93453 – SVG+animation+viewBox+relative-size via <html:img> = FractionalLayoutUnit error log.

RESOLVED WORKSFORME 93453

SVG+animation+viewBox+relative-size via <html:img> = FractionalLayoutUnit error log.

https://bugs.webkit.org/show_bug.cgi?id=93453

Summary SVG+animation+viewBox+relative-size via <html:img> = FractionalLayoutUnit err...

Kazuhiro Inaba

Reported 2012-08-08 02:01:08 PDT

Created attachment 157154 [details] Loading from an HTML <img src="foo.svg" width="256" height="20"/> reproduces the issue. Reduction of an issue reported at http://crbug.com/129465. I have seen it on debug build of Chromium and DumpRenderTree (on Linux). If an SVG image * with viewBox attribute, * without width/height attributes, * and with <animate> element is loaded via html <img> element, it triggers the following diagnosing message: ERROR: !(isInBounds(value)) ../../third_party/WebKit/Source/WebCore/platform/FractionalLayoutUnit.h(79) : WebCore::FractionalLayoutUnit::FractionalLayoutUnit(float) I don't see any visible trouble in SVG rendering result, but in the originally reported case, this message is infinitely generated and floods my console. Substituting the line with an assertion, I got the following stack trace in DumpRenderTree, and the "out-of-bound" value was -NaN. base::debug::StackTrace::StackTrace() [0x7f8bd9c2dffe] base::(anonymous namespace)::StackDumpSignalHandler() [0x7f8bd9ca0e74] 0x7f8bd1e0caf0 WebCore::FractionalLayoutUnit::FractionalLayoutUnit() [0x7f8bd5a413fe] WebCore::FractionalLayoutUnit::FractionalLayoutUnit() [0x7f8bd5a3e13f] WebCore::FractionalLayoutPoint::FractionalLayoutPoint() [0x7f8bd5a60bea] WebCore::FractionalLayoutPoint::FractionalLayoutPoint() [0x7f8bd5a60bad] WebCore::roundedLayoutPoint() [0x7f8bd5a5cecc] WebCore::RenderBox::mapLocalToContainer() [0x7f8bd5b0407e] WebCore::RenderSVGRoot::mapLocalToContainer() [0x7f8bd608f369] WebCore::SVGRenderSupport::mapLocalToContainer() [0x7f8bd60a6306] WebCore::RenderSVGModelObject::mapLocalToContainer() [0x7f8bd606546b] WebCore::RenderObject::localToContainerQuad() [0x7f8bd5c0347b] WebCore::RenderSVGModelObject::outlineBoundsForRepaint() [0x7f8bd60655b2] WebCore::LayoutRepainter::LayoutRepainter() [0x7f8bd5a83040] WebCore::RenderSVGShape::layout() [0x7f8bd6092ef0] WebCore::SVGRenderSupport::layoutChildren() [0x7f8bd60a6d17] WebCore::RenderSVGRoot::layout() [0x7f8bd608e2e2] WebCore::FrameView::layout() [0x7f8bd6ba2e15] WebCore::FrameView::visibleContentsResized() [0x7f8bd6ba7fd6] WebCore::ScrollView::updateScrollbars() [0x7f8bd62a869d] WebCore::ScrollView::setFrameRect() [0x7f8bd62ac4f4] WebCore::FrameView::setFrameRect() [0x7f8bd6ba02ef] WebCore::Widget::resize() [0x7f8bd51b748e] WebCore::SVGImage::dataChanged() [0x7f8bd623840b] WebCore::Image::setData() [0x7f8bd6351af5] WebCore::CachedImage::data() [0x7f8bd6b16ec7] WebCore::SubresourceLoader::didFinishLoading() [0x7f8bd6af96e9] WebCore::ResourceLoader::didFinishLoading() [0x7f8bd6af4605] WebCore::ResourceHandleInternal::didFinishLoading() [0x7f8bd6413652] webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest() [0x7f8bd9f58253] (anonymous namespace)::RequestProxy::NotifyCompletedRequest() [0x5d9285] base::internal::RunnableAdapter<>::Run() [0x5d96d4] base::internal::InvokeHelper<>::MakeItSo() [0x5d960b] base::internal::Invoker<>::Run() [0x5d959a] base::Callback<>::Run() [0x7f8bd9c2429e] MessageLoop::RunTask() [0x7f8bd9c6e104] MessageLoop::DeferOrRunPendingTask() [0x7f8bd9c6e41b] MessageLoop::DoWork() [0x7f8bd9c6e5f5] base::MessagePumpGlib::RunWithDispatcher() [0x7f8bd9c05b52] base::MessagePumpGlib::Run() [0x7f8bd9c06069] MessageLoop::RunInternal() [0x7f8bd9c6dbe6] MessageLoop::RunHandler() [0x7f8bd9c6da95] base::RunLoop::Run() [0x7f8bd9ca7e52] MessageLoop::Run() [0x7f8bd9c6d331] webkit_support::RunMessageLoop() [0x542741] TestShell::waitTestFinished() [0x49836f] TestShell::runFileTest() [0x48feaa] runTest() [0x45ad1c] main [0x45aa35] If I directly load the SVG file, or load it via <iframe> or <embed> element, there was no problem. Adding absolute size info to SVG or dropping viewBox attribute also dissolved the message flood. As far as I looked, SVGImage::frameView() has size (0,0) in this case and it is causing 0/0 = NaN in SVGPreserveAspectRatio::getCTM.

Attachments
Loading from an HTML <img src="foo.svg" width="256" height="20"/> reproduces the issue. (288 bytes, image/svg+xml) 2012-08-08 02:01 PDT, Kazuhiro Inaba	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Kazuhiro Inaba

Comment 1 2012-08-08 02:13:32 PDT

Oops, I'm very sorry, the stacktrace I pasted in the previous comment was wrong (that was the one from my local tweaks...) Here is the real trace. Hope it helps. base::debug::StackTrace::StackTrace() [0x7f189ddc5ffe] base::(anonymous namespace)::StackDumpSignalHandler() [0x7f189de38e74] 0x7f1895fa4af0 WebCore::FractionalLayoutUnit::FractionalLayoutUnit() [0x7f1899bd93fe] WebCore::FractionalLayoutUnit::FractionalLayoutUnit() [0x7f1899bd613f] WebCore::FractionalLayoutPoint::FractionalLayoutPoint() [0x7f1899bf8bea] WebCore::FractionalLayoutPoint::FractionalLayoutPoint() [0x7f1899bf8bad] WebCore::roundedLayoutPoint() [0x7f1899bf4ecc] WebCore::RenderBox::mapLocalToContainer() [0x7f1899c9c07e] WebCore::RenderSVGRoot::mapLocalToContainer() [0x7f189a2272b9] WebCore::SVGRenderSupport::mapLocalToContainer() [0x7f189a23e256] WebCore::RenderSVGModelObject::mapLocalToContainer() [0x7f189a1fd3bb] WebCore::RenderObject::localToContainerQuad() [0x7f1899d9b3cb] WebCore::RenderSVGModelObject::outlineBoundsForRepaint() [0x7f189a1fd502] WebCore::LayoutRepainter::LayoutRepainter() [0x7f1899c1b040] WebCore::RenderSVGShape::layout() [0x7f189a22ae40] WebCore::SVGRenderSupport::layoutChildren() [0x7f189a23ec67] WebCore::RenderSVGRoot::layout() [0x7f189a226232] WebCore::FrameView::layout() [0x7f189ad3ac05] WebCore::FrameView::layoutTimerFired() [0x7f189ad36c70] WebCore::Timer<>::fired() [0x7f189ad4c723] WebCore::ThreadTimers::sharedTimerFiredInternal() [0x7f189a455122] WebCore::ThreadTimers::sharedTimerFired() [0x7f189a454f29] webkit_glue::WebKitPlatformSupportImpl::DoTimeout() [0x7f189e0e2aed] base::internal::RunnableAdapter<>::Run() [0x7f189e0e36c2] base::internal::InvokeHelper<>::MakeItSo() [0x7f189e0e362c] base::internal::Invoker<>::Run() [0x7f189e0e35da] base::Callback<>::Run() [0x7f189ddbc29e] base::Timer::RunScheduledTask() [0x7f189de8de62] base::BaseTimerTaskInternal::Run() [0x7f189de8dfbc] base::internal::RunnableAdapter<>::Run() [0x7f189de8e482] base::internal::InvokeHelper<>::MakeItSo() [0x7f189de8e3ec] base::internal::Invoker<>::Run() [0x7f189de8e395] base::Callback<>::Run() [0x7f189ddbc29e] MessageLoop::RunTask() [0x7f189de06104] MessageLoop::DeferOrRunPendingTask() [0x7f189de0641b] MessageLoop::DoWork() [0x7f189de065f5] base::MessagePumpGlib::HandleDispatch() [0x7f189dd9df4c] (anonymous namespace)::WorkSourceDispatch() [0x7f189dd9d741] 0x7f18952d88c2 0x7f18952dc748 0x7f18952dc8fc base::MessagePumpGlib::RunWithDispatcher() [0x7f189dd9db10] base::MessagePumpGlib::Run() [0x7f189dd9e069] MessageLoop::RunInternal() [0x7f189de05be6] MessageLoop::RunHandler() [0x7f189de05a95] base::RunLoop::Run() [0x7f189de3fe52] MessageLoop::Run() [0x7f189de05331] webkit_support::RunMessageLoop() [0x542741] TestShell::waitTestFinished() [0x49836f] TestShell::runFileTest() [0x48feaa] runTest() [0x45ad1c] main [0x45aa35] 0x7f1895f8fc4d 0x458679

Said Abou-Hallawa

Comment 2 2017-02-08 11:23:25 PST

The FractionalLayoutUnit class was removed from WebKit and the test case opens without any crash.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WORKSFORME

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component SVG

Assignee

Nobody

Reported

2012-08-08 02:01 PDT

Modified

2017-02-08 11:23 PST History

CC List

4 users Show

URL

Keywords

Depends on

Blocks