Bug 190413 - ASSERT: SMILTimeContainer::begin ASSERT(!m_beginTime) on gamejolt.com
Summary: ASSERT: SMILTimeContainer::begin ASSERT(!m_beginTime) on gamejolt.com
Status: RESOLVED DUPLICATE of bug 172490
Alias: None
Product: WebKit
Classification: Unclassified
Component: SVG (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL: https://gamejolt.com/games/game-test-...
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-10-09 15:16 PDT by Joseph Pecoraro
Modified: 2020-05-11 06:21 PDT (History)
8 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Joseph Pecoraro 2018-10-09 15:16:54 PDT 
ASSERT: SMILTimeContainer::begin ASSERT(!m_beginTime) on gamejolt.com. I'm on WebKit Debug at r236094.

Steps to Reproduce:
1. Load https://gamejolt.com/games/game-test-life/32149
2. Wait a little while
  => ASSERT
Comment 1 Radar WebKit Bug Importer 2018-10-10 00:20:20 PDT 
<rdar://problem/45153186>
Comment 2 mitz 2018-11-04 12:16:52 PST 
Also seen on <https://online.seterra.com/en/vgp/3015> (maybe it’s the same game engine).
Comment 3 Simon Fraser (smfr) 2018-11-20 18:22:27 PST 
We call begin the first time via something like:

  * frame #0: 0x0000000109843a7b WebCore`WebCore::SMILTimeContainer::begin(this=0x0000000139e11bb0) at SMILTimeContainer.cpp:135
    frame #1: 0x00000001097a5bab WebCore`WebCore::SVGSVGElement::insertedIntoAncestor(this=0x000000013cdedc80, insertionType=(connectedToDocument = true, treeScopeChanged = true), parentOfInsertedTree=0x000000012346b138) at SVGSVGElement.cpp:485
    frame #2: 0x0000000107efdedc WebCore`WebCore::notifyNodeInsertedIntoDocument(parentOfInsertedTree=0x000000012346b138, node=0x000000013cdedc80, treeScopeChange=Changed, postInsertionNotificationTargets={ size = 0, capacity = 11 }) at ContainerNodeAlgorithms.cpp:48
    frame #3: 0x0000000107efdfc4 WebCore`WebCore::notifyNodeInsertedIntoDocument(parentOfInsertedTree=0x000000012346b138, node=0x0000000131305f70, treeScopeChange=Changed, postInsertionNotificationTargets={ size = 0, capacity = 11 }) at ContainerNodeAlgorithms.cpp:56
    frame #4: 0x0000000107efdfc4 WebCore`WebCore::notifyNodeInsertedIntoDocument(parentOfInsertedTree=0x000000012346b138, node=0x0000000131305ea0, treeScopeChange=Changed, postInsertionNotificationTargets={ size = 0, capacity = 11 }) at ContainerNodeAlgorithms.cpp:56
    frame #5: 0x0000000107efdd16 WebCore`WebCore::notifyChildNodeInserted(parentOfInsertedTree=0x000000012346b138, node=0x0000000131305ea0) at ContainerNodeAlgorithms.cpp:103
    frame #6: 0x0000000107efb590 WebCore`void WebCore::executeNodeInsertionWithScriptAssertion<WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck(WebCore::Node&)::$_4>(containerNode=0x000000012346b138, child=0x0000000131305ea0, source=API, replacedAllChildren=No, doNodeInsertion=(anonymous class) @ 0x00007ffeefbfba90)::$_4) at ContainerNode.cpp:197
    frame #7: 0x0000000107ef83cb WebCore`WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck(this=0x000000012346b138, newChild=0x0000000131305ea0) at ContainerNode.cpp:718
    frame #8: 0x0000000107efb488 WebCore`WebCore::ContainerNode::appendChild(this=0x000000012346b138, newChild=0x0000000131305ea0) at ContainerNode.cpp:686
    frame #9: 0x00000001080984b4 WebCore`WebCore::Node::appendChild(this=0x000000012346b138, newChild=0x0000000131305ea0) at Node.cpp:494
    frame #10: 0x0000000106c450be WebCore`WebCore::jsNodePrototypeFunctionAppendChildBody(state=0x00007ffeefbfbe60, castedThis=0x000000013ccf0b00, throwScope=0x00007ffeefbfbde0) at JSNode.cpp:855
    frame #11: 0x0000000106c35898 WebCore`long long WebCore::IDLOperation<WebCore::JSNode>::call<&(state=0x00007ffeefbfbe60, operationName="appendChild")), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState&, char const*) at JSDOMOperation.h:53

then again at:

  * frame #0: 0x0000000109843a7b WebCore`WebCore::SMILTimeContainer::begin(this=0x000000012d57e160) at SMILTimeContainer.cpp:135
    frame #1: 0x000000010960cb24 WebCore`WebCore::SVGDocumentExtensions::startAnimations(this=0x00000001306c1e38) at SVGDocumentExtensions.cpp:99
    frame #2: 0x0000000107f542ba WebCore`WebCore::Document::implicitClose(this={ origin = Unique, url = , inMainFrame = 1, pageCacheState = NotInPageCache }) at Document.cpp:3023
    frame #3: 0x00000001087ce82b WebCore`WebCore::FrameLoader::checkCallImplicitClose(this=0x000000011c4242e0) at FrameLoader.cpp:951
    frame #4: 0x00000001087ce2a8 WebCore`WebCore::FrameLoader::checkCompleted(this=0x000000011c4242e0) at FrameLoader.cpp:892
    frame #5: 0x00000001087cc295 WebCore`WebCore::FrameLoader::finishedParsing(this=0x000000011c4242e0) at FrameLoader.cpp:781
    frame #6: 0x0000000107f6df83 WebCore`WebCore::Document::finishedParsing(this={ origin = Unique, url = , inMainFrame = 1, pageCacheState = NotInPageCache }) at Document.cpp:5641
    frame #7: 0x00000001099ce316 WebCore`WebCore::XMLDocumentParser::end(this=0x000000012f87c240) at XMLDocumentParser.cpp:205
    frame #8: 0x00000001099ce8be WebCore`WebCore::XMLDocumentParser::finish(this=0x000000012f87c240) at XMLDocumentParser.cpp:219
    frame #9: 0x00000001087af70e WebCore`WebCore::DocumentWriter::end(this=0x000000012ebd30b8) at DocumentWriter.cpp:284
Comment 4 Charlie Turner 2020-05-11 06:21:13 PDT 

*** This bug has been marked as a duplicate of bug 172490 ***