[Webkit-unassigned] [Bug 19762] New: Crash in svg/webarchive/svg-cursor-subresources.svg

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 25 00:07:02 PDT 2008 

https://bugs.webkit.org/show_bug.cgi?id=19762

           Summary: Crash in svg/webarchive/svg-cursor-subresources.svg
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P1
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ap at webkit.org
                CC: rwlbuis at gmail.com


I'm getting a semi-reproducible crash in
svg/webarchive/svg-cursor-subresources.svg. When run twice in a row, it crashes
almost reliably.

run-webkit-tests svg/webarchive/svg-cursor-subresources.svg
svg/webarchive/svg-cursor-subresources.svg

Looks like SVGCursorElement is used after being deleted:

#0      0x0285e004 in WTF::IdentityHashTranslator<WebCore::SVGElement*,
WebCore::SVGElement*, WTF::PtrHash<WebCore::SVGElement*> >::equal at
HashTable.h:269
#1      0x0285e51a in WTF::HashTable<WebCore::SVGElement*,
WebCore::SVGElement*, WTF::IdentityExtractor<WebCore::SVGElement*>,
WTF::PtrHash<WebCore::SVGElement*>, WTF::HashTraits<WebCore::SVGElement*>,
WTF::HashTraits<WebCore::SVGElement*> >::lookup<WebCore::SVGElement*,
WTF::IdentityHashTranslator<WebCore::SVGElement*, WebCore::SVGElement*,
WTF::PtrHash<WebCore::SVGElement*> > > at HashTable.h:479
#2      0x0285e59e in WTF::HashTable<WebCore::SVGElement*,
WebCore::SVGElement*, WTF::IdentityExtractor<WebCore::SVGElement*>,
WTF::PtrHash<WebCore::SVGElement*>, WTF::HashTraits<WebCore::SVGElement*>,
WTF::HashTraits<WebCore::SVGElement*> >::find<WebCore::SVGElement*,
WTF::IdentityHashTranslator<WebCore::SVGElement*, WebCore::SVGElement*,
WTF::PtrHash<WebCore::SVGElement*> > > at HashTable.h:751
#3      0x0285e604 in WTF::HashTable<WebCore::SVGElement*,
WebCore::SVGElement*, WTF::IdentityExtractor<WebCore::SVGElement*>,
WTF::PtrHash<WebCore::SVGElement*>, WTF::HashTraits<WebCore::SVGElement*>,
WTF::HashTraits<WebCore::SVGElement*> >::find at HashTable.h:314
#4      0x02d7a2f8 in WTF::HashSet<WebCore::SVGElement*,
WTF::PtrHash<WebCore::SVGElement*>, WTF::HashTraits<WebCore::SVGElement*>
>::find at HashSet.h:163
#5      0x02d7a4af in WTF::HashSet<WebCore::SVGElement*,
WTF::PtrHash<WebCore::SVGElement*>, WTF::HashTraits<WebCore::SVGElement*>
>::remove at HashSet.h:231
#6      0x02d78b90 in WebCore::SVGCursorElement::removeClient at
SVGCursorElement.cpp:76
#7      0x0285d39c in WebCore::CSSCursorImageValue::~CSSCursorImageValue at
CSSCursorImageValue.cpp:73
#8      0x02856f5c in WTF::RefCounted<WebCore::StyleBase>::deref at
RefCounted.h:53
#9      0x028bca36 in WTF::RefPtr<WebCore::CSSValue>::~RefPtr at RefPtr.h:51
#10     0x028bca49 in WTF::RefPtr<WebCore::CSSValue>::~RefPtr at RefPtr.h:51
#11     0x02872e7b in WTF::VectorDestructor<true,
WTF::RefPtr<WebCore::CSSValue> >::destruct at Vector.h:54
#12     0x02872ea4 in WTF::VectorTypeOperations<WTF::RefPtr<WebCore::CSSValue>
>::destruct at Vector.h:209
#13     0x02872f22 in WTF::Vector<WTF::RefPtr<WebCore::CSSValue>, 0ul>::shrink
at Vector.h:656
#14     0x02872f54 in WTF::Vector<WTF::RefPtr<WebCore::CSSValue>, 0ul>::clear
at Vector.h:469
#15     0x02872f67 in WTF::Vector<WTF::RefPtr<WebCore::CSSValue>, 0ul>::~Vector
at Vector.h:420
#16     0x02872f89 in WTF::Vector<WTF::RefPtr<WebCore::CSSValue>, 0ul>::~Vector
at Vector.h:420
#17     0x028cfcd9 in WebCore::CSSValueList::~CSSValueList at
CSSValueList.cpp:49
#18     0x02856f5c in WTF::RefCounted<WebCore::StyleBase>::deref at
RefCounted.h:53
#19     0x028bca36 in WTF::RefPtr<WebCore::CSSValue>::~RefPtr at RefPtr.h:51
#20     0x028bca49 in WTF::RefPtr<WebCore::CSSValue>::~RefPtr at RefPtr.h:51
#21     0x02838898 in WebCore::CSSProperty::~CSSProperty at CSSProperty.h:32
#22     0x028388ab in WebCore::CSSProperty::~CSSProperty at CSSProperty.h:32
#23     0x02872722 in
WebCore::DeprecatedValueListNode<WebCore::CSSProperty>::~DeprecatedValueListNode
at DeprecatedValueList.h:36
#24     0x02872735 in
WebCore::DeprecatedValueListNode<WebCore::CSSProperty>::~DeprecatedValueListNode
at DeprecatedValueList.h:36
#25     0x02874227 in
WebCore::DeprecatedValueList<WebCore::CSSProperty>::deleteNode at
DeprecatedValueList.h:136
#26     0x02985023 in WebCore::DeprecatedValueListImpl::Private::deleteList at
DeprecatedValueListImpl.cpp:108
#27     0x02985b9f in WebCore::DeprecatedValueListImpl::Private::~Private at
DeprecatedValueListImpl.cpp:74
#28     0x02985bbd in WebCore::DeprecatedValueListImpl::Private::~Private at
DeprecatedValueListImpl.cpp:75
#29     0x02985d4a in
WTF::RefCounted<WebCore::DeprecatedValueListImpl::Private>::deref at
RefCounted.h:53
#30     0x02985dfb in
WTF::RefPtr<WebCore::DeprecatedValueListImpl::Private>::~RefPtr at RefPtr.h:51
#31     0x02985e0f in
WTF::RefPtr<WebCore::DeprecatedValueListImpl::Private>::~RefPtr at RefPtr.h:51
#32     0x029852bb in
WebCore::DeprecatedValueListImpl::~DeprecatedValueListImpl at
DeprecatedValueListImpl.cpp:125
#33     0x029852cf in
WebCore::DeprecatedValueListImpl::~DeprecatedValueListImpl at
DeprecatedValueListImpl.cpp:125
#34     0x0286e61f in
WebCore::DeprecatedValueList<WebCore::CSSProperty>::~DeprecatedValueList at
DeprecatedValueList.h:89
#35     0x0286e633 in
WebCore::DeprecatedValueList<WebCore::CSSProperty>::~DeprecatedValueList at
DeprecatedValueList.h:89
#36     0x02874263 in
WebCore::CSSMutableStyleDeclaration::~CSSMutableStyleDeclaration at
CSSMutableStyleDeclaration.h:34
#37     0x02856f5c in WTF::RefCounted<WebCore::StyleBase>::deref at
RefCounted.h:53
#38     0x02983e7a in
WTF::RefPtr<WebCore::CSSMutableStyleDeclaration>::operator= at RefPtr.h:119
#39     0x02e7dc70 in WebCore::StyledElement::destroyInlineStyleDecl at
StyledElement.cpp:145
#40     0x02e7e6b0 in WebCore::StyledElement::~StyledElement at
StyledElement.cpp:124
#41     0x02d84c18 in WebCore::SVGElement::~SVGElement at SVGElement.cpp:58
#42     0x02e2fb17 in WebCore::SVGStyledElement::~SVGStyledElement at
SVGStyledElement.cpp:55
#43     0x02e32091 in
WebCore::SVGStyledLocatableElement::~SVGStyledLocatableElement at
SVGStyledLocatableElement.cpp:43
#44     0x02e32ed5 in
WebCore::SVGStyledTransformableElement::~SVGStyledTransformableElement at
SVGStyledTransformableElement.cpp:47
#45     0x02e0a0f8 in WebCore::SVGRectElement::~SVGRectElement at
SVGRectElement.cpp:50
#46     0x028fc1d6 in WebCore::ContainerNode::removeAllChildren at
ContainerNode.cpp:111
#47     0x02991001 in WebCore::Document::removedLastRef at Document.cpp:376
#48     0x02856d43 in WebCore::TreeShared<WebCore::Node>::deref at
TreeShared.h:69
#49     0x028581b7 in WTF::RefPtr<WebCore::Node>::~RefPtr at RefPtr.h:51
#50     0x02e388dd in WTF::RefPtr<WebCore::Node>::~RefPtr at RefPtr.h:51
#51     0x02baa910 in WebCore::JSNode::~JSNode at JSNode.cpp:185
#52     0x02b25c44 in WebCore::JSEventTargetNode::~JSEventTargetNode at
JSEventTargetNode.h:39
#53     0x02b554b5 in WebCore::JSDocument::~JSDocument at JSDocument.cpp:235
#54     0x02bcfd34 in WebCore::JSSVGDocument::~JSSVGDocument at
JSSVGDocument.h:33
#55     0x02bcfd65 in WebCore::JSSVGDocument::~JSSVGDocument at
JSSVGDocument.h:33
#56     0x0032e1fe in KJS::Heap::sweep<(KJS::Heap::HeapType)0> at
collector.cpp:910
#57     0x002eaad9 in KJS::Heap::collect at collector.cpp:986
#58     0x02a4ded0 in WebCore::GCController::gcTimerFired at
GCController.cpp:72
#59     0x02a4e175 in WebCore::Timer<WebCore::GCController>::fired at
Timer.h:99
#60     0x02e97b6e in WebCore::TimerBase::fireTimers at Timer.cpp:347
#61     0x02e97c16 in WebCore::TimerBase::sharedTimerFired at Timer.cpp:368


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list