190413 – ASSERT: SMILTimeContainer::begin ASSERT(!m_beginTime) on gamejolt.com

RESOLVED DUPLICATE of bug 172490 190413

ASSERT: SMILTimeContainer::begin ASSERT(!m_beginTime) on gamejolt.com

https://bugs.webkit.org/show_bug.cgi?id=190413

Summary ASSERT: SMILTimeContainer::begin ASSERT(!m_beginTime) on gamejolt.com

Joseph Pecoraro

Reported 2018-10-09 15:16:54 PDT

ASSERT: SMILTimeContainer::begin ASSERT(!m_beginTime) on gamejolt.com. I'm on WebKit Debug at r236094. Steps to Reproduce: 1. Load https://gamejolt.com/games/game-test-life/32149 2. Wait a little while => ASSERT

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2018-10-10 00:20:20 PDT

<rdar://problem/45153186>

mitz

Comment 2 2018-11-04 12:16:52 PST

Also seen on <https://online.seterra.com/en/vgp/3015> (maybe it’s the same game engine).

Simon Fraser (smfr)

Comment 3 2018-11-20 18:22:27 PST

We call begin the first time via something like: * frame #0: 0x0000000109843a7b WebCore`WebCore::SMILTimeContainer::begin(this=0x0000000139e11bb0) at SMILTimeContainer.cpp:135 frame #1: 0x00000001097a5bab WebCore`WebCore::SVGSVGElement::insertedIntoAncestor(this=0x000000013cdedc80, insertionType=(connectedToDocument = true, treeScopeChanged = true), parentOfInsertedTree=0x000000012346b138) at SVGSVGElement.cpp:485 frame #2: 0x0000000107efdedc WebCore`WebCore::notifyNodeInsertedIntoDocument(parentOfInsertedTree=0x000000012346b138, node=0x000000013cdedc80, treeScopeChange=Changed, postInsertionNotificationTargets={ size = 0, capacity = 11 }) at ContainerNodeAlgorithms.cpp:48 frame #3: 0x0000000107efdfc4 WebCore`WebCore::notifyNodeInsertedIntoDocument(parentOfInsertedTree=0x000000012346b138, node=0x0000000131305f70, treeScopeChange=Changed, postInsertionNotificationTargets={ size = 0, capacity = 11 }) at ContainerNodeAlgorithms.cpp:56 frame #4: 0x0000000107efdfc4 WebCore`WebCore::notifyNodeInsertedIntoDocument(parentOfInsertedTree=0x000000012346b138, node=0x0000000131305ea0, treeScopeChange=Changed, postInsertionNotificationTargets={ size = 0, capacity = 11 }) at ContainerNodeAlgorithms.cpp:56 frame #5: 0x0000000107efdd16 WebCore`WebCore::notifyChildNodeInserted(parentOfInsertedTree=0x000000012346b138, node=0x0000000131305ea0) at ContainerNodeAlgorithms.cpp:103 frame #6: 0x0000000107efb590 WebCore`void WebCore::executeNodeInsertionWithScriptAssertion<WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck(WebCore::Node&)::$_4>(containerNode=0x000000012346b138, child=0x0000000131305ea0, source=API, replacedAllChildren=No, doNodeInsertion=(anonymous class) @ 0x00007ffeefbfba90)::$_4) at ContainerNode.cpp:197 frame #7: 0x0000000107ef83cb WebCore`WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck(this=0x000000012346b138, newChild=0x0000000131305ea0) at ContainerNode.cpp:718 frame #8: 0x0000000107efb488 WebCore`WebCore::ContainerNode::appendChild(this=0x000000012346b138, newChild=0x0000000131305ea0) at ContainerNode.cpp:686 frame #9: 0x00000001080984b4 WebCore`WebCore::Node::appendChild(this=0x000000012346b138, newChild=0x0000000131305ea0) at Node.cpp:494 frame #10: 0x0000000106c450be WebCore`WebCore::jsNodePrototypeFunctionAppendChildBody(state=0x00007ffeefbfbe60, castedThis=0x000000013ccf0b00, throwScope=0x00007ffeefbfbde0) at JSNode.cpp:855 frame #11: 0x0000000106c35898 WebCore`long long WebCore::IDLOperation<WebCore::JSNode>::call<&(state=0x00007ffeefbfbe60, operationName="appendChild")), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState&, char const*) at JSDOMOperation.h:53 then again at: * frame #0: 0x0000000109843a7b WebCore`WebCore::SMILTimeContainer::begin(this=0x000000012d57e160) at SMILTimeContainer.cpp:135 frame #1: 0x000000010960cb24 WebCore`WebCore::SVGDocumentExtensions::startAnimations(this=0x00000001306c1e38) at SVGDocumentExtensions.cpp:99 frame #2: 0x0000000107f542ba WebCore`WebCore::Document::implicitClose(this={ origin = Unique, url = , inMainFrame = 1, pageCacheState = NotInPageCache }) at Document.cpp:3023 frame #3: 0x00000001087ce82b WebCore`WebCore::FrameLoader::checkCallImplicitClose(this=0x000000011c4242e0) at FrameLoader.cpp:951 frame #4: 0x00000001087ce2a8 WebCore`WebCore::FrameLoader::checkCompleted(this=0x000000011c4242e0) at FrameLoader.cpp:892 frame #5: 0x00000001087cc295 WebCore`WebCore::FrameLoader::finishedParsing(this=0x000000011c4242e0) at FrameLoader.cpp:781 frame #6: 0x0000000107f6df83 WebCore`WebCore::Document::finishedParsing(this={ origin = Unique, url = , inMainFrame = 1, pageCacheState = NotInPageCache }) at Document.cpp:5641 frame #7: 0x00000001099ce316 WebCore`WebCore::XMLDocumentParser::end(this=0x000000012f87c240) at XMLDocumentParser.cpp:205 frame #8: 0x00000001099ce8be WebCore`WebCore::XMLDocumentParser::finish(this=0x000000012f87c240) at XMLDocumentParser.cpp:219 frame #9: 0x00000001087af70e WebCore`WebCore::DocumentWriter::end(this=0x000000012ebd30b8) at DocumentWriter.cpp:284

Charlie Turner

Comment 4 2020-05-11 06:21:13 PDT

*** This bug has been marked as a duplicate of bug 172490 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 172490

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component SVG

Assignee

Nobody

Reported

2018-10-09 15:16 PDT

Modified

2020-05-11 06:21 PDT History

CC List

8 users Show

URL

https://gamejolt.com/games/game-test-life/32149

Keywords InRadar

Depends on

Blocks