[Webkit-unassigned] [Bug 12981] New: REGRESSION (r18975-r18999): Reproducible crash with <use>

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 6 07:32:22 PST 2007 

http://bugs.webkit.org/show_bug.cgi?id=12981

           Summary: REGRESSION (r18975-r18999): Reproducible crash with
                    <use>
           Product: WebKit
           Version: 522+ (nightly)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: NEW
          Keywords: HasReduction, Regression, NeedsRadar
          Severity: Critical
          Priority: P1
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mitz at webkit.org
                CC: zimmermann at kde.org


The attached SVG crashes WebKit. Backtrace:

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  WindowServer [61]

Version: ??? (19977)

PID:    9191
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x0000000c

Thread 0 Crashed:
0   com.apple.WebCore           0x014ce2a4 WTF::HashMap<WebCore::String,
WTF::HashSet<WebCore::SVGStyledElement*,
WTF::PtrHash<WebCore::SVGStyledElement*>,
WTF::HashTraits<WebCore::SVGStyledElement*> >*, WTF::StrHash<WebCore::String>,
WTF::HashTraits<WebCore::String>,
WTF::HashTraits<WTF::HashSet<WebCore::SVGStyledElement*,
WTF::PtrHash<WebCore::SVGStyledElement*>,
WTF::HashTraits<WebCore::SVGStyledElement*> >*> >::add(WebCore::String const&,
WTF::HashSet<WebCore::SVGStyledElement*,
WTF::PtrHash<WebCore::SVGStyledElement*>,
WTF::HashTraits<WebCore::SVGStyledElement*> >* const&) + 68
1   com.apple.WebCore           0x0119ec90
WebCore::SVGDocumentExtensions::addPendingResource(WebCore::AtomicString
const&, WebCore::SVGStyledElement*) + 192
2   com.apple.WebCore           0x01097404
WebCore::SVGUseElement::insertedIntoDocument() + 324
3   com.apple.WebCore           0x010d662c
WebCore::ContainerNode::addChild(WTF::PassRefPtr<WebCore::Node>) + 220
4   com.apple.WebCore           0x0102cf84
WebCore::XMLTokenizer::startElementNs(unsigned char const*, unsigned char
const*, unsigned char const*, int, unsigned char const**, int, int, unsigned
char const**) + 3268
5   libxml2.2.dylib             0x92ca2480 xmlParseStartTag + 8228
6   libxml2.2.dylib             0x92ca42ec xmlParseDocument + 3368
7   libxml2.2.dylib             0x92c88c0c xmlParseChunk + 424
8   com.apple.WebCore           0x01028e84
WebCore::XMLTokenizer::write(WebCore::SegmentedString const&, bool) + 260
9   com.apple.WebCore           0x013cabc8 WebCore::FrameLoader::write(char
const*, int, bool) + 856
10  com.apple.WebCore           0x010dfbb8 -[WebCoreFrameBridge
receivedData:textEncodingName:] + 408
11  com.apple.WebKit            0x00327eec -[WebHTMLRepresentation
receivedData:withDataSource:] + 156
12  com.apple.WebKit            0x003234b8 -[WebDataSource(WebInternal)
_receivedData:] + 88
13  com.apple.WebKit            0x00378318
WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int)
+ 120
14  com.apple.WebCore           0x013deeac
WebCore::DocumentLoader::commitLoad(char const*, int) + 92
15  com.apple.WebCore           0x013e6670
WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 80
16  com.apple.WebCore           0x013e3244
WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool)
+ 52
17  com.apple.WebCore           0x013ba11c -[WebCoreResourceHandleAsDelegate
connection:didReceiveData:lengthReceived:] + 156
18  com.apple.Foundation        0x929935d4
-[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564
19  com.apple.Foundation        0x92991a74
-[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 488
20  com.apple.Foundation        0x92991810 _sendCallbacks + 156
21  com.apple.CoreFoundation    0x907dd4cc __CFRunLoopDoSources0 + 384
22  com.apple.CoreFoundation    0x907dc9fc __CFRunLoopRun + 452
23  com.apple.CoreFoundation    0x907dc47c CFRunLoopRunSpecific + 268
24  com.apple.Foundation        0x92970164 -[NSRunLoop runMode:beforeDate:] +
172
25  com.apple.Foundation        0x929b4e20 -[NSRunLoop runUntilDate:] + 80
26  com.apple.AppKit            0x9396b36c NSCoreDragReceiveProc + 916
27  com.apple.HIServices        0x91854de8 DoDropMessage + 96
28  com.apple.HIServices        0x9185628c CoreDragMessageHandler + 1332
29  com.apple.CoreFoundation    0x90824104 __CFMessagePortPerform + 304
30  com.apple.CoreFoundation    0x907ea734 __CFRunLoopDoSource1 + 152
31  com.apple.CoreFoundation    0x907dce4c __CFRunLoopRun + 1556
32  com.apple.CoreFoundation    0x907dc47c CFRunLoopRunSpecific + 268
33  com.apple.HIToolbox         0x93208740 RunCurrentEventLoopInMode + 264
34  com.apple.HIToolbox         0x93207dd4 ReceiveNextEventCommon + 380
35  com.apple.HIToolbox         0x93207c40
BlockUntilNextEventMatchingListInMode + 96
36  com.apple.AppKit            0x9370cae4 _DPSNextEvent + 384
37  com.apple.AppKit            0x9370c7a8 -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
38  com.apple.Safari            0x00006740 0x1000 + 22336
39  com.apple.AppKit            0x93708cec -[NSApplication run] + 472
40  com.apple.AppKit            0x937f987c NSApplicationMain + 452
41  com.apple.Safari            0x0005c77c 0x1000 + 374652
42  com.apple.Safari            0x0005c624 0x1000 + 374308


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list