85202 – WebCore::SVGAnimateMotionElement::applyResultsToTarget crash

RESOLVED FIXED Bug 85202

WebCore::SVGAnimateMotionElement::applyResultsToTarget crash

https://bugs.webkit.org/show_bug.cgi?id=85202

Summary WebCore::SVGAnimateMotionElement::applyResultsToTarget crash

Philip Rogers

Reported 2012-04-30 09:22:04 PDT

Created attachment 139461 [details] Repro case As the title says, we can crash in WebCore::SVGAnimateMotionElement::applyResultsToTarget. See the attached svg file for a repro. Original bug: crbug.com/124575

Attachments
Repro case (222 bytes, image/svg+xml) 2012-04-30 09:22 PDT, Philip Rogers	no flags	Details
Skip building instance tree for disallowed target (7.13 KB, patch) 2012-04-30 10:28 PDT, Philip Rogers	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Philip Rogers

Comment 1 2012-04-30 10:28:36 PDT

Created attachment 139471 [details] Skip building instance tree for disallowed target My first foray into the shadow tree :)

Nikolas Zimmermann

Comment 2 2012-05-01 07:41:41 PDT

Comment on attachment 139471 [details] Skip building instance tree for disallowed target Ah great, r=me.

WebKit Review Bot

Comment 3 2012-05-01 09:09:54 PDT

Comment on attachment 139471 [details] Skip building instance tree for disallowed target Clearing flags on attachment: 139471 Committed r115730: <http://trac.webkit.org/changeset/115730>

WebKit Review Bot

Comment 4 2012-05-01 09:10:08 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component SVG

Assignee

Nobody

Reported

2012-04-30 09:22 PDT

Modified

2012-05-01 09:10 PDT History

CC List

2 users Show

URL

Keywords

Depends on

Blocks