RESOLVED FIXED 119748
ASSERTION FAILED: resultAnimationElement->m_animatedType in WebCore::SVGAnimateElement::calculateAnimatedValue 
https://bugs.webkit.org/show_bug.cgi?id=119748
Summary ASSERTION FAILED: resultAnimationElement->m_animatedType in WebCore::SVGAnima...
Renata Hodovan
Reported 2013-08-13 08:04:27 PDT
The failing test: <svg xmlns="http://www.w3.org/2000/svg"> <animatetransform attributename="transform" attributetype="CSS" values="0" ></animatetransform> </svg> Backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff56f5744 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 342 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff56f5744 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 #1 0x00007ffff4c56b5a in WebCore::SVGAnimateElement::calculateAnimatedValue (this=0x8d99d0, percentage=1, repeatCount=0, resultElement=0x8d99d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGAnimateElement.cpp:120 #2 0x00007ffff4c5e678 in WebCore::SVGAnimationElement::updateAnimation (this=0x8d99d0, percent=0, repeatCount=0, resultElement=0x8d99d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGAnimationElement.cpp:632 #3 0x00007ffff4c09c19 in WebCore::SVGSMILElement::progress (this=0x8d99d0, elapsed=..., resultElement=0x8d99d0, seekToTime=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/animation/SVGSMILElement.cpp:1113 #4 0x00007ffff4bffdd1 in WebCore::SMILTimeContainer::updateAnimations (this=0x8b5050, elapsed=..., seekToTime=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/animation/SMILTimeContainer.cpp:293 #5 0x00007ffff4bff2cb in WebCore::SMILTimeContainer::begin (this=0x8b5050) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/animation/SMILTimeContainer.cpp:139 #6 0x00007ffff4c24c01 in WebCore::SVGDocumentExtensions::startAnimations (this=0x8b70f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGDocumentExtensions.cpp:102 #7 0x00007ffff41b2ec6 in WebCore::Document::implicitClose (this=0x89e3a0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2453 #8 0x00007ffff45b311d in WebCore::FrameLoader::checkCallImplicitClose (this=0x7d5998) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:844 #9 0x00007ffff45b2e8e in WebCore::FrameLoader::checkCompleted (this=0x7d5998) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:787 #10 0x00007ffff45b2bc3 in WebCore::FrameLoader::finishedParsing (this=0x7d5998) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:720 #11 0x00007ffff41b9e37 in WebCore::Document::finishedParsing (this=0x89e3a0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4404 #12 0x00007ffff440b2a1 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7d3068) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:348 #13 0x00007ffff443f9c3 in WebCore::HTMLTreeBuilder::finished (this=0x7d3050) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2926 #14 0x00007ffff44129a0 in WebCore::HTMLDocumentParser::end (this=0x794b70) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:763 #15 0x00007ffff4412a8b in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x794b70) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:774 #16 0x00007ffff44115fa in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x794b70) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:211 #17 0x00007ffff4412ad0 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x794b70) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:786 #18 0x00007ffff4412b89 in WebCore::HTMLDocumentParser::finish (this=0x794b70) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:835 #19 0x00007ffff45aaa23 in WebCore::DocumentWriter::end (this=0x6942f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:248 #20 0x00007ffff459d562 in WebCore::DocumentLoader::finishedLoading (this=0x694250, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:402 #21 0x00007ffff459d2d0 in WebCore::DocumentLoader::notifyFinished (this=0x694250, resource=0x7b0020) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344 #22 0x00007ffff45845c6 in WebCore::CachedResource::checkNotify (this=0x7b0020) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369 #23 0x00007ffff458469c in WebCore::CachedResource::finishLoading (this=0x7b0020) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385 #24 0x00007ffff4580dee in WebCore::CachedRawResource::finishLoading (this=0x7b0020, data=0x7cc480) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94 #25 0x00007ffff45e73e3 in WebCore::SubresourceLoader::didFinishLoading (this=0x775d20, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:282 #26 0x00007ffff45ddccd in WebCore::ResourceLoader::didFinishLoading (this=0x775d20, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:488 #27 0x00007ffff4a87683 in WebCore::QNetworkReplyHandler::finish (this=0x7bcfd0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516 #28 0x00007ffff4a863a2 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x7bd008) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250 #29 0x00007ffff4a8609f in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x7bd008, ---Type <return> to continue, or q <return> to quit--- method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4a874c8 <WebCore::QNetworkReplyHandler::finish()>) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216 #30 0x00007ffff4a86fec in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x7cbce0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409 #31 0x00007ffff4a8997e in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x7cbce0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffcf80) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:176 #32 0x00007ffff22115cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #33 0x00007ffff221284e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #34 0x00007ffff3058dbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #35 0x00007ffff305c075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5 #36 0x00007ffff21ecdbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #37 0x00007ffff21eea76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #38 0x00007ffff2234333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #39 0x00007fffee3790a6 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3058 #40 g_main_context_dispatch (context=context@entry=0x6632f0) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3634 #41 0x00007fffee3793f8 in g_main_context_iterate (context=context@entry=0x6632f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3705 #42 0x00007fffee37949c in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3766 #43 0x00007ffff22344bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #44 0x00007ffff21ebd3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #45 0x00007ffff21ef120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5 #46 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49 #47 0x0000000000423680 in main (argc=2, argv=0x7fffffffdc58) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318
Attachments
Test case (148 bytes, text/html)
2013-08-13 08:05 PDT, Renata Hodovan 		no flags
Details
Patch (7.45 KB, patch)
2013-08-13 15:18 PDT, Rob Buis 		no flags
DetailsFormatted DiffDiff
Patch (11.22 KB, patch)
2013-08-14 08:07 PDT, Rob Buis 		krit: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Renata Hodovan
Comment 1 2013-08-13 08:05:47 PDT
Created attachment 208632 [details] Test case
Rob Buis
Comment 2 2013-08-13 15:18:35 PDT
Created attachment 208683 [details] Patch
Rob Buis
Comment 3 2013-08-14 08:07:09 PDT
Created attachment 208726 [details] Patch
Dirk Schulze
Comment 4 2013-08-14 08:09:32 PDT
Comment on attachment 208726 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=208726&action=review r=me > Source/WebCore/svg/SVGAnimateTransformElement.cpp:53 > + if (attributeType() == AttributeTypeCSS) > + return false; We discussed it on IRC before and came to the conclusion that this is the better solution for now. We may do not even want to support CSS Transforms in animateTransform in the future.
Rob Buis
Comment 5 2013-08-14 08:43:17 PDT
Committed r154049: <http://trac.webkit.org/changeset/154049>
Note You need to log in before you can comment on or make changes to this bug.