTransform=...)
    at /home/reni/WebKit-git/Source/WebCore/svg/SVGTransformDistance.cpp:56
#1  0x00007ffff4c1e60e in WebCore::SVGAnimatedTransformListAnimator::calculateAnimatedValue (this=0x94b170, percentage=0, repeatCount=0, from=0x96ec40, to=0x7083a0, 
    toAtEndOfDuration=0x7083a0, animated=0x969be0) at /home/reni/WebKit-git/Source/WebCore/svg/SVGAnimatedTransformList.cpp:120
#2  0x00007ffff4c26558 in WebCore::SVGAnimateElement::calculateAnimatedValue (this=0x9736e0, percentage=0, repeatCount=0, resultElement=0x9736e0)
    at /home/reni/WebKit-git/Source/WebCore/svg/SVGAnimateElement.cpp:141
#3  0x00007ffff4c2f8a7 in WebCore::SVGAnimationElement::updateAnimation (this=0x9736e0, percent=0, repeatCount=0, resultElement=0x9736e0)
    at /home/reni/WebKit-git/Source/WebCore/svg/SVGAnimationElement.cpp:632
#4  0x00007ffff4bd4ac1 in WebCore::SVGSMILElement::progress (this=0x9736e0, elapsed=..., resultElement=0x9736e0, seekToTime=false)
    at /home/reni/WebKit-git/Source/WebCore/svg/animation/SVGSMILElement.cpp:1108
#5  0x00007ffff4bca9d8 in WebCore::SMILTimeContainer::updateAnimations (this=0x948400, elapsed=..., seekToTime=false)
    at /home/reni/WebKit-git/Source/WebCore/svg/animation/SMILTimeContainer.cpp:296
#6  0x00007ffff4bc9e8d in WebCore::SMILTimeContainer::begin (this=0x948400) at /home/reni/WebKit-git/Source/WebCore/svg/animation/SMILTimeContainer.cpp:142
#7  0x00007ffff4beef58 in WebCore::SVGDocumentExtensions::startAnimations (this=0x94a700) at /home/reni/WebKit-git/Source/WebCore/svg/SVGDocumentExtensions.cpp:102
#8  0x00007ffff40c5bb5 in WebCore::Document::implicitClose (this=0x942800) at /home/reni/WebKit-git/Source/WebCore/dom/Document.cpp:2532
#9  0x00007ffff453ea6d in WebCore::FrameLoader::checkCallImplicitClose (this=0x7012e8) at /home/reni/WebKit-git/Source/WebCore/loader/FrameLoader.cpp:837
#10 0x00007ffff453e801 in WebCore::FrameLoader::checkCompleted (this=0x7012e8) at /home/reni/WebKit-git/Source/WebCore/loader/FrameLoader.cpp:780
#11 0x00007ffff453e566 in WebCore::FrameLoader::finishedParsing (this=0x7012e8) at /home/reni/WebKit-git/Source/WebCore/loader/FrameLoader.cpp:713
#12 0x00007ffff40ccd1f in WebCore::Document::finishedParsing (this=0x942800) at /home/reni/WebKit-git/Source/WebCore/dom/Document.cpp:4493
#13 0x00007ffff4a1f34f in WebCore::XMLDocumentParser::end (this=0x707610) at /home/reni/WebKit-git/Source/WebCore/xml/parser/XMLDocumentParser.cpp:217
#14 0x00007ffff4a1f38c in WebCore::XMLDocumentParser::finish (this=0x707610) at /home/reni/WebKit-git/Source/WebCore/xml/parser/XMLDocumentParser.cpp:229
Comment 1 Rob Buis 2013-08-08 15:33:12 PDT 
Created attachment 208377 [details]
Patch
Comment 2 Darin Adler 2013-08-08 19:10:55 PDT 
Comment on attachment 208377 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=208377&action=review

> Source/WebCore/ChangeLog:3
> +        ASSERT(m_type == toSVGTransform.type())

Not a great bug title.

> Source/WebCore/ChangeLog:9
> +        This matches FireFox and Opera 12 behavior.

Firefox is misspelled here.
Comment 3 Rob Buis 2013-08-09 06:26:56 PDT 
Committed r153887: <http://trac.webkit.org/changeset/153887>