I can confirm it can be a DRT sideeffect bug. It occured again on all MAC testers after http://trac.webkit.org/changeset/52976 landed. This patch move http tests at the end. http://build.webkit.org/results/Tiger%20Intel%20Release/r52977%20(7547) http://build.webkit.org/results/Leopard%20Intel%20Release%20(Tests)/r52977%20(9112) http://build.webkit.org/results/Leopard%20Intel%20Debug%20(Tests)/r52976%20(9022) http://build.webkit.org/results/SnowLeopard%20Intel%20Release%20(Tests)/r52977%20(4019)

I'm investigating.

Found the bug. http/tests/uri/escaped-entity.html changes the results of svg/W3C-SVG-1.1/filters-conv-01-f.svg when run before it. I suspect some sort of memory smasher, but I don't know yet. My recommendation is that we skip http/tests/uri/escaped-entity.html Running http/tests/uri/escaped-entity.html under --guard mode does not crash.

How: http://trac.webkit.org/browser/trunk/LayoutTests/http/tests/uri/escaped-entity.html affects: http://trac.webkit.org/browser/trunk/LayoutTests/svg/W3C-SVG-1.1/filters-conv-01-f.svg To cause this diff: --- layout-test-results/svg/W3C-SVG-1.1/filters-conv-01-f-expected.txt 2010-01-08 00:17:01.000000000 -0800 +++ layout-test-results/svg/W3C-SVG-1.1/filters-conv-01-f-actual.txt 2010-01-08 00:17:01.000000000 -0800 @@ -39,7 +39,7 @@ RenderSVGImage {image} at (180,163) size 50x63 [filter=convolve5] RenderSVGText {text} at (10,20) size 117x18 contains 1 chunk(s) RenderSVGInlineText {#text} at (0,-14) size 117x18 - chunk 1 text run 1 at (10.00,20.00) startOffset 0 endOffset 19 width 117.00: "Vertical blur (1x3)" + chunk 1 text run 1 at (10.00,20.00) startOffset 0 endOffset 19 width 115.00: "Vertical blur (1x3)" RenderSVGContainer {g} at (330,163) size 50x63 [transform={m=((1.00,0.00)(0.00,1.00)) t=(300.00,93.00)}] RenderSVGImage {image} at (330,163) size 50x63 [filter=convolve6] RenderSVGText {text} at (10,340) size 264x46 contains 1 chunk(s) I do not know. I can only assume that it's causing some sort of font caching issue or a memory smasher of some sort. I've not tried to produce a reduced test case yet.

Created attachment 46122 [details] Patch

Committed r52979: <http://trac.webkit.org/changeset/52979>

(In reply to comment #6) > Committed r52979: <http://trac.webkit.org/changeset/52979> That was meant for another bug.

Committed r52980: <http://trac.webkit.org/changeset/52980>

Unfortunately "Windows Release (Tests)" bot is still wrong, it doesn't generate the correct output for svg/W3C-SVG-1.1/filters-conv-01-f.svg :S http://build.webkit.org/results/SnowLeopard%20Intel%20Release%20%28Tests%29/r52980%20%284022%29/results.html

I wonder if svg/W3C-SVG-1.1/filters-conv-01-f.svg could be reading from uniitialized memory. Would be nice if we had a valgrind run.

bug 33372 also seems to be the same sort of bug. We may need to roll out the run-webkit-tests change and fix all these bugs which should appear in --singly runs as well.

Created attachment 46163 [details] proposed fix Filed bug 33400 for the real problem, masking it with changes to escaped-entity.html for now, since the test has no need to render funky characters.

style-queue ran check-webkit-style on attachment 46163 [details] without any errors.

Committed <http://trac.webkit.org/changeset/53012>.