[Webkit-unassigned] [Bug 12065] Removing a SVG animation target during animation crashes WebKit
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 12 04:41:51 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=12065
Dirk Schulze <krit at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |krit at webkit.org
--- Comment #12 from Dirk Schulze <krit at webkit.org> 2010-11-12 04:41:50 PST ---
(In reply to comment #0)
> Removing an animation target during animation crashes WebKit
>
> SVGAnimationElement does not hold its target in a RefPtr. Thus if you remove the target during animation, WebKit will crash.
>
> A simple fix is to remove the m_targetElement cache. The only problem then becomes un-applying any animations once it's no longer the target of animations. Perhaps SVGElement should override setId to clear any animVals on the object. Not sure. That can be tracked with a separate bug after the crash has been fixed.
We don't save m_targetElement anymore, so this bug is no longer valid. Nevertheless, I plan to re implement m_targetElement with bug 49437, but refcounted. The test didn't crash with this patch either. I'd like to upload the test in the attachment before closing this bug. Upload a a patch here soon.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list