RESOLVED FIXED 71287
REGRESSION: SVG feColorMatrix causes crash 
https://bugs.webkit.org/show_bug.cgi?id=71287
Summary REGRESSION: SVG feColorMatrix causes crash
Philip Rogers
Reported 2011-11-01 08:31:07 PDT
Reproducible on WebKit nightly and Chrome 16.0.912dev Visit the following page (linked from http://www.w3.org/Graphics/SVG/IG/resources/svgprimer.html): http://srufaculty.sru.edu/david.dailey/svg/newstuff/filterColorMatrixSaturate.svg You will get a sadtab in Chrome, and a error page in WebKit nightly.
Attachments
Preliminary patch and test (8.02 KB, patch)
2011-11-06 13:50 PST, Philip Rogers 		no flags
DetailsFormatted DiffDiff
Fix REGRESSION: SVG feColorMatrix causes crash (8.72 KB, patch)
2011-11-07 09:13 PST, Philip Rogers 		no flags
DetailsFormatted DiffDiff
fix REGRESSION: SVG feColorMatrix causes crash (7.89 KB, patch)
2011-11-08 10:29 PST, Philip Rogers 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2011-11-01 14:30:16 PDT
ASSERTION FAILED: i < size() /Users/ap/Safari/OpenSource/WebKitBuild/Debug/JavaScriptCore.framework/PrivateHeaders/Vector.h(537) : float &WTF::Vector<float, 0>::at(size_t) 1 0x109d782c8 WTF::Vector<float, 0ul>::at(unsigned long) 2 0x109d6454d WTF::Vector<float, 0ul>::operator[](unsigned long) 3 0x10adaa79d WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue(float, unsigned int, WTF::OwnPtr<WebCore::SVGAnimatedType>&, WTF::OwnPtr<WebCore::SVGAnimatedType>&, WTF::OwnPtr<WebCore::SVGAnimatedType>&) 4 0x10adb2ee3 WebCore::SVGAnimateElement::calculateAnimatedValue(float, unsigned int, WebCore::SVGSMILElement*) 5 0x10adbd610 WebCore::SVGAnimationElement::updateAnimation(float, unsigned int, WebCore::SVGSMILElement*) 6 0x10ae98bae WebCore::SVGSMILElement::progress(WebCore::SMILTime, WebCore::SVGSMILElement*) 7 0x10ad41e28 WebCore::SMILTimeContainer::updateAnimations(WebCore::SMILTime, double, WTF::String const&) 8 0x10ad417b8 WebCore::SMILTimeContainer::begin()
Alexey Proskuryakov
Comment 2 2011-11-01 14:31:03 PDT
<rdar://problem/10379164>
Philip Rogers
Comment 3 2011-11-06 13:50:14 PST
Created attachment 113801 [details] Preliminary patch and test
Philip Rogers
Comment 4 2011-11-07 09:13:40 PST
Created attachment 113879 [details] Fix REGRESSION: SVG feColorMatrix causes crash
Tim Horton
Comment 5 2011-11-07 11:42:20 PST
Comment on attachment 113879 [details] Fix REGRESSION: SVG feColorMatrix causes crash View in context: https://bugs.webkit.org/attachment.cgi?id=113879&action=review > third_party/WebKit/Source/ThirdParty/ChangeLog:10 > +2011-11-07 Philip Rogers <pdr@google.com> > + > + fix REGRESSION: SVG feColorMatrix causes crash > + https://bugs.webkit.org/show_bug.cgi?id=71287 > + > + Reviewed by NOBODY (OOPS!). > + > + * gtest/codegear/gtest_all.cc: > + * gtest/codegear/gtest_link.cc: > + I am assuming this was accidentally included? > third_party/WebKit/LayoutTests/svg/filters/feColorMatrix-invalid-animation.svg:4 > + <filter id="gopher"> It might be nice to have (in the <title> or in text on the page) an explanation of what it means to pass this test. Also, "gopher" might not be an ideal name for the filter.
Nikolas Zimmermann
Comment 6 2011-11-08 00:32:41 PST
(In reply to comment #4) > Created an attachment (id=113879) [details] > Fix REGRESSION: SVG feColorMatrix causes crash You have to generate your patch from a WebKit source tree, not a chromium one, otherwise it won't be testable by the EWS bots.
Philip Rogers
Comment 7 2011-11-08 10:29:53 PST
Created attachment 114111 [details] fix REGRESSION: SVG feColorMatrix causes crash This patch should now apply cleanly and I cleaned up the test (removed spurious id, added description).
WebKit Review Bot
Comment 8 2011-11-08 17:03:08 PST
Comment on attachment 114111 [details] fix REGRESSION: SVG feColorMatrix causes crash Clearing flags on attachment: 114111 Committed r99638: <http://trac.webkit.org/changeset/99638>
WebKit Review Bot
Comment 9 2011-11-08 17:03:13 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.