RESOLVED WORKSFORME 26434
REGRESSION: SVG demo crashes Safari 4 (does not crash Safari 3.x) 
https://bugs.webkit.org/show_bug.cgi?id=26434
Summary REGRESSION: SVG demo crashes Safari 4 (does not crash Safari 3.x)
Eric Seidel (no email)
Reported 2009-06-16 00:06:26 PDT
REGRESSION: SVG demo crashes Safari 4 (does not crash Safari 3.x) http://codinginparadise.org/projects/svgweb/samples/demo.html Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000288 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x93739238 WebCore::CSSStyleSelector::initElementAndPseudoState(WebCore::Element*) + 24 1 com.apple.WebCore 0x9373890b WebCore::CSSStyleSelector::styleForElement(WebCore::Element*, WebCore::RenderStyle*, bool, bool) + 75 2 com.apple.WebCore 0x937388ae WebCore::Node::styleForRenderer() + 126 3 com.apple.WebCore 0x93c2c8ec WebCore::SVGClipPathElement::canvasResource() + 124 4 com.apple.WebCore 0x93a36bda WebCore::SVGStyledElement::invalidateResourcesInAncestorChain() const + 58 5 com.apple.WebCore 0x93a36adb WebCore::SVGStyledElement::svgAttributeChanged(WebCore::QualifiedName const&) + 75 6 com.apple.WebCore 0x93a38151 WebCore::SVGRectElement::svgAttributeChanged(WebCore::QualifiedName const&) + 33 7 com.apple.WebCore 0x937952a7 WebCore::NamedNodeMap::addAttribute(WTF::PassRefPtr<WebCore::Attribute>) + 119 8 com.apple.WebCore 0x938b57bd WebCore::Element::setAttribute(WebCore::AtomicString const&, WebCore::AtomicString const&, int&) + 589 9 com.apple.WebCore 0x938b53bd WebCore::JSElement::setAttribute(JSC::ExecState*, JSC::ArgList const&) + 301 10 com.apple.WebCore 0x938b5263 WebCore::jsElementPrototypeFunctionSetAttribute(JSC::ExecState*, JSC::JSObject*, JSC::JSValue, JSC::ArgList const&) + 115 11 ??? 0x00ff620f 0 + 16736783 12 com.apple.JavaScriptCore 0x916f25dc JSC::Interpreter::execute(JSC::FunctionBodyNode*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue*) + 524 13 com.apple.JavaScriptCore 0x91601115 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 149 14 com.apple.WebCore 0x9381a27a WebCore::JSEventListener::handleEvent(WebCore::Event*, bool) + 2074 15 com.apple.WebCore 0x938c398d WebCore::XMLHttpRequest::dispatchReadyStateChangeEvent() + 141 16 com.apple.WebCore 0x938c38ce WebCore::XMLHttpRequest::callReadyStateChangeListener() + 30 17 com.apple.WebCore 0x938e9167 WebCore::XMLHttpRequest::didFinishLoading(unsigned long) + 455 18 com.apple.WebCore 0x937c98fd WebCore::SubresourceLoader::didFinishLoading() + 45 19 com.apple.Foundation 0x90ee34a7 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading] + 87 Full crash log attached.
Attachments
full crash log (32.67 KB, text/plain)
2009-06-16 00:06 PDT, Eric Seidel (no email) 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Eric Seidel (no email)
Comment 1 2009-06-16 00:06:59 PDT
Created attachment 31335 [details] full crash log Note, I have click 2 flash installed (which could be causing this, but I doubt it).
Eric Seidel (no email)
Comment 2 2009-06-16 00:07:27 PDT
Note that only the URL http://codinginparadise.org/projects/svgweb/samples/demo.html crashes, not when you pass it query parameters.
Eric Seidel (no email)
Comment 3 2009-06-16 00:09:14 PDT
Should be trivial to catch in the debugger. Obviously some "this" is ending up NULL.
Brad Neuberg
Comment 4 2009-06-16 00:16:14 PDT
This might be related to an issue on the SVG Web side (the toolkit used in the SVG demo): http://code.google.com/p/sgweb/issues/detail?id=106 In that demo I'm actually using Flash to do the rendering rather than the native SVG support in Safari. I internally use the JavaScript XML Parser class to build up an internal representation of the SVG file that I use for tracking, and then send over a string version of it to Flash to do the actual rendering. However, I noticed a surprising thing recently: even though the SVG is parsed by XML, all of the XML nodes become specific Safari SVGElement nodes rather than generic XML DOM nodes. This causes some trouble for me; I have an open issue on my side to create a workaround internally to prevent this from happening.
Eric Seidel (no email)
Comment 5 2009-06-16 00:29:55 PDT
If you remove the namespace before sending it off to WebKit WebKit will make plain old Element nodes instead of SVG elements. :)
dageekkid
Comment 6 2009-11-29 13:09:52 PST
(In reply to comment #5) > If you remove the namespace before sending it off to WebKit WebKit will make > plain old Element nodes instead of SVG elements. :) r51397 on 10.6.2 has no issues...
Alexey Proskuryakov
Comment 7 2010-05-07 14:50:21 PDT
Doesn't crash for me either with a local debug build of r58908.
Note You need to log in before you can comment on or make changes to this bug.