RESOLVED FIXED 258226
Handle SVGLength resolving in an inactive document gracefully 
https://bugs.webkit.org/show_bug.cgi?id=258226
Summary Handle SVGLength resolving in an inactive document gracefully
Ahmad Saleem
Reported 2023-06-16 16:38:50 PDT
Hi Team, While going through Blink commit's, I came across following bug, where we throw console error while Firefox Nightly 116 and Chrome Canary 116 does not. Blink Commit: https://src.chromium.org/viewvc/blink?view=revision&revision=196269 WebKit Source: https://searchfox.org/wubkat/source/Source/WebCore/svg/SVGLengthContext.cpp#233 I think it is easier to merge this and match other browsers but raising to get input. Thanks!
Attachments
Add attachment proposed patch, testcase, etc.
Ahmad Saleem
Comment 1 2023-06-17 07:14:23 PDT
I merge and it still does not get rid of console error, so it is different case but I think it is more about potential case fix since it was identified by ‘ClusterFuzz’ tool used by Google.
Ahmad Saleem
Comment 2 2023-07-22 04:26:37 PDT
Manage to confirm that it does not fix bug and not crash in 'Debug' with this patch and without patch, we get: stderr: SHOULD NEVER BE REACHED /Users/ahmadsaleem/Documents/GitHub-Webkit-origin/Webkit/Source/WebCore/svg/SVGLengthContext.cpp(234) : const WebCore::RenderStyle *WebCore::renderStyleForLengthResolving(const WebCore::SVGElement *) 1 0x133bc1c68 WTFCrash 2 0x14d0434a0 WebCore::BaseAudioContext::currentSampleFrame() const 3 0x14fcf682c WebCore::renderStyleForLengthResolving(WebCore::SVGElement const*) 4 0x14fcf5ec0 WebCore::SVGLengthContext::convertValueFromEMSToUserUnits(float) const 5 0x14fcf5d18 WebCore::SVGLengthContext::convertValueToUserUnits(float, WebCore::SVGLengthType, WebCore::SVGLengthMode) const 6 0x14fcf7e50 WebCore::SVGLengthValue::valueForBindings(WebCore::SVGLengthContext const&) const 7 0x14bfef6a8 WebCore::SVGLength::valueForBindings() 8 0x14bfef614 WebCore::jsSVGLength_valueGetter(JSC::JSGlobalObject&, WebCore::JSSVGLength&) 9 0x14bf4f3f4 long long WebCore::IDLAttribute<WebCore::JSSVGLength>::get<&WebCore::jsSVGLength_valueGetter(JSC::JSGlobalObject&, WebCore::JSSVGLength&), (WebCore::CastedThisErrorBehavior)3>(JSC::JSGlobalObject&, long long, JSC::PropertyName) 10 0x14bf4f2c8 WebCore::jsSVGLength_value(JSC::JSGlobalObject*, long long, JSC::PropertyName) 11 0x1357efb64 WTF::FunctionPtr<(WTF::PtrTag)57072, long long (JSC::JSGlobalObject*, long long, JSC::PropertyName), (WTF::FunctionAttributes)1>::operator()(JSC::JSGlobalObject*, long long, JSC::PropertyName) const 12 0x135a57bd8 JSC::PropertySlot::customGetter(JSC::VM&, JSC::PropertyName) const 13 0x13420cc34 JSC::PropertySlot::getValue(JSC::JSGlobalObject*, JSC::PropertyName) const 14 0x134f0d1a8 JSC::JSValue::get(JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) const 15 0x135556b20 JSC::LLInt::performLLIntGetByID(JSC::BytecodeIndex, JSC::CodeBlock*, JSC::JSGlobalObject*, JSC::JSValue, JSC::Identifier const&, JSC::GetByIdModeMetadata&) 16 0x135556920 llint_slow_path_get_by_id 17 0x13426d898 llint_entry 18 0x134261808 vmEntryToJavaScript 19 0x1353ae34c JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*,
Radar WebKit Bug Importer
Comment 3 2023-07-22 04:26:49 PDT
<rdar://problem/112704896>
Ahmad Saleem
Comment 4 2023-07-22 04:50:09 PDT
PR: https://github.com/WebKit/WebKit/pull/16010
EWS
Comment 5 2023-07-24 09:30:19 PDT
Committed 266250@main (f538153c2220): <https://commits.webkit.org/266250@main> Reviewed commits have been landed. Closing PR #16010 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.