[Webkit-unassigned] [Bug 18444] New: Crash in WebCore::ScrollView::update on SVG test : full-color-prof-01-f.svg
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Apr 12 14:41:02 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=18444
Summary: Crash in WebCore::ScrollView::update on SVG test : full-
color-prof-01-f.svg
Product: WebKit
Version: 526+ (Nightly build)
Platform: PC
OS/Version: Linux
Status: UNCONFIRMED
Severity: Major
Priority: P2
Component: WebKit Gtk
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mh+webkit at glandium.org
I get a crash on the following SVG testcase with r31841:
http://www.w3.org/Graphics/SVG/Test/20061213/svgHarness/full-color-prof-01-f.svg
FWIW, this is happening on the Gtk Port, built with gcc 4.2.3 on x86_64.
The build happened with with -O2 and -g, but not with --enable-debug.
Backtrace follows:
$ gdb /usr/lib/webkit-1.0/GtkLauncher
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(gdb) set pagination off
(gdb) run
http://www.w3.org/Graphics/SVG/Test/20061213/svgHarness/full-color-prof-01-f.svg
Starting program: /usr/lib/webkit-1.0/GtkLauncher
http://www.w3.org/Graphics/SVG/Test/20061213/svgHarness/full-color-prof-01-f.svg
[Thread debugging using libthread_db enabled]
warning: Lowest section in /usr/lib/libicudata.so.38 is .hash at
0000000000000120
[New Thread 0x2b4b69604520 (LWP 7033)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x2b4b69604520 (LWP 7033)]
0x00002b4b5f79e7ab in WebCore::ScrollView::update (this=0x2b4b6a9faaf8) at
../WebCore/platform/gtk/ScrollViewGtk.cpp:331
331 ../WebCore/platform/gtk/ScrollViewGtk.cpp: No such file or directory.
in ../WebCore/platform/gtk/ScrollViewGtk.cpp
Current language: auto; currently c++
(gdb) bt full
#0 0x00002b4b5f79e7ab in WebCore::ScrollView::update (this=0x2b4b6a9faaf8) at
../WebCore/platform/gtk/ScrollViewGtk.cpp:331
rect = {x = 0, y = 0, width = 0, height = 0}
#1 0x00002b4b5f91f9c2 in WebCore::Document::implicitClose
(this=0x2b4b6aa29b00) at ../WebCore/dom/Document.cpp:1580
wasLocationChangePending = <value optimized out>
#2 0x00002b4b5fa4b482 in WebCore::FrameLoader::checkCompleted
(this=0x2b4b6aaa4400) at ../WebCore/loader/FrameLoader.cpp:1287
No locals.
#3 0x00002b4b5fa4ccfe in WebCore::FrameLoader::finishedParsing (this=0x0) at
../WebCore/loader/FrameLoader.cpp:1237
No locals.
#4 0x00002b4b5f919ba2 in WebCore::Document::finishedParsing
(this=0x2b4b6aa29b00) at ../WebCore/dom/Document.cpp:3669
f = <value optimized out>
ec = 0
#5 0x00002b4b5fa4e9fc in WebCore::FrameLoader::endIfNotLoadingMainResource
(this=0x2b4b6aaa4400) at ../WebCore/loader/FrameLoader.cpp:1063
No locals.
#6 0x00002b4b5fc79abd in WebCore::SVGImage::dataChanged (this=0x2b4b6a9fab40,
allDataReceived=<value optimized out>) at
../WebCore/svg/graphics/SVGImage.cpp:215
fakeRequest = {<WebCore::ResourceRequestBase> = {static
defaultTimeoutInterval = 60, m_url = {m_string = {m_impl = {m_ptr =
0x2b4b601281a0}}, m_isValid = false, m_schemeEnd = 0, m_userStart = 0,
m_userEnd = 0, m_passwordEnd = 0, m_hostEnd = 0, m_portEnd = 0,
m_pathAfterLastSlash = 0, m_pathEnd = 0, m_queryEnd = 0, m_fragmentEnd = 0},
m_cachePolicy = WebCore::UseProtocolCachePolicy, m_timeoutInterval = 60,
m_mainDocumentURL = {m_string = {m_impl = {m_ptr = 0x0}}, m_isValid = false,
m_schemeEnd = 0, m_userStart = 0, m_userEnd = 0, m_passwordEnd = 0, m_hostEnd =
0, m_portEnd = 0, m_pathAfterLastSlash = 0, m_pathEnd = 0, m_queryEnd = 0,
m_fragmentEnd = 0}, m_httpMethod = {m_impl = {m_ptr = 0x2b4b6aaa3450}},
m_httpHeaderFields = {m_impl = {static m_minTableSize = 64, static m_maxLoad =
2, static m_minLoad = 6, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0,
m_keyCount = 0, m_deletedCount = 0}}, m_httpBody = {m_ptr = 0x0},
m_allowHTTPCookies = true, m_resourceRequestUpdated = true,
m_platformRequestUpdated = false}, <No data fields>}
dummyChromeClient = (class WebCore::ChromeClient *) 0x2b4b6a9f6618
dummyFrameLoaderClient = (class WebCore::FrameLoaderClient *)
0x2b4b6a9f6608
dummyEditorClient = (class WebCore::EditorClient *) 0x2b4b6a9f6600
dummyContextMenuClient = (class WebCore::ContextMenuClient *)
0x2b4b6a9f6610
dummyDragClient = (class WebCore::DragClient *) 0x2b4b6a9f67f8
dummyInspectorClient = (class WebCore::InspectorClient *)
0x2b4b6a9f67f0
#7 0x00002b4b5fabf364 in WebCore::Image::setData (this=0x2b4b6a9fab40,
data=<value optimized out>, allDataReceived=false) at
../WebCore/platform/graphics/Image.cpp:72
No locals.
#8 0x00002b4b5fa2b81f in WebCore::CachedImage::data (this=0x2b4b6aa49c60,
data=<value optimized out>, allDataReceived=false) at
../WebCore/loader/CachedImage.cpp:233
sizeAvailable = <value optimized out>
#9 0x00002b4b5fa5cb4c in WebCore::Loader::Host::didFinishLoading
(this=0x2b4b6a9fd510, loader=0x2b4b6aa91c80) at
../WebCore/loader/loader.cpp:268
request = (class WebCore::Request *) 0x2b4b6aa65990
docLoader = (class WebCore::DocLoader *) 0x2b4b6a9fdea0
resource = (class WebCore::CachedResource *) 0x2b4b6aa49c60
#10 0x00002b4b5fa67fe3 in WebCore::SubresourceLoader::didFinishLoading
(this=0x2b4b6aa91c80) at ../WebCore/loader/SubresourceLoader.cpp:193
No locals.
#11 0x00002b4b5fb81d64 in WebCore::ResourceHandleManager::downloadTimerCallback
(this=0x2b4b6aa7ad80, timer=<value optimized out>) at
../WebCore/platform/network/curl/ResourceHandleManager.cpp:340
msg = (CURLMsg *) 0x897660
handle = <value optimized out>
job = (class WebCore::ResourceHandle *) 0x630900
messagesInQueue = 0
d = <value optimized out>
fdread = {fds_bits = {1536, 0 <repeats 15 times>}}
fdwrite = {fds_bits = {0 <repeats 16 times>}}
fdexcep = {fds_bits = {0 <repeats 16 times>}}
maxfd = 10
timeout = {tv_sec = 0, tv_usec = 5000}
rc = <value optimized out>
runningHandles = 1
started = <value optimized out>
#12 0x00002b4b5fada763 in WebCore::TimerBase::fireTimers
(fireTime=1208036241.1094639, firingTimers=@0x7fff4b7858d0) at
../WebCore/platform/Timer.cpp:347
timer = (class WebCore::TimerBase *) 0x2b4b6aa7ad80
interval = <value optimized out>
i = 0
#13 0x00002b4b5fada81b in WebCore::TimerBase::sharedTimerFired () at
../WebCore/platform/Timer.cpp:368
fireTime = 1208036241.1094639
firingTimers = {m_size = 1, m_buffer =
{<WTF::VectorBufferBase<WebCore::TimerBase*>> = {<WTFNoncopyable::Noncopyable>
= {<No data fields>}, m_buffer = 0x2b4b6aa9bb80, m_capacity = 16}, <No data
fields>}}
firingTimersSet = {m_impl = {static m_minTableSize = 64, static
m_maxLoad = 2, static m_minLoad = 6, m_table = 0x2b4b6aa01600, m_tableSize =
64, m_tableSizeMask = 63, m_keyCount = 0, m_deletedCount = 1}}
#14 0x00002b4b5f7a0e22 in timeout_cb () at
../WebCore/platform/gtk/SharedTimerGtk.cpp:48
No locals.
#15 0x00002b4b60ee681b in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#16 0x00002b4b60ee60f2 in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
No symbol table info available.
#17 0x00002b4b60ee9396 in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#18 0x00002b4b60ee9657 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#19 0x00002b4b607f6b63 in IA__gtk_main () at
/build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:1163
tmp_list = (GList *) 0x62b0b0
functions = (GList *) 0x0
init = (GtkInitFunction *) 0x662280
loop = (GMainLoop *) 0x881fb0
#20 0x0000000000401e9b in main (argc=2, argv=0x7fff4b785c18) at
../WebKitTools/GtkLauncher/main.c:200
vbox = (GtkWidget *) 0x62b0b0
uri = <value optimized out>
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list