Steps to Reproduce: 1. Open the attached file in a WebKit browser. Expected Results: Some text on the screen ("PASS if no crash"). Actual Results: Renderer crashes. Notes: It seems that r89745 added some code to SVGAElement::defaultEventHandler which depends on getElementById returning a valid element, which is certainly not guaranteed. I have a (very simple) patch to fix (and a test).
Created attachment 103551 [details] Repro.
<rdar://problem/9933311>
Created attachment 103556 [details] Patch
Comment on attachment 103556 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=103556&action=review R+, provided EWS shows up nothing. > LayoutTests/svg/custom/click-internal-anchor-with-use-crash.xhtml:23 > + <a id="link" xlink:href="#"> You could try making the invalid reference more clear (for example #non_existant or something).
Comment on attachment 103556 [details] Patch Clearing flags on attachment: 103556 Committed r92809: <http://trac.webkit.org/changeset/92809>
All reviewed patches have been landed. Closing bug.