RESOLVED FIXED 90820
REGRESSION: Infinite loop in document.elementFromPoint 
https://bugs.webkit.org/show_bug.cgi?id=90820
Summary REGRESSION: Infinite loop in document.elementFromPoint
Philip Rogers
Reported 2012-07-09 14:11:17 PDT
Created attachment 151315 [details] Testcase In writing a perf test (https://bugs.webkit.org/show_bug.cgi?id=90811) I found a bug where we infinite loop when calling document.elementFromPoint on a <use>'d element in SVG. In the attached testcase you should see: About to call document.elementFromPoint(100,100)... 3... 2... 1... Done! But you actually see: About to call document.elementFromPoint(100,100)... 3... 2... 1... and the browser hangs. A quick look through trac hints at a regression from r118319 but that's just a guess.
Attachments
Testcase (903 bytes, text/html)
2012-07-09 14:11 PDT, Philip Rogers 		no flags
Details
Patch (4.01 KB, patch)
2012-07-12 23:55 PDT, Shinya Kawanaka 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from gce-cr-linux-04 (347.17 KB, application/zip)
2012-07-13 00:26 PDT, WebKit Review Bot 		no flags
Details
Rebased ToT (4.03 KB, patch)
2012-07-16 18:19 PDT, Shinya Kawanaka 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Nikolas Zimmermann
Comment 1 2012-07-10 06:03:59 PDT
Never heard about document.elementFromPoint before, its untested for SVG and likely to be broken.
Philip Rogers
Comment 2 2012-07-10 17:02:10 PDT
(In reply to comment #1) > Never heard about document.elementFromPoint before, its untested for SVG and likely to be broken. Sure we do! elementFromPoint just calls through the nodeAtFloatPoint codepaths; lots of tests there. What we don't have is tests of this on <use> or <symbol> though, which is how this regressed.
Shinya Kawanaka
Comment 3 2012-07-12 23:16:54 PDT
Hi, I found this issue accidentally. Let me check it...
Shinya Kawanaka
Comment 4 2012-07-12 23:55:11 PDT
Created attachment 152163 [details] Patch
Shinya Kawanaka
Comment 5 2012-07-12 23:55:48 PDT
I hope this patch will pass the tests...
WebKit Review Bot
Comment 6 2012-07-13 00:26:24 PDT
Comment on attachment 152163 [details] Patch Attachment 152163 [details] did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/13207953 New failing tests: http/tests/w3c/webperf/approved/navigation-timing/html/test_performance_attributes_exist_in_object.html
WebKit Review Bot
Comment 7 2012-07-13 00:26:27 PDT
Created attachment 152169 [details] Archive of layout-test-results from gce-cr-linux-04 The attached test failures were seen while running run-webkit-tests on the chromium-ews. Bot: gce-cr-linux-04 Port: <class 'webkitpy.common.config.ports.ChromiumXVFBPort'> Platform: Linux-2.6.39-gcg-201203291735-x86_64-with-Ubuntu-10.04-lucid
Shinya Kawanaka
Comment 8 2012-07-13 00:34:42 PDT
Comment on attachment 152163 [details] Patch I don't think this failure is related to my patch.
Shinya Kawanaka
Comment 9 2012-07-16 18:19:28 PDT
Created attachment 152671 [details] Rebased ToT
Shinya Kawanaka
Comment 10 2012-07-16 21:55:03 PDT
zimmerman, could you review this?
Nikolas Zimmermann
Comment 11 2012-07-17 00:01:25 PDT
Comment on attachment 152671 [details] Rebased ToT Great catch. r=me!
Shinya Kawanaka
Comment 12 2012-07-17 01:11:20 PDT
(In reply to comment #11) > (From update of attachment 152671 [details]) > Great catch. r=me! Thanks for reviewing!
WebKit Review Bot
Comment 13 2012-07-17 01:37:55 PDT
Comment on attachment 152671 [details] Rebased ToT Clearing flags on attachment: 152671 Committed r122825: <http://trac.webkit.org/changeset/122825>
WebKit Review Bot
Comment 14 2012-07-17 01:38:00 PDT
All reviewed patches have been landed. Closing bug.
Philip Rogers
Comment 15 2012-07-17 10:05:34 PDT
(In reply to comment #14) > All reviewed patches have been landed. Closing bug. Thanks for the quick fix Shinya! You rock :)
Note You need to log in before you can comment on or make changes to this bug.