RESOLVED INVALID 39890
[Qt] Sporadic crash when accessing preserveAspectRatio (in JavaScript) 
https://bugs.webkit.org/show_bug.cgi?id=39890
Summary [Qt] Sporadic crash when accessing preserveAspectRatio (in JavaScript)
alessandro.portale
Reported 2010-05-28 11:32:16 PDT
Created attachment 57349 [details] The stack trace 1) Load an svg into a web frame 2) Evaluate a JavaScript that accesses 'document.rootElement.preserveAspectRatio.baseVal.align' When repeating the above two steps consecutively, after ~30-50 repetitions, the application will crash in 'JSValue jsSVGPreserveAspectRatioAlign()'. See attached stacktrace.txt. This happens with the Webkit version that is used in qt/4.7 Git SHA: 00b2882349d42736f1e3f753838af27a3774eb64 It does not happen in Qt 4.6.2. (The issue may not be Qt layer specific at all. I selected component Webkit Qt, because my attached test app is done in Qt)
Attachments
The stack trace (1007 bytes, text/plain)
2010-05-28 11:32 PDT, alessandro.portale 		no flags
Details
Minimal Qt based app to reproduce the issue. (1.09 KB, text/x-c++src)
2010-05-28 11:36 PDT, alessandro.portale 		no flags
Details
.pro file for the test app (55 bytes, application/octet-stream)
2010-05-28 11:37 PDT, alessandro.portale 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
alessandro.portale
Comment 1 2010-05-28 11:36:37 PDT
Created attachment 57351 [details] Minimal Qt based app to reproduce the issue.
alessandro.portale
Comment 2 2010-05-28 11:37:11 PDT
Created attachment 57352 [details] .pro file for the test app
Simon Hausmann
Comment 3 2010-06-16 06:28:59 PDT
The stacktrace suggests that this happens at least on Windows. I wonder if it also happens on other platforms.
Andreas Kling
Comment 4 2010-07-01 15:56:27 PDT
Cannot reproduce on Linux with ToT.
Nikolas Zimmermann
Comment 5 2010-07-09 07:26:48 PDT
Changed component to SVG, so it shows up in my all-svg-bugs search.
Nikolas Zimmermann
Comment 6 2010-11-19 04:43:22 PST
The SVG DOM js bindings were rewritten. Can you rety with trunk, if you still see a crash?
alessandro.portale
Comment 7 2010-11-27 10:23:52 PST
Goo news. I tested it with a trunk build of r72487, and it did not crash. However, something seems to leak memory. I increased the loop in the test program to 50000. No crash still, but the memory usage steadily grew to 400 MB. The branch qtwebkit-2.1 from the qtwebkit repo still crashes (after 250 testruns in the test program). But good to know that the fix will go into that repo.
Note You need to log in before you can comment on or make changes to this bug.