Bug 149460 - ASSERTION FAILED: !url.protocolIsData() in WebCore::SVGURIReference::isExternalURIReference
Summary: ASSERTION FAILED: !url.protocolIsData() in WebCore::SVGURIReference::isExtern...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: SVG (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
: 202809 (view as bug list)
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2015-09-22 08:37 PDT by Renata Hodovan
Modified: 2024-02-07 17:12 PST (History)
9 users (show)

See Also:

Attachments
Test (54 bytes, text/html)
2015-09-22 08:37 PDT, Renata Hodovan 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2015-09-22 08:37:46 PDT 
Created attachment 261744 [details]
Test

Load this test with debug WebKit:

<svg>
    <use xlink:href="data:foo.bar"></use>
</svg>


Backtrace:

ASSERTION FAILED: !url.protocolIsData()
../../Source/WebCore/svg/SVGURIReference.h(48) : static bool WebCore::SVGURIReference::isExternalURIReference(const WTF::String&, WebCore::Document&)

#0  0x00007fffec64eab6 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007ffff287cad1 in WebCore::SVGURIReference::isExternalURIReference (uri=..., document=...) at ../../Source/WebCore/svg/SVGURIReference.h:48
#2  0x00007ffff36fc51c in WebCore::SVGUseElement::updateExternalDocument (this=0x7fffd5ad9000) at ../../Source/WebCore/svg/SVGUseElement.cpp:534
#3  0x00007ffff36f9965 in WebCore::SVGUseElement::insertedInto (this=0x7fffd5ad9000, rootParent=...) at ../../Source/WebCore/svg/SVGUseElement.cpp:110
#4  0x00007ffff28f88af in WebCore::notifyNodeInsertedIntoDocument (insertionPoint=..., node=..., postInsertionNotificationTargets=...)
    at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:71
#5  0x00007ffff28f8ac2 in WebCore::notifyChildNodeInserted (insertionPoint=..., node=..., postInsertionNotificationTargets=...)
    at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:97
#6  0x00007ffff28ebbd1 in WebCore::ContainerNode::notifyChildInserted (this=0x7fffd5adb000, child=..., source=WebCore::ContainerNode::ChildChangeSourceParser)
    at ../../Source/WebCore/dom/ContainerNode.cpp:331
#7  0x00007ffff28ed982 in WebCore::ContainerNode::parserAppendChild (this=0x7fffd5adb000, newChild=...) at ../../Source/WebCore/dom/ContainerNode.cpp:734
#8  0x00007ffff2ccb299 in WebCore::insert (task=...) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:107
#9  0x00007ffff2ccb33c in WebCore::executeInsertTask (task=...) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:114
#10 0x00007ffff2ccb58a in WebCore::executeTask (task=...) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:152
#11 0x00007ffff2ccb918 in WebCore::HTMLConstructionSite::executeQueuedTasks (this=0x7fffd5af7920)
    at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:202
#12 0x00007ffff2cff2c7 in WebCore::HTMLTreeBuilder::constructTree (this=0x7fffd5af7900, token=...) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:355
#13 0x00007ffff2cd55d8 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x7fffd58165c0, rawToken=...)
    at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:321
#14 0x00007ffff2cd5208 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x7fffd58165c0, mode=WebCore::HTMLDocumentParser::AllowYield)
    at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:276
#15 0x00007ffff2cd4ac7 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x7fffd58165c0, mode=WebCore::HTMLDocumentParser::AllowYield)
    at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:166
#16 0x00007ffff2cd5b3c in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) (this=0x7fffd58165c0, 
    inputSource=<unknown type in webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x0, DIE 0x6d8e5>)
    at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:391
#17 0x00007ffff2908a65 in WebCore::DecodedDataDocumentParser::flush (this=0x7fffd58165c0, writer=...)
    at ../../Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#18 0x00007ffff2e68c3e in WebCore::DocumentWriter::end (this=0x7fffd58360a0) at ../../Source/WebCore/loader/DocumentWriter.cpp:244
#19 0x00007ffff2e5264a in WebCore::DocumentLoader::finishedLoading (this=0x7fffd5836000, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:430
#20 0x00007ffff2e523a8 in WebCore::DocumentLoader::notifyFinished (this=0x7fffd5836000, resource=0x7fffd580f9c0)
    at ../../Source/WebCore/loader/DocumentLoader.cpp:377
#21 0x00007ffff2f10f7d in WebCore::CachedResource::checkNotify (this=0x7fffd580f9c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:297
#22 0x00007ffff2f1108c in WebCore::CachedResource::finishLoading (this=0x7fffd580f9c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:313
#23 0x00007ffff2f0d28a in WebCore::CachedRawResource::finishLoading (this=0x7fffd580f9c0, data=0x7fffd5bfde80)
    at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:103
#24 0x00007ffff2ebd812 in WebCore::SubresourceLoader::didFinishLoading (this=0x7fffd5836c00, finishTime=0)
    at ../../Source/WebCore/loader/SubresourceLoader.cpp:372
#25 0x00007ffff2eb828b in WebCore::ResourceLoader::didFinishLoading (this=0x7fffd5836c00, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:631
#26 0x00007ffff38e70f6 in WebCore::readCallback (asyncResult=0xb4e9b0, data=0x7fffd5bb7300)
    at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1340
#27 0x00007fffe945796a in async_ready_callback_wrapper (source_object=0xa35db0, res=0xb4e9b0, user_data=0x7fffd5bb7300) at ginputstream.c:529
#28 0x00007fffe947d453 in g_task_return_now (task=0xb4e9b0) at gtask.c:1088
#29 0x00007fffe947d489 in complete_in_idle_cb (task=0xb4e9b0) at gtask.c:1102
#30 0x00007fffe8eb7a9d in g_main_dispatch (context=0x492400) at gmain.c:3122
#31 g_main_context_dispatch (context=context@entry=0x492400) at gmain.c:3737
#32 0x00007fffe8eb7e70 in g_main_context_iterate (context=0x492400, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3808
#33 0x00007fffe8eb8192 in g_main_loop_run (loop=0x5f15d0) at gmain.c:4002
#34 0x00007ffff406313f in WTF::RunLoop::run () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:67
#35 0x00007ffff2300a23 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd5b8)
    at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#36 0x00007ffff2300880 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd5b8) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:77
#37 0x00000000004008da in main (argc=2, argv=0x7fffffffd5b8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Comment 1 Brent Fulgham 2016-08-04 17:19:52 PDT 
This reproduces in r204037.
Comment 2 Radar WebKit Bug Importer 2016-08-04 17:20:17 PDT 
<rdar://problem/27710775>
Comment 3 Said Abou-Hallawa 2016-08-04 19:02:59 PDT 
Correct SVG href should not be a data url. But if this happens we should not assert. This assertion was added by https://trac.webkit.org/changeset/183053. The changeLog does not describe why this assertion was added. But I think it was added because the assumption was the mask data URI was handled by the CSS parser and SVGURIReference should not be receiving a data URI which might correct for masks. But it is not the case for the SVG href itself which can be a data uri for incorrect SVG documents.

So I think this assertion is not correct and should be removed.
Comment 4 Emilio Cobos Álvarez (:emilio) 2019-10-16 11:37:54 PDT 
*** Bug 202809 has been marked as a duplicate of this bug. ***