119748 – ASSERTION FAILED: resultAnimationElement->m_animatedType in WebCore::SVGAnimateElement::calculateAnimatedValue

Bug 119748 - ASSERTION FAILED: resultAnimationElement->m_animatedType in WebCore::SVGAnimateElement::calculateAnimatedValue

Summary: ASSERTION FAILED: resultAnimationElement->m_animatedType in WebCore::SVGAnima...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	SVG (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Rob Buis

URL:
Keywords:

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2013-08-13 08:04 PDT by Renata Hodovan
Modified:	2013-08-14 08:43 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Test case (148 bytes, text/html) 2013-08-13 08:05 PDT, Renata Hodovan	no flags	Details
Patch (7.45 KB, patch) 2013-08-13 15:18 PDT, Rob Buis	no flags	Details \| Formatted Diff \| Diff
Patch (11.22 KB, patch) 2013-08-14 08:07 PDT, Rob Buis	krit: review+	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2013-08-13 08:04:27 PDT

The failing test:

<svg xmlns="http://www.w3.org/2000/svg">
    <animatetransform attributename="transform" attributetype="CSS" values="0" ></animatetransform>
</svg>


Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff56f5744 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342
342	    *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff56f5744 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342
#1  0x00007ffff4c56b5a in WebCore::SVGAnimateElement::calculateAnimatedValue (this=0x8d99d0, percentage=1, repeatCount=0, resultElement=0x8d99d0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGAnimateElement.cpp:120
#2  0x00007ffff4c5e678 in WebCore::SVGAnimationElement::updateAnimation (this=0x8d99d0, percent=0, repeatCount=0, resultElement=0x8d99d0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGAnimationElement.cpp:632
#3  0x00007ffff4c09c19 in WebCore::SVGSMILElement::progress (this=0x8d99d0, elapsed=..., resultElement=0x8d99d0, seekToTime=false)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/animation/SVGSMILElement.cpp:1113
#4  0x00007ffff4bffdd1 in WebCore::SMILTimeContainer::updateAnimations (this=0x8b5050, elapsed=..., seekToTime=false)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/animation/SMILTimeContainer.cpp:293
#5  0x00007ffff4bff2cb in WebCore::SMILTimeContainer::begin (this=0x8b5050)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/animation/SMILTimeContainer.cpp:139
#6  0x00007ffff4c24c01 in WebCore::SVGDocumentExtensions::startAnimations (this=0x8b70f0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/svg/SVGDocumentExtensions.cpp:102
#7  0x00007ffff41b2ec6 in WebCore::Document::implicitClose (this=0x89e3a0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2453
#8  0x00007ffff45b311d in WebCore::FrameLoader::checkCallImplicitClose (this=0x7d5998)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:844
#9  0x00007ffff45b2e8e in WebCore::FrameLoader::checkCompleted (this=0x7d5998) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:787
#10 0x00007ffff45b2bc3 in WebCore::FrameLoader::finishedParsing (this=0x7d5998) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:720
#11 0x00007ffff41b9e37 in WebCore::Document::finishedParsing (this=0x89e3a0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4404
#12 0x00007ffff440b2a1 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7d3068)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:348
#13 0x00007ffff443f9c3 in WebCore::HTMLTreeBuilder::finished (this=0x7d3050)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2926
#14 0x00007ffff44129a0 in WebCore::HTMLDocumentParser::end (this=0x794b70)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:763
#15 0x00007ffff4412a8b in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x794b70)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:774
#16 0x00007ffff44115fa in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x794b70)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:211
#17 0x00007ffff4412ad0 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x794b70)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:786
#18 0x00007ffff4412b89 in WebCore::HTMLDocumentParser::finish (this=0x794b70)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:835
#19 0x00007ffff45aaa23 in WebCore::DocumentWriter::end (this=0x6942f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:248
#20 0x00007ffff459d562 in WebCore::DocumentLoader::finishedLoading (this=0x694250, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:402
#21 0x00007ffff459d2d0 in WebCore::DocumentLoader::notifyFinished (this=0x694250, resource=0x7b0020)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344
#22 0x00007ffff45845c6 in WebCore::CachedResource::checkNotify (this=0x7b0020)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369
#23 0x00007ffff458469c in WebCore::CachedResource::finishLoading (this=0x7b0020)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385
#24 0x00007ffff4580dee in WebCore::CachedRawResource::finishLoading (this=0x7b0020, data=0x7cc480)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94
#25 0x00007ffff45e73e3 in WebCore::SubresourceLoader::didFinishLoading (this=0x775d20, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:282
#26 0x00007ffff45ddccd in WebCore::ResourceLoader::didFinishLoading (this=0x775d20, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:488
#27 0x00007ffff4a87683 in WebCore::QNetworkReplyHandler::finish (this=0x7bcfd0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516
#28 0x00007ffff4a863a2 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x7bd008)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250
#29 0x00007ffff4a8609f in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x7bd008, 
---Type <return> to continue, or q <return> to quit---
    method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4a874c8 <WebCore::QNetworkReplyHandler::finish()>)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216
#30 0x00007ffff4a86fec in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x7cbce0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409
#31 0x00007ffff4a8997e in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x7cbce0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffcf80)
    at .moc/release-shared/moc_QNetworkReplyHandler.cpp:176
#32 0x00007ffff22115cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#33 0x00007ffff221284e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#34 0x00007ffff3058dbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#35 0x00007ffff305c075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#36 0x00007ffff21ecdbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#37 0x00007ffff21eea76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#38 0x00007ffff2234333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#39 0x00007fffee3790a6 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3058
#40 g_main_context_dispatch (context=context@entry=0x6632f0) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3634
#41 0x00007fffee3793f8 in g_main_context_iterate (context=context@entry=0x6632f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3705
#42 0x00007fffee37949c in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.37.3/./glib/gmain.c:3766
#43 0x00007ffff22344bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#44 0x00007ffff21ebd3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#45 0x00007ffff21ef120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#46 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49
#47 0x0000000000423680 in main (argc=2, argv=0x7fffffffdc58) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318

Comment 1 Renata Hodovan 2013-08-13 08:05:47 PDT

Created attachment 208632 [details]
Test case

Comment 2 Rob Buis 2013-08-13 15:18:35 PDT

Created attachment 208683 [details]
Patch

Comment 3 Rob Buis 2013-08-14 08:07:09 PDT

Created attachment 208726 [details]
Patch

Comment 4 Dirk Schulze 2013-08-14 08:09:32 PDT

Comment on attachment 208726 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=208726&action=review

r=me

> Source/WebCore/svg/SVGAnimateTransformElement.cpp:53
> +    if (attributeType() == AttributeTypeCSS)
> +        return false;

We discussed it on IRC before and came to the conclusion that this is the better solution for now. We may do not even want to support CSS Transforms in animateTransform in the future.

Comment 5 Rob Buis 2013-08-14 08:43:17 PDT

Committed r154049: <http://trac.webkit.org/changeset/154049>