[Webkit-unassigned] [Bug 21183] New: REGRESSION: Reproducible crash running svg/dynamic-updates/SVGCursorElement-svgdom-x-prop.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Sep 27 15:16:14 PDT 2008


https://bugs.webkit.org/show_bug.cgi?id=21183

           Summary: REGRESSION: Reproducible crash running svg/dynamic-
                    updates/SVGCursorElement-svgdom-x-prop.html
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.5
            Status: NEW
          Keywords: NeedsReduction, Regression, NeedsRadar, ReviewedForRadar
          Severity: Normal
          Priority: P2
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mrowe at apple.com


The buildbots at build.webkit.org frequently report a crash in
svg/dynamic-updates/SVGCursorElement-svgdom-x-prop.html while running the
layout tests.  I am able to reproduce this crash 100% of the time locally if I
run DumpRenderTree under guard malloc:

$ gdb --args ./WebKitBuild/Debug/DumpRenderTree
LayoutTests/svg/dynamic-updates/SVGCursorElement-svgdom-x-prop.html
(gdb) set env DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib
(gdb) r
...
...
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xd0650f24
0x036f4196 in WebCore::QualifiedName::matches (this=0xd0650f24,
other=@0x4a2a65c) at dom/QualifiedName.h:63
63          bool matches(const QualifiedName& other) const { return m_impl ==
other.m_impl || (localName() == other.localName() && namespaceURI() ==
other.namespaceURI()); }
(gdb) bt 15
#0  0x036f4196 in WebCore::QualifiedName::matches (this=0xd0650f24,
other=@0x4a2a65c) at dom/QualifiedName.h:63
#1  0x03663897 in WebCore::Element::hasTagName (this=0xd0650ef0,
tagName=@0x4a2a65c) at dom/Element.h:98
#2  0x03689e50 in resourceReferencedByCursorElement (fragmentId=@0xbfffeb44,
document=0xc9c0b860) at WebCore/css/CSSCursorImageValue.cpp:48
#3  0x0368a4e1 in WebCore::CSSCursorImageValue::~CSSCursorImageValue
(this=0xd0748fb0) at WebCore/css/CSSCursorImageValue.cpp:73
#4  0x03c3783d in WTF::RefCounted<WebCore::StyleBase>::deref (this=0xd0748fb4)
at RefCounted.h:96
#5  0x036851fe in WTF::RefPtr<WebCore::CSSValue>::~RefPtr (this=0xd074afc0) at
RefPtr.h:50
#6  0x03685211 in WTF::RefPtr<WebCore::CSSValue>::~RefPtr (this=0xd074afc0) at
RefPtr.h:50
#7  0x036a841b in WTF::VectorDestructor<true, WTF::RefPtr<WebCore::CSSValue>
>::destruct (begin=0xd074afc0, end=0xd074afc4) at Vector.h:80
#8  0x036a8444 in WTF::VectorTypeOperations<WTF::RefPtr<WebCore::CSSValue>
>::destruct (begin=0xd074afc0, end=0xd074afc4) at Vector.h:235
#9  0x036a84c2 in WTF::Vector<WTF::RefPtr<WebCore::CSSValue>, 0ul>::shrink
(this=0xd071afe4, size=0) at Vector.h:694
#10 0x036a84f4 in WTF::Vector<WTF::RefPtr<WebCore::CSSValue>, 0ul>::clear
(this=0xd071afe4) at Vector.h:496
#11 0x036a8507 in WTF::Vector<WTF::RefPtr<WebCore::CSSValue>, 0ul>::~Vector
(this=0xd071afe4) at Vector.h:445
#12 0x036a8529 in WTF::Vector<WTF::RefPtr<WebCore::CSSValue>, 0ul>::~Vector
(this=0xd071afe4) at Vector.h:445
#13 0x03712451 in WebCore::CSSValueList::~CSSValueList (this=0xd071afd0) at
WebCore/css/CSSValueList.cpp:49
#14 0x03c3783d in WTF::RefCounted<WebCore::StyleBase>::deref (this=0xd071afd4)
at RefCounted.h:96


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list