98059 – Assertion hit in SVGSMILElement.cpp:1118 ASSERT(time.isFinite());

RESOLVED DUPLICATE of bug 108184 98059

Assertion hit in SVGSMILElement.cpp:1118 ASSERT(time.isFinite());

https://bugs.webkit.org/show_bug.cgi?id=98059

Summary Assertion hit in SVGSMILElement.cpp:1118 ASSERT(time.isFinite());

Dominic Mazzoni

Reported 2012-10-01 12:03:46 PDT

The following file triggers an assertion when run under ASAN. It's easy to reproduce as a layout test, just compile with asan and then run DumpRenderTree and pass it a file containing the svg below. The problem goes away if I add a duration to the set, e.g. dur="1s" - but I don't think there should be an assertion failure just because the duration is missing. <svg xmlns:xlink="http://www.w3.org/1999/xlink"> <text id="a">Text</text> <use xlink:href="#a"> <set id="b" attributeName="xlink:href" begin="0s; b.end"/> </use> </svg> ASAN:SIGSEGV ================================================================= ==21425== ERROR: AddressSanitizer crashed on unknown address 0x0000bbadbeef (pc 0x7f9c4159abb7 sp 0x7fff8151b300 bp 0x7fff8151b810 T0) AddressSanitizer can not provide additional info. #0 0x7f9c4159abb6 in WebCore::SVGSMILElement::createInstanceTimesFromSyncbase(WebCore::SVGSMILElement*, WebCore::SVGSMILElement::NewOrExistingInterval) out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.cpp:1118 #1 0x7f9c4158fd7d in WebCore::SVGSMILElement::addTimeDependent(WebCore::SVGSMILElement*) out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.cpp:1131 #2 0x7f9c4158da13 in WebCore::SVGSMILElement::connectConditions() out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.cpp:510 #3 0x7f9c41598ada in WebCore::SVGSMILElement::progress(WebCore::SMILTime, WebCore::SVGSMILElement*, bool) out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.cpp:1023 #4 0x7f9c415631df in WebCore::SMILTimeContainer::updateAnimations(WebCore::SMILTime, bool) out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SMILTimeContainer.cpp:252 #5 0x7f9c41562231 in WebCore::SMILTimeContainer::begin() out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SMILTimeContainer.cpp:100 #6 0x7f9c40f75a87 in WebCore::SVGDocumentExtensions::startAnimations() out/Debug/../../third_party/WebKit/Source/WebCore/svg/SVGDocumentExtensions.cpp:105 #7 0x7f9c3ef43f30 in WebCore::Document::implicitClose() out/Debug/../../third_party/WebKit/Source/WebCore/dom/Document.cpp:2570

Attachments
Add attachment proposed patch, testcase, etc.

Renata Hodovan

Comment 1 2014-04-09 23:28:38 PDT

*** This bug has been marked as a duplicate of bug 108184 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 108184

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component SVG

Assignee

Nobody

Reported

2012-10-01 12:03 PDT

Modified

2014-04-09 23:28 PDT History

CC List

2 users Show

URL

Keywords

Depends on

Blocks