[Webkit-unassigned] [Bug 15966] New: [GTK] Crash in SVGRootInlineBox::walkTextChunks() on mouse hover

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 13 05:16:40 PST 2007 

http://bugs.webkit.org/show_bug.cgi?id=15966

           Summary: [GTK] Crash in SVGRootInlineBox::walkTextChunks() on
                    mouse hover
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: All
               URL: http://www.croczilla.com/svg/samples/paths1/paths1.xml
        OS/Version: All
            Status: NEW
          Keywords: Gtk, Cairo
          Severity: Normal
          Priority: P2
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: alp at atoker.com


The crash happens at:

http://www.croczilla.com/svg/samples/paths1/paths1.xml

when the mouse is moved over SVG text.

The problem line is in SVGRootInlineBox.cpp:
  Vector<SVGInlineBoxCharacterRange>::iterator boxIt = curChunk.boxes.begin();



Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1521379120 (LWP 19211)]
0xa766b51e in
WTF::VectorBufferBase<WebCore::SVGInlineBoxCharacterRange>::buffer (this=0x191)
at ../../../JavaScriptCore/wtf/Vector.h:260
260             T* buffer() { return m_buffer; }
(gdb) bt
#0  0xa766b51e in
WTF::VectorBufferBase<WebCore::SVGInlineBoxCharacterRange>::buffer (this=0x191)
at ../../../JavaScriptCore/wtf/Vector.h:260
#1  0xa766b536 in WTF::Vector<WebCore::SVGInlineBoxCharacterRange, 0u>::data (
    this=0x18d) at ../../../JavaScriptCore/wtf/Vector.h:438
#2  0xa766b549 in WTF::Vector<WebCore::SVGInlineBoxCharacterRange, 0u>::begin (
    this=0x18d) at ../../../JavaScriptCore/wtf/Vector.h:441
#3  0xa77e3917 in WebCore::SVGRootInlineBox::walkTextChunks (this=0x817f894, 
    walker=0xaff117fc, textBox=0x81b21e4)
    at ../../../WebCore/rendering/SVGRootInlineBox.cpp:1575
#4  0xa77e159a in WebCore::SVGInlineTextBox::selectionRect (this=0x81b21e4, 
    startPos=0, endPos=32)
    at ../../../WebCore/rendering/SVGInlineTextBox.cpp:312
#5  0xa77e180c in WebCore::SVGInlineTextBox::nodeAtPoint (this=0x81b21e4, 
    request=@0xaff12308, result=@0xaff12198, x=149, y=46, tx=0, ty=0)
    at ../../../WebCore/rendering/SVGInlineTextBox.cpp:291
#6  0xa75b6ded in WebCore::InlineFlowBox::nodeAtPoint (this=0x817f894, 
    request=@0xaff12308, result=@0xaff12198, x=149, y=46, tx=0, ty=0)
    at ../../../WebCore/rendering/InlineFlowBox.cpp:582
#7  0xa766718d in WebCore::RootInlineBox::nodeAtPoint (this=0x817f894, 
    request=@0xaff12308, result=@0xaff12198, x=149, y=46, tx=0, ty=0)
    at ../../../WebCore/rendering/RootInlineBox.cpp:180
#8  0xa75f4851 in WebCore::RenderFlow::hitTestLines (this=0x8172ae4, 
    request=@0xaff12308, result=@0xaff12198, x=149, y=46, tx=0, ty=0, 
---Type <return> to continue, or q <return> to quit---hitTestActQuit
) at ../../../WebCore/rendering/RenderFlow.cpp:471
#9  0xa75c897b in WebCore::RenderBlock::hitTestContents (this=0x8172ae4, 
    request=@0xaff12308, result=@0xaff12198, x=149, y=46, tx=0, ty=0, 
    hitTestAction=WebCore::HitTestForeground)
    at ../../../WebCore/rendering/RenderBlock.cpp:2948
q#10 0xa75c8dda in WebCore::RenderBlock::nodeAtPoint (this=0x8172ae4, 
    request=@0xaff12308, result=@0xaff12198, _x=149, _y=46, _tx=0, _ty=0, 
    hitTestAction=WebCore::HitTestForeground)
    at ../../../WebCore/rendering/RenderBlock.cpp:2868
#11 0xa77d2654 in WebCore::RenderForeignObject::nodeAtPoint (this=0x8172ae4, 
    request=@0xaff12308, result=@0xaff12198, x=209, y=106, tx=0, ty=0, 
    hitTestAction=WebCore::HitTestForeground)
    at ../../../WebCore/rendering/RenderForeignObject.cpp:127
#12 0xa77d50a5 in WebCore::RenderSVGContainer::nodeAtPoint (this=0x8389dec, 
    request=@0xaff12308, result=@0xaff12198, _x=209, _y=106, _tx=0, _ty=0, 
    hitTestAction=WebCore::HitTestForeground)
    at ../../../WebCore/rendering/RenderSVGContainer.cpp:415
#13 0xa77d914c in WebCore::RenderSVGRoot::nodeAtPoint (this=0x8177ed4, 
    request=@0xaff12308, result=@0xaff12198, _x=209, _y=106, _tx=0, _ty=0, 
    hitTestAction=WebCore::HitTestForeground)
    at ../../../WebCore/rendering/RenderSVGRoot.cpp:291
#14 0xa76171b6 in WebCore::RenderObject::hitTest (this=0x8177ed4, 
    request=@0xaff12308, result=@0xaff12198, point=@0xaff12150, tx=0, ty=0, 
---Type <return> to continue, or q <return> to quit---
    hitTestFilter=WebCore::HitTestDescendants)
    at ../../../WebCore/rendering/RenderObject.cpp:2588
#15 0xa76055f4 in WebCore::RenderLayer::hitTestLayer (this=0x80d01e4, 
    rootLayer=0x80d0324, request=@0xaff12308, result=@0xaff12198, 
    hitTestRect=@0xaff12130, hitTestPoint=@0xaff12150)
    at ../../../WebCore/rendering/RenderLayer.cpp:1733
#16 0xa760547f in WebCore::RenderLayer::hitTestLayer (this=0x80d0324, 

    rootLayer=0x80d0324, request=@0xaff12308, result=@0xaff12198, 
    hitTestRect=@0xaff12130, hitTestPoint=@0xaff12150)
    at ../../../WebCore/rendering/RenderLayer.cpp:1717
#17 0xa7605a4d in WebCore::RenderLayer::hitTest (this=0x80d0324, 
    request=@0xaff12308, result=@0xaff12198)
    at ../../../WebCore/rendering/RenderLayer.cpp:1639


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list