RESOLVED FIXED Bug 33841
Crash on dispatching SVG mouse events 
https://bugs.webkit.org/show_bug.cgi?id=33841
Summary Crash on dispatching SVG mouse events
Vitaly Repeshko
Reported 2010-01-19 07:22:23 PST
Created attachment 46907 [details] Reproducible test case Crash on dispatching SVG mouse events Steps to reproduce: 1. Open attached svg_crash.svg. 2. Move the mouse over the blinking black rectangle. See http://crbug.com/32269 (in particular comment 8). This first appeared as chromium-specific bug, but then it turned out to be reproducible in Safari.
Attachments
Reproducible test case (1.56 KB, image/svg+xml)
2010-01-19 07:22 PST, Vitaly Repeshko 		no flags
Details
Initial patch (2.79 KB, patch)
2010-01-20 18:02 PST, Nikolas Zimmermann 		oliver: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Vitaly Repeshko
Comment 1 2010-01-19 11:06:39 PST
I verified it crashes even after http://trac.webkit.org/changeset/53446
Nikolas Zimmermann
Comment 2 2010-01-19 20:16:54 PST
Thanks, the testcase is evil :-) We need to add: if (!m_targetElementInstance) return 0; to SVGUseElement::instanceForShadowTreeElement. Can you try wheter that fixes it, my tree is jammed atm :-)
Nikolas Zimmermann
Comment 3 2010-01-20 18:02:46 PST
Created attachment 47087 [details] Initial patch As discussed on IRC, there is no way to test using DRT at the moment - that particular code in EventHandler leading to crashes is not reachable when moving mouse using DRT. Adding the original testcase as manual-test.
Nikolas Zimmermann
Comment 4 2010-01-20 18:11:10 PST
Landed in r53589.
Note You need to log in before you can comment on or make changes to this bug.