Bug 182185 - REGRESSiON (r226492): Crash under Element::absoluteEventBounds() on a SVGPathElement which has not been laid out yet
Summary: REGRESSiON (r226492): Crash under Element::absoluteEventBounds() on a SVGPath...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Simon Fraser (smfr)
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-01-26 14:03 PST by Simon Fraser (smfr)
Modified: 2018-01-26 14:38 PST (History)
3 users (show)

See Also:

Attachments
Patch (1.80 KB, patch)
2018-01-26 14:06 PST, Simon Fraser (smfr) 		no flags Details | Formatted Diff | Diff
Patch (1.83 KB, patch)
2018-01-26 14:07 PST, Simon Fraser (smfr) 		zalan: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Fraser (smfr) 2018-01-26 14:03:49 PST 
REGRESSiON (r226492): Crash under Element::absoluteEventBounds() on a SVGPathElement which has not been laid out yet
Comment 1 Simon Fraser (smfr) 2018-01-26 14:06:14 PST 
Created attachment 332414 [details]
Patch
Comment 2 Simon Fraser (smfr) 2018-01-26 14:06:46 PST 
rdar://problem/36836262
Comment 3 Simon Fraser (smfr) 2018-01-26 14:07:28 PST 
Created attachment 332415 [details]
Patch
Comment 4 zalan 2018-01-26 14:13:04 PST 
Comment on attachment 332415 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=332415&action=review

> Source/WebCore/svg/SVGPathElement.cpp:424
> +    if (!renderer || !renderer->hasPath())
> +        return { };

Please add a FIXME here that it's an invalid state.
Comment 5 Simon Fraser (smfr) 2018-01-26 14:37:49 PST Comment hidden (obsolete)
Comment 6 Simon Fraser (smfr) 2018-01-26 14:38:40 PST 
https://trac.webkit.org/r227697