RESOLVED FIXED 35631
Crash when attempting to render certain SVGs 
https://bugs.webkit.org/show_bug.cgi?id=35631
Summary Crash when attempting to render certain SVGs
Tony Chang
Reported 2010-03-02 22:59:25 PST
The layout test attached to bug 35261 is also crashing on Leopard Intel Debug. https://bugs.webkit.org/attachment.cgi?id=49654&action=prettypatch The original bug is a fix for the crash in Skia, this bug is to fix the debug only crash in CG.
Attachments
Add attachment proposed patch, testcase, etc.
Tony Chang
Comment 1 2010-03-04 00:42:21 PST
This test is now committed at svg/custom/tiling-regular-hexagonal-crash.svg, but skipped on mac.
Dirk Schulze
Comment 2 2010-04-21 12:57:00 PDT
(In reply to comment #1) > This test is now committed at svg/custom/tiling-regular-hexagonal-crash.svg, > but skipped on mac. What is the problem here? Changing Image might help but I would like to fix the real issue.
Dirk Schulze
Comment 3 2010-04-21 13:03:42 PDT
(In reply to comment #2) > (In reply to comment #1) > > This test is now committed at svg/custom/tiling-regular-hexagonal-crash.svg, > > but skipped on mac. > > What is the problem here? Changing Image might help but I would like to fix the > real issue. Ok, looks like the problem is a tile width or height of 0.
Dirk Schulze
Comment 4 2010-04-21 13:20:16 PDT
Not only that we don't check for empty tile rects: IntSize imageSize(lroundf(patternBoundariesIncludingOverflow.width()), lroundf(patternBoundariesIncludingOverflow.height())); clampImageBufferSizeToViewport(document()->view(), imageSize); OwnPtr<ImageBuffer> patternImage = ImageBuffer::create(imageSize); it also looks like we have a parsing bug: height=" 270" We don't ignore leading zeros.
Simon Fraser (smfr)
Comment 5 2010-12-18 14:39:46 PST
Looks fine to me on SnowLeopard. Are there any remaining issues here?
Robert Longson
Comment 6 2011-01-04 03:12:08 PST
(In reply to comment #4) > > it also looks like we have a parsing bug: > > height=" 270" > > We don't ignore leading zeros. It would be incorrect to ignore leading zeros. http://www.w3.org/TR/SVG/types.html#DataTypeLength
Dirk Schulze
Comment 7 2011-01-04 03:40:27 PST
(In reply to comment #6) > (In reply to comment #4) > > > > it also looks like we have a parsing bug: > > > > height=" 270" > > > > We don't ignore leading zeros. > > It would be incorrect to ignore leading zeros. http://www.w3.org/TR/SVG/types.html#DataTypeLength At first sorry for my typing error, I meant spaces instead of zeros. Nevertheless, you're right Robert. <svg xmlns="http://www.w3.org/2000/svg"> <rect x="0" y="0" width=" 100" height="10" fill="red"/> <rect x="0" y="20" width="100 " height="10" fill="red"/> </svg> Both, WebKit and Firefox, don't draw the rects. And this is correct according to the spec.
Dirk Schulze
Comment 8 2011-01-04 03:42:37 PST
The root of this problem was fixed. Closing the bug now.
Note You need to log in before you can comment on or make changes to this bug.