In <http://trac.webkit.org/changeset/95047>, we tried to fix this issue. But instead of registering the clients of the destroyed resource, we registered all the clients in the cache as having pending resources.
In SVGResourcesCache::resourceDestroyed(), we call resourcesCacheFromRenderer() which returns a cache that maps <RenderElement, SVGResources>.
We loop through all the elements in the cache and we call SVGResources::resourceDestroyed() which will remove the reference to the destroyed resource if it's one of the resources of SVGResources
Then we call SVGDocumentExtensions::addPendingResource() with the ID of the destroyed resource and the Element of the RenderElement.
This is wrong if the SVGResources does not have a reference to the destroyed resource. It is waste of time to register the Element of the RenderElement to have a pending resources in this caae.
Created attachment 324358 [details]
Comment on attachment 324358 [details]
View in context: https://bugs.webkit.org/attachment.cgi?id=324358&action=review
> m_clipperFilterMaskerData->masker = 0;
These 0 should all be nullptr, right?
> + bool resourceDestroyed(RenderSVGResourceContainer&);
Please add a comment saying what the return value means, or use an enum.
Created attachment 324424 [details]
Comment on attachment 324424 [details]
Clearing flags on attachment: 324424
Committed r223789: <https://trac.webkit.org/changeset/223789>
All reviewed patches have been landed. Closing bug.