RESOLVED FIXED 40955
Reproducible crash in com.apple.WebCore 0x01f0a94c WebCore::RenderSVGResource::fillPaintingResource(WebCore::RenderObject const*, WebCore::RenderStyle const*) + 540 
https://bugs.webkit.org/show_bug.cgi?id=40955
Summary Reproducible crash in com.apple.WebCore 0x01f0a94c WebCore::RenderSVGResource...
lars.sonchocky-helldorf
Reported 2010-06-21 16:46:04 PDT
I get a reproducible crash when visiting http://dev.w3.org/SVG/profiles/1.1F2/test/harness/htmlObject/animate-elem-39-t.html with the current WebKit Nightly (Safari Version 4.1 (4533.16, r61502) on Mac OS X 10.4.11 PowerPC G4) Date/Time: 2010-06-22 01:35:19.862 +0200 OS Version: 10.4.11 (Build 8S165) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: WindowServer [60] Version: r61502 (61502) PID: 5509 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000028 Thread 0 Crashed: 0 com.apple.WebCore 0x01f0a94c WebCore::RenderSVGResource::fillPaintingResource(WebCore::RenderObject const*, WebCore::RenderStyle const*) + 540 1 com.apple.WebCore 0x0205df0c WebCore::SVGInlineTextBox::acquirePaintingResource(WebCore::GraphicsContext*&, WebCore::RenderStyle*) + 60 2 com.apple.WebCore 0x0205e050 WebCore::SVGInlineTextBox::prepareGraphicsContextForTextPainting(WebCore::GraphicsContext*&, WebCore::TextRun&, WebCore::RenderStyle*) + 32 3 com.apple.WebCore 0x0205e5a0 WebCore::SVGInlineTextBox::paintText(WebCore::GraphicsContext*, WebCore::FloatPoint const&, WebCore::RenderStyle*, WebCore::RenderStyle*, bool) + 176 4 com.apple.WebCore 0x0205f008 WebCore::SVGInlineTextBox::paint(WebCore::RenderObject::PaintInfo&, int, int) + 648 5 com.apple.WebCore 0x02095ce4 WebCore::SVGRootInlineBox::paint(WebCore::RenderObject::PaintInfo&, int, int) + 196 6 com.apple.WebCore 0x01ed40fc WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::RenderObject::PaintInfo&, int, int) const + 1580 7 com.apple.WebCore 0x01e72fd4 WebCore::RenderBlock::paintObject(WebCore::RenderObject::PaintInfo&, int, int) + 372 8 com.apple.WebCore 0x01e67b7c WebCore::RenderBlock::paint(WebCore::RenderObject::PaintInfo&, int, int) + 460 9 com.apple.WebCore 0x01f1a104 WebCore::RenderSVGText::paint(WebCore::RenderObject::PaintInfo&, int, int) + 148 10 com.apple.WebCore 0x01f07914 WebCore::RenderSVGContainer::paint(WebCore::RenderObject::PaintInfo&, int, int) + 452 11 com.apple.WebCore 0x01f07914 WebCore::RenderSVGContainer::paint(WebCore::RenderObject::PaintInfo&, int, int) + 452 12 com.apple.WebCore 0x01f07914 WebCore::RenderSVGContainer::paint(WebCore::RenderObject::PaintInfo&, int, int) + 452 13 com.apple.WebCore 0x01f07914 WebCore::RenderSVGContainer::paint(WebCore::RenderObject::PaintInfo&, int, int) + 452 14 com.apple.WebCore 0x01e8df64 WebCore::RenderBox::paint(WebCore::RenderObject::PaintInfo&, int, int) + 164 see attached crash log
Attachments
crash log for #40955 (36.29 KB, text/plain)
2010-06-21 16:47 PDT, lars.sonchocky-helldorf 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
lars.sonchocky-helldorf
Comment 1 2010-06-21 16:47:47 PDT
Created attachment 59310 [details] crash log for #40955 crash log for this bug
Eric Seidel (no email)
Comment 2 2010-06-21 17:15:17 PDT
I suspect this is also a regression from http://trac.webkit.org/changeset/58212. See bug 40173.
Nikolas Zimmermann
Comment 3 2010-06-22 00:07:22 PDT
Fixed in trunk, no more crashes, since the last text rewrite. Please retry and report here, if you still see the crash!
Note You need to log in before you can comment on or make changes to this bug.